Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
"Clickcompare" Virus trotz Schutzprogramm?

"Clickcompare" Virus trotz Schutzprogramm?


Plagegeister aller Art und deren Bekämpfung: "Clickcompare" Virus trotz Schutzprogramm?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 3 1 23
Alt 29.12.2012, 18:35   #1
scholzi
 
"Clickcompare" Virus trotz Schutzprogramm? - Unglücklich

"Clickcompare" Virus trotz Schutzprogramm?


Guten Tag,
ich habe seit wenigen Wochen unter gewissen Wörter immer eine Weiterleitung mit "clickcompare" jetzt hatte ich es mal gegoogelt und erkannt das es ein Virus sei 0.Ö

Ich frage mich aber wie diesen Virus bekam, da ich kein Mist runterlade und auch Kaspersky 2013 besitze.
Ich habe leider absolut keine Ahnung was solchen Sachen angeht, und bitte um eure / ihre professionelle Hilfe!!

Parallel zu diesen Posting habe ich natürlich Kaspersky beauftrag mein PC gründlich zu scannen. Dies dauert jedoch noch ein paar Stunden.

Bis jetzt gibt es noch KEINEN Fund. Kann es sein das Kaspersky trotzdem etwas übersieht?

Welche Schritte soll ich noch eingehen, ich will ungern alles neu auf dem Rechner machen müssen.

Vielen Danke
Chris

Alt 29.12.2012, 18:41   #2
markusg
/// Malware-holic
 
"Clickcompare" Virus trotz Schutzprogramm? - Standard

"Clickcompare" Virus trotz Schutzprogramm?


Hi
brich Kaspersky erst mal ab.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________
Alt 29.12.2012, 19:20   #3
scholzi
 
"Clickcompare" Virus trotz Schutzprogramm? - Standard

"Clickcompare" Virus trotz Schutzprogramm?


Hallo,
ich habe die Scanns durchgeführt
Ich muss leider 2x Antworten, da es anscheinend zu lang ist.

OTL
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.12.2012 19:00:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 5,78 Gb Available Physical Memory | 72,62% Memory free
15,91 Gb Paging File | 13,29 Gb Available in Paging File | 83,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 270,45 Gb Total Space | 165,50 Gb Free Space | 61,20% Space Free | Partition Type: NTFS
Drive D: | 195,21 Gb Total Space | 195,12 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.29 18:51:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Downloads\OTL.exe
PRC - [2012.12.10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.11.29 22:59:32 | 008,212,480 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
PRC - [2012.11.15 16:12:42 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012.09.28 15:27:48 | 001,652,736 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\SLSTaskbar.exe
PRC - [2012.09.06 12:12:20 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2012.08.17 20:38:34 | 000,128,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
PRC - [2012.08.09 22:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.02.26 15:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.02.15 19:13:12 | 003,111,552 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe
PRC - [2012.02.08 02:10:34 | 001,111,680 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
PRC - [2012.02.07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.02 14:20:32 | 000,889,984 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe
PRC - [2012.02.02 10:56:35 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
PRC - [2012.02.02 02:19:52 | 001,117,824 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
PRC - [2012.01.26 18:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.01.13 05:44:01 | 001,478,272 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe
PRC - [2012.01.10 08:39:40 | 001,501,824 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
PRC - [2012.01.04 13:13:24 | 001,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
PRC - [2011.10.29 02:59:26 | 000,918,448 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
PRC - [2011.09.08 20:29:12 | 001,112,704 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2010.11.26 20:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2009.03.30 14:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
PRC - [2006.12.22 12:42:16 | 000,064,288 | ---- | M] (Logitech Inc.) -- c:\program files (x86)\common files\logishrd\lvmvfm\LVPrS64H.exe
PRC - [2006.12.22 12:31:28 | 000,244,512 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe
PRC - [2006.12.22 12:28:26 | 000,756,248 | ---- | M] () -- C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006.12.22 12:27:28 | 000,497,176 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2006.12.22 12:26:54 | 000,173,080 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.17 20:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2012.05.30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.05.30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.02.15 12:42:16 | 000,150,528 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\gep.dll
MOD - [2012.02.13 08:53:06 | 000,883,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
MOD - [2012.02.10 10:29:44 | 001,047,040 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
MOD - [2012.02.09 16:09:38 | 001,118,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll
MOD - [2012.02.02 14:12:48 | 000,786,432 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dll
MOD - [2011.12.29 19:45:12 | 001,296,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
MOD - [2011.12.28 18:13:20 | 000,043,520 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
MOD - [2011.10.14 19:03:22 | 000,885,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
MOD - [2011.09.26 17:37:26 | 001,616,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2011.09.20 17:11:28 | 000,985,600 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
MOD - [2011.09.19 19:18:20 | 001,243,136 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
MOD - [2011.09.07 22:23:54 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
MOD - [2011.07.21 08:06:44 | 000,846,848 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
MOD - [2011.07.12 18:14:52 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
MOD - [2010.10.05 07:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
MOD - [2010.10.05 07:22:50 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dll
MOD - [2010.10.05 07:22:50 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
MOD - [2010.08.23 03:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll
MOD - [2010.01.02 15:42:28 | 000,018,207 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\mingwm10.dll
MOD - [2009.08.12 19:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll
MOD - [2009.02.27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
MOD - [2006.12.22 12:30:30 | 001,119,768 | ---- | M] () -- C:\Program Files (x86)\Logitech\QuickCam10\LAppRes.dll
MOD - [2006.12.22 12:28:26 | 000,756,248 | ---- | M] () -- C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe
MOD - [2006.12.22 12:27:52 | 000,022,040 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LCMServerPS.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.09.28 02:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.12.10 15:36:32 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.15 16:12:42 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.20 08:56:06 | 000,136,896 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.03.19 22:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.02.17 07:26:00 | 000,149,120 | R--- | M] (ASUSTeK Computer Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2012.02.07 16:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.07 16:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.07 16:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.02.02 16:14:36 | 000,336,248 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\avmike.exe -- (avmike)
SRV - [2012.02.02 10:56:35 | 000,951,936 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe -- (asHmComSvc)
SRV - [2012.01.13 05:44:01 | 001,478,272 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe -- (AsusFanControlService)
SRV - [2011.10.31 16:39:56 | 000,189,304 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv)
SRV - [2011.10.31 16:39:42 | 000,143,736 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!Fernzugang\certsrv.exe -- (certsrv)
SRV - [2011.10.29 02:59:26 | 000,918,448 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe -- (asComSvc)
SRV - [2011.05.27 10:07:36 | 000,160,768 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.12.22 12:43:24 | 000,172,832 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006.12.22 12:42:04 | 000,172,832 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.11.15 16:16:13 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.11.15 16:16:13 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.09.28 03:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.09.28 02:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.09.18 15:34:54 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012.09.18 15:34:54 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.13 15:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012.08.02 14:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.07.03 11:58:00 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetadb.sys -- (andnetadb)
DRV:64bit: - [2012.07.03 11:50:00 | 000,036,352 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetmodem64.sys -- (ANDNetModem)
DRV:64bit: - [2012.07.03 11:50:00 | 000,029,184 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandnetdiag64.sys -- (AndNetDiag)
DRV:64bit: - [2012.06.19 16:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012.05.14 07:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.03.26 13:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012.03.19 22:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.26 18:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.01.26 18:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.01.26 18:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011.11.10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.09.29 10:30:34 | 000,646,248 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.09.15 05:33:32 | 000,141,896 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASUSumsc.sys -- (ASUSumsc)
DRV:64bit: - [2011.09.15 05:33:32 | 000,024,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASUSstpt.sys -- (ASUSstpt)
DRV:64bit: - [2011.08.12 11:13:36 | 000,032,360 | R--- | M] (NT Kernel Resources) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ndisrd.sys -- (ndisrd)
DRV:64bit: - [2011.07.05 19:44:42 | 000,412,024 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmnwim.sys -- (NWIM)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.08.17 18:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:64bit: - [2010.04.22 08:26:09 | 000,049,928 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2010.04.22 08:26:09 | 000,022,664 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2010.04.22 08:26:04 | 000,171,016 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK8014.sys -- (SaiK8014)
DRV:64bit: - [2009.10.07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009.10.07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009.10.07 08:45:38 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.02.07 12:21:12 | 000,250,152 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8187.sys -- (RTL8187)
DRV:64bit: - [2006.12.22 12:41:30 | 000,031,520 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV:64bit: - [2006.12.22 12:41:20 | 002,345,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV:64bit: - [2006.12.22 12:40:12 | 001,001,120 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVCKap64.sys -- (LVcKap64)
DRV - [2010.07.01 18:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 5C 4A A9 36 6C CD 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4
FF - prefs.js..extensions.enabledAddons: url_advisor%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: virtual_keyboard%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: content_blocker%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: online_banking%40kaspersky.com:13.0.1.4250
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?barid={657BB8AD-EC74-11E1-A49A-10BF4873948C}&src=2&crg=3.1010000.10001&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?barid={657BB8AD-EC74-11E1-A49A-10BF4873948C}&src=2&crg=3.1010000.10001&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Christian\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012.12.20 17:27:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012.12.20 17:27:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012.12.20 17:27:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012.12.20 17:27:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012.12.20 17:27:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.10 15:36:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.10 15:36:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.10 15:36:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.10 15:36:30 | 000,000,000 | ---D | M]
 
[2012.07.28 15:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions
[2012.12.19 13:37:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Firefox\Profiles\gt9py5em.default\extensions
[2012.12.14 17:04:24 | 000,216,743 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\gt9py5em.default\extensions\freehdsport@freehdsport.tv.xpi
[2012.12.04 18:29:19 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\gt9py5em.default\extensions\personas@christopher.beard.xpi
[2012.11.16 18:12:03 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\gt9py5em.default\extensions\toolbar@web.de.xpi
[2012.11.23 13:44:25 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\gt9py5em.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.06 07:34:48 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\gt9py5em.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.11.16 18:12:06 | 000,000,911 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\gt9py5em.default\searchplugins\11-suche.xml
[2012.11.16 18:12:06 | 000,002,273 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\gt9py5em.default\searchplugins\englische-ergebnisse.xml
[2012.11.16 18:12:06 | 000,010,563 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\gt9py5em.default\searchplugins\gmx-suche.xml
[2012.11.16 18:12:06 | 000,002,432 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\gt9py5em.default\searchplugins\lastminute.xml
[2012.08.22 17:14:16 | 000,003,915 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\gt9py5em.default\searchplugins\sweetim.xml
[2012.11.16 18:12:06 | 000,005,545 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\mozilla\firefox\profiles\gt9py5em.default\searchplugins\webde-suche.xml
[2012.12.10 15:36:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.10 15:36:29 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de
[2012.12.20 17:27:41 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2012.12.20 17:27:41 | 000,000,000 | ---D | M] (Content Blocker) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM
[2012.12.20 17:27:41 | 000,000,000 | ---D | M] (Safe Money) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ONLINE_BANKING@KASPERSKY.COM
[2012.12.20 17:27:41 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\URL_ADVISOR@KASPERSKY.COM
[2012.12.20 17:27:41 | 000,000,000 | ---D | M] (Virtual Keyboard) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM
[2012.12.10 15:36:32 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.12.10 15:36:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.10 15:36:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.12.10 15:36:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.12.10 15:36:31 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.12.10 15:36:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.12.10 15:36:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - homepage: 
CHR - Extension: Google Drive = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Google Mail = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiVolume] C:\Programme\Saitek\VolumeTracker\SaiVolume.exe (Saitek)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files (x86)\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Christian\AppData\Local\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB678920-281E-4DBE-8EA4-1E19B0FA6122}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E04767C9-2219-462A-AEF6-DA0316F2336F}: DhcpNameServer = 10.74.210.210 10.74.210.211
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{32b48c99-51af-11e2-b41e-10bf4873948c}\Shell - "" = AutoRun
O33 - MountPoints2\{32b48c99-51af-11e2-b41e-10bf4873948c}\Shell\AutoRun\command - "" = G:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.29 15:33:48 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\Prog
[2012.12.29 15:10:41 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\WindowsContactPictures
[2012.12.29 15:01:09 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\LG Electronics
[2012.12.29 14:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite
[2012.12.29 14:49:13 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\LG Electronics
[2012.12.29 14:48:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2012.12.29 11:31:46 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\PDF24
[2012.12.25 21:24:46 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\sound
[2012.12.25 21:00:16 | 000,000,000 | -HSD | C] -- C:\Users\Christian\wc
[2012.12.25 20:48:58 | 000,000,000 | -HSD | C] -- C:\Users\Christian\AppData\Roaming\wyUpdate AU
[2012.12.25 20:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simulationsprogramm Integrierte Leitstelle
[2012.12.25 20:48:49 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\ILS-SimV4
[2012.12.25 20:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BK Elektronik
[2012.12.22 19:50:05 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\FileZilla
[2012.12.22 19:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012.12.22 19:50:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2012.12.19 12:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.12.16 15:19:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.12.16 15:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.12.16 15:19:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.12.16 15:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012.12.13 20:11:25 | 000,000,000 | ---D | C] -- C:\Users\Christian\Application Data
[2012.12.13 20:04:19 | 000,000,000 | ---D | C] -- C:\Program Files\OfficeOne
[2012.12.11 20:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.12.11 20:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.12.10 15:36:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.09 18:56:02 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Skype
[2012.12.09 18:55:55 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.12.09 18:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.12.09 18:55:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.12.09 18:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.12.09 18:51:53 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Facebook
[2012.12.09 18:09:06 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screensaver BF3
[2012.12.09 18:09:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Screensaver
[2012.12.09 16:24:41 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012.12.02 10:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.11.30 20:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Borland
[2012.11.30 20:30:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EDP
[2012.11.29 20:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.29 18:43:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.29 18:14:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-431522603-206524160-444697413-1001UA.job
[2012.12.29 16:55:08 | 002,220,841 | ---- | M] () -- C:\Users\Christian\Desktop\Draufsicht.JPG
[2012.12.29 16:26:37 | 002,013,135 | ---- | M] () -- C:\Users\Christian\Desktop\heck.JPG
[2012.12.29 16:25:55 | 002,262,279 | ---- | M] () -- C:\Users\Christian\Desktop\IMG_0759.JPG
[2012.12.29 16:16:58 | 001,752,497 | ---- | M] () -- C:\Users\Christian\Desktop\IMG_0758.JPG
[2012.12.29 15:16:08 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.12.29 15:16:08 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.12.29 15:16:08 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.12.29 15:16:08 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.12.29 15:16:08 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.12.29 15:13:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_lgandnetadb_01005.Wdf
[2012.12.29 15:05:22 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\LG PC Suite.Lnk
[2012.12.29 14:43:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.29 13:07:11 | 000,020,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.29 13:07:11 | 000,020,496 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.29 12:59:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.12.29 12:59:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.29 12:59:34 | 2112,491,519 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.29 11:32:19 | 001,568,493 | ---- | M] () -- C:\Users\Christian\Desktop\CCI29122012_00000.jpg
[2012.12.28 17:43:48 | 000,001,424 | ---- | M] () -- C:\Users\Christian\Desktop\Bus-Simulator 2012 (Basic-Version).lnk
[2012.12.28 17:43:48 | 000,001,417 | ---- | M] () -- C:\Users\Christian\Desktop\Bus-Simulator 2012 (High-Version).lnk
[2012.12.28 10:41:02 | 000,413,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.28 10:14:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-431522603-206524160-444697413-1001Core.job
[2012.12.26 23:05:10 | 021,533,620 | ---- | M] () -- C:\Users\Christian\Desktop\QuickFix2.rar
[2012.12.25 20:48:50 | 000,002,681 | ---- | M] () -- C:\Users\Public\Desktop\ILS Sim V4 starten.lnk
[2012.12.25 12:09:43 | 000,540,346 | ---- | M] () -- C:\Users\Christian\Desktop\IMG_0736.JPG
[2012.12.17 17:15:17 | 000,000,680 | RHS- | M] () -- C:\Users\Christian\ntuser.pol
[2012.12.16 15:19:35 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.14 21:54:40 | 000,003,584 | ---- | M] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.11 18:56:22 | 000,014,124 | ---- | M] () -- C:\Users\Christian\Desktop\Namensstreifen_Preisliste.pdf
 
========== Files Created - No Company Name ==========
 
[2012.12.29 16:56:27 | 002,220,841 | ---- | C] () -- C:\Users\Christian\Desktop\Draufsicht.JPG
[2012.12.29 16:27:56 | 002,262,279 | ---- | C] () -- C:\Users\Christian\Desktop\IMG_0759.JPG
[2012.12.29 16:27:56 | 002,013,135 | ---- | C] () -- C:\Users\Christian\Desktop\heck.JPG
[2012.12.29 16:27:56 | 001,752,497 | ---- | C] () -- C:\Users\Christian\Desktop\IMG_0758.JPG
[2012.12.29 15:13:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_lgandnetadb_01005.Wdf
[2012.12.29 14:52:53 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\LG PC Suite.Lnk
[2012.12.29 11:32:18 | 001,568,493 | ---- | C] () -- C:\Users\Christian\Desktop\CCI29122012_00000.jpg
[2012.12.28 17:43:48 | 000,001,424 | ---- | C] () -- C:\Users\Christian\Desktop\Bus-Simulator 2012 (Basic-Version).lnk
[2012.12.28 17:43:48 | 000,001,417 | ---- | C] () -- C:\Users\Christian\Desktop\Bus-Simulator 2012 (High-Version).lnk
[2012.12.26 23:01:50 | 021,533,620 | ---- | C] () -- C:\Users\Christian\Desktop\QuickFix2.rar
[2012.12.25 20:48:50 | 000,002,681 | ---- | C] () -- C:\Users\Public\Desktop\ILS Sim V4 starten.lnk
[2012.12.25 12:08:13 | 000,540,346 | ---- | C] () -- C:\Users\Christian\Desktop\IMG_0736.JPG
[2012.12.17 17:15:17 | 000,000,680 | RHS- | C] () -- C:\Users\Christian\ntuser.pol
[2012.12.16 15:19:35 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.12.14 21:54:40 | 000,003,584 | ---- | C] () -- C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.11 18:56:22 | 000,014,124 | ---- | C] () -- C:\Users\Christian\Desktop\Namensstreifen_Preisliste.pdf
[2012.12.03 19:59:21 | 014,749,799 | ---- | C] () -- C:\Users\Christian\Desktop\Sat und Kabel Magazin März April No 0304 2012.pdf
[2012.12.03 19:59:21 | 010,009,315 | ---- | C] () -- C:\Users\Christian\Desktop\SatVison Magazin 03-2011 Deutsch.pdf
[2012.11.30 20:30:46 | 000,184,320 | ---- | C] () -- C:\Windows\SysWow64\BDEADMIN.CPL
[2012.11.30 20:30:46 | 000,156,744 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL
[2012.11.24 19:08:47 | 000,000,851 | ---- | C] () -- C:\Users\Christian\AppData\Local\recently-used.xbel
[2012.11.03 13:23:49 | 000,000,000 | ---- | C] () -- C:\Users\Christian\AppData\Local\Input.xml
[2012.11.03 13:23:25 | 000,000,000 | ---- | C] () -- C:\Users\Christian\AppData\Local\Settings.xml
[2012.10.12 14:59:59 | 000,038,430 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2012.10.02 15:40:07 | 004,918,688 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012.08.20 16:44:42 | 000,000,911 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012.08.20 16:44:42 | 000,000,164 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012.08.20 16:44:03 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.08.20 16:44:03 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2012.08.20 16:42:20 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.07.29 15:28:22 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.29 11:30:46 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.07.29 11:30:40 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.07.28 19:03:45 | 000,007,602 | ---- | C] () -- C:\Users\Christian\AppData\Local\resmon.resmoncfg
[2012.07.28 15:13:06 | 000,000,060 | ---- | C] () -- C:\Users\Christian\wemtesting.key
[2012.07.27 21:53:45 | 000,017,408 | ---- | C] () -- C:\Users\Christian\AppData\Local\WebpageIcons.db
[2012.07.27 20:25:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.27 20:22:11 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.27 20:22:11 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.07.27 20:22:11 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.07.27 19:57:13 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.07.27 19:56:55 | 000,033,659 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.03.19 22:37:12 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.03.19 22:37:12 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.03.19 22:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.19 21:23:38 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.21 18:22:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Aeria Games & Entertainment
[2012.12.02 15:20:45 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\BosMon
[2012.11.04 17:34:48 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DAEMON Tools Lite
[2012.12.29 17:15:07 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\FileZilla
[2012.12.29 18:52:19 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICQ
[2012.07.28 20:44:35 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ICQ Search
[2012.10.27 15:40:55 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\lennox
[2012.12.29 15:01:09 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\LG Electronics
[2012.11.07 17:05:39 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Need for Speed World
[2012.12.29 19:04:23 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\NetSpeedMonitor
[2012.10.17 19:24:23 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Origin
[2012.10.20 16:59:51 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\PC-FAX TX
[2012.10.27 16:53:20 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TeamViewer
[2012.12.25 21:00:11 | 000,000,000 | -HSD | M] -- C:\Users\Christian\AppData\Roaming\wyUpdate AU
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.11.04 13:53:24 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.10.21 18:22:12 | 000,000,000 | ---D | M] -- C:\AeriaGames
[2012.07.28 22:50:36 | 000,000,000 | ---D | M] -- C:\AMD
[2012.08.25 08:51:11 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.11.21 20:57:49 | 000,000,000 | ---D | M] -- C:\BrickForce
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.07.27 19:52:40 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.07.27 20:01:08 | 000,000,000 | ---D | M] -- C:\Intel
[2012.07.28 19:57:13 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.07.28 19:06:47 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.12.16 15:19:24 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.12.29 14:48:45 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.12.16 15:19:24 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.07.27 19:52:40 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.07.27 19:52:40 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.12.29 13:29:47 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.07.28 15:15:03 | 000,000,000 | R--D | M] -- C:\Users
[2012.12.20 11:36:28 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.29 19:11:55 | 000,001,064 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-431522603-206524160-444697413-1001Core.job
[2012.08.29 19:11:58 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-431522603-206524160-444697413-1001UA.job
[2012.11.25 14:38:44 | 000,001,112 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.11.25 14:38:45 | 000,001,116 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.12.29 19:10:51 | 002,097,152 | -HS- | M] () -- C:\Users\Christian\ntuser.dat
[2012.12.29 19:10:51 | 000,262,144 | -HS- | M] () -- C:\Users\Christian\ntuser.dat.LOG1
[2012.07.27 19:52:46 | 000,000,000 | -HS- | M] () -- C:\Users\Christian\ntuser.dat.LOG2
[2012.07.27 20:00:05 | 000,065,536 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.07.27 20:00:05 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.07.27 20:00:05 | 000,524,288 | -HS- | M] () -- C:\Users\Christian\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.07.27 19:52:46 | 000,000,020 | -HS- | M] () -- C:\Users\Christian\ntuser.ini
[2012.12.17 17:15:17 | 000,000,680 | RHS- | M] () -- C:\Users\Christian\ntuser.pol
[2012.08.20 18:12:10 | 000,000,000 | ---- | M] () -- C:\Users\Christian\Sti_Trace.log
[2012.12.13 20:12:45 | 000,014,336 | -HS- | M] () -- C:\Users\Christian\Thumbs.db
[2010.06.11 19:58:44 | 000,000,060 | ---- | M] () -- C:\Users\Christian\wemtesting.key
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
--- --- ---
__________________
Alt 29.12.2012, 19:22   #4
scholzi
 
"Clickcompare" Virus trotz Schutzprogramm? - Standard

"Clickcompare" Virus trotz Schutzprogramm?


Extras
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.12.2012 19:00:55 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Christian\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 5,78 Gb Available Physical Memory | 72,62% Memory free
15,91 Gb Paging File | 13,29 Gb Available in Paging File | 83,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 270,45 Gb Total Space | 165,50 Gb Free Space | 61,20% Space Free | Partition Type: NTFS
Drive D: | 195,21 Gb Total Space | 195,12 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BB14214-7C77-4105-B647-78C4E2833358}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{196837D3-7DE6-4A2C-8CA9-0F3721B6E93B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{32D7FE3E-0766-4B08-9C04-C164EA5F91DB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3D0C3916-FD98-402C-8DB5-42CDA7FFE6B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{525A6C45-B4EB-4A51-8B48-8B9409F4A2FB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{652F6DF9-F0FB-467E-BBB6-2189C3EC404C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6B79A387-AAAB-4BB2-A139-188C1963A324}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BAA2DE55-E4E9-4A80-A4F6-3FF9990673BD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CD926C31-90CC-40FB-9CE7-F24E7B925D1E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ECB6F7A9-C299-4101-B5DD-8CC35A7F2C73}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F3298648-C60E-4CDC-A42A-6FD3E939FE34}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F757055A-2138-44B4-BAE6-149C058ACFED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004A2D04-9960-4830-B2D4-493872BF3963}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{061BC427-AA20-441C-B7AB-8FEF9AFDA1A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{09F83AB6-6C95-460C-850E-8A5D067F8FE5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{0A56AEDA-6E51-4C99-A30B-9FD40ACF2D34}" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\akamai\netsession_win.exe | 
"{1424030B-39B9-4584-ABD6-AC7276952C36}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{15833CCB-7F89-4FA6-B507-02F3D642D091}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe | 
"{169ECF61-A757-40F8-B1DA-AB1A19C07584}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{17668D2F-7D17-4F6C-9F0E-C8E784E5D6D0}" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\akamai\netsession_win.exe | 
"{1F2E0B53-AE37-43EC-9ABD-7EFB97E326B9}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{28E9EBCF-F57F-4736-994B-6B2FB5F958C5}" = dir=in | app=c:\brickforce\bflauncher.exe | 
"{291A465A-324D-4EB1-8AFD-2E66A7833AD4}" = protocol=6 | dir=out | app=system | 
"{29C2B53D-0CB4-4769-9EC4-7378E018D741}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2ABCC6CD-E8DA-486A-98D3-9E4B2D32CE23}" = protocol=17 | dir=in | app=c:\users\christian\feuerwehr\alarmmonitor 3.0\alarmmonitor 3.exe | 
"{2E1EF1AF-430F-4685-B5C7-7BA277BFC756}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2E4A1763-FC88-4E08-9D76-6DD3DF3355B6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{3A9E2D33-AF5B-4FFD-957D-83CE3DF8CAE2}" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\temp\rar$exb0.245\alarmmonitor 3.0\alarmmonitor 3.exe | 
"{3E88AE60-3126-4F1B-897B-C7BE0649F867}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{425C6C76-6191-4001-9892-6B0BBF06A265}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{4C887C7E-72C2-46F7-BAE5-DD5F9FBC31C3}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{4D50ABF7-6F61-4F62-9863-9289E0999430}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4D7471A5-6B16-42BD-BD00-BEB32862F099}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{5203681E-BF58-4E1C-BCC5-16BEE87F2B77}" = dir=in | app=c:\brickforce\brickforce.exe | 
"{56E150AD-7EAC-4513-ADB3-7FD27CBF367C}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{5C650FFB-AFB8-4D6D-8A73-6E81EB0F16B2}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{636ACABF-7757-4A79-8CC6-B1E180C7AB8D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{63B0592E-DD82-4475-A972-CE6673649911}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"{67012DA0-BCF0-44AF-BBCB-0639474F2A1B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6E4BF049-F227-4369-9BAE-D968C262E479}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{73CBB361-CCBD-4C2D-976D-9C67B3CD41D7}" = protocol=6 | dir=in | app=c:\users\christian\feuerwehr\alarmmonitor 3.0\alarmmonitor 3.exe | 
"{7499EE46-B5B0-4AFC-AF4A-86480DE91D6D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"{7F28192A-9645-4354-9361-939B7B820FA8}" = protocol=58 | dir=in | app=system | 
"{86126FF2-8F46-45CB-BF60-FA5F81758828}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{92C72C8C-EEF0-41F5-94E3-F848C139B4B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{93D535E5-FFF1-4C11-B241-7AF4CC5A002E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{99A00F28-896F-4CA9-97D9-76DC337C454B}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{9A26FB44-4657-4DD7-86C0-F09038AF24C0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9D39FCB3-62A0-411A-8437-766EBFA3C22E}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{A63C6CB3-C189-4AE0-92E1-D1D9E3C76734}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe | 
"{A8C33AF5-BA62-42EB-8197-C6717DB6E1BF}" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\temp\rar$exb0.245\alarmmonitor 3.0\alarmmonitor 3.exe | 
"{AA669FA0-9203-4EE5-A45F-BDC04C46ABB1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{ADDEA7C4-EDF0-4F6C-BF6B-CA9FF99FEB8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AF1185C8-583C-4745-AFFC-AE18560038D2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AF882516-7B96-4C2E-8E6A-506893A803A0}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe | 
"{B4A2776E-CC38-4C09-AB6C-3F63D3169270}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B9CEEF22-87F1-4DC5-97A9-B7DF96B65C97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BA5D3539-0643-4CB5-8D9B-2CB5CDDB4E88}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7m\icq.exe | 
"{BB1BC5DF-44D5-4ECE-8416-004C414BD125}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C3443A39-0680-43C0-8699-7159E223CA99}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{D5DFF2E6-60EC-4064-929C-2BFA012DA6AD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DEE7E4C9-CE5E-4565-AEA5-C75996E6FDEE}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{E473A3D4-1699-4419-A228-2084ADA68F3E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E5C81C1C-9D1D-4699-8265-24E23374439D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{E9FED58A-F212-46A3-B628-01C405F96ECA}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{F4E77372-5D40-4FDD-A160-6DDFDBE6CF54}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{F6A06842-0241-45EE-A4FB-DAE92939B341}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F8E679CE-FD2C-466D-BA8C-AFF709EB2ECE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FD0060D4-8623-41A2-8F61-7ED9C2323B58}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe | 
"{FF8E0501-B420-49EE-840D-FDF917E232F6}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"TCP Query User{6226C2C1-1D88-43DD-9125-861D6EC95391}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"TCP Query User{6A447105-AC90-4AA5-8FA0-F68E52089E8D}C:\users\christian\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{6BE9C208-7058-4A04-A749-513C1B1D3163}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{AC5C22D3-2833-44DC-85B2-E9D0BF47F12C}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe | 
"TCP Query User{B1C2E9B7-2022-44C9-97E5-2466B22B6A2E}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{B39B76C4-98F3-4177-B222-C34500C802AC}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe | 
"TCP Query User{B8BD0A43-FE5D-45E9-8D5B-278D29566136}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"TCP Query User{C5FA35FD-AA7F-49D3-8823-AA30ECBE0860}C:\users\christian\appdata\local\temp\rar$exb0.245\alarmmonitor 3.0\alarmmonitor 3.exe" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\temp\rar$exb0.245\alarmmonitor 3.0\alarmmonitor 3.exe | 
"TCP Query User{EEBF1484-D199-4977-A8F3-481CFC1AECBD}C:\users\christian\feuerwehr\alarmmonitor 3.0\alarmmonitor 3.exe" = protocol=6 | dir=in | app=c:\users\christian\feuerwehr\alarmmonitor 3.0\alarmmonitor 3.exe | 
"UDP Query User{0113AFA2-06D2-4376-9F7F-D04800FB2DAE}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe | 
"UDP Query User{1EB8C6CC-4E24-4920-895A-4DE974CB1CCD}C:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sixteen tons entertainment\emergency4\em4.exe | 
"UDP Query User{2365DEEA-8BFA-40EA-8636-2E92F2579589}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{2BDE9E94-50E1-413B-AC74-57D340A1BF55}C:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\gtaiv.exe | 
"UDP Query User{56A91D0F-64CC-4E93-9BD7-F8D68AB0C1EF}C:\users\christian\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{7B78855E-1126-45C4-B90E-1D0766C0BC46}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{9CC3D7C2-0498-41B5-8A9D-3A85855BD5C8}C:\users\christian\appdata\local\temp\rar$exb0.245\alarmmonitor 3.0\alarmmonitor 3.exe" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\temp\rar$exb0.245\alarmmonitor 3.0\alarmmonitor 3.exe | 
"UDP Query User{BB2574BA-4E4A-428C-AEDF-C8B00ED1D954}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"UDP Query User{D5BB36B0-E9EB-408F-9E26-76BC2A319975}C:\users\christian\feuerwehr\alarmmonitor 3.0\alarmmonitor 3.exe" = protocol=17 | dir=in | app=c:\users\christian\feuerwehr\alarmmonitor 3.0\alarmmonitor 3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0DCAB5DD-CC69-271A-CF03-F2BD6B60BD8A}" = AMD Media Foundation Decoders
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1AFC919D-751B-A5D7-B17D-7C0067A65D2E}" = AMD Drag and Drop Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}" = AMD Catalyst Install Manager
"{5001E5BC-C9BF-4598-AB89-E7318C76C5F4}" = FRITZ!Fernzugang
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{504184A2-1B0E-5D93-603A-517E93E7EDB3}" = AMD Accelerated Video Transcoding
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170090}" = Java SE Development Kit 7 Update 9 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{88C7AEBE-7C64-49B6-AC85-EA19DCD08E89}" = Logitech Audio Echo Cancellation Component for 64-bit Windows
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{946DC23F-55CE-4D36-91FF-84588B94049A}" = Smart Technology Volume Tracker 7.0.0.26
"{96B0B2F7-1853-464D-B520-CA08F9CA8002}" = Smart Technology Programming Software 7.0.0.26
"{A4F27A8B-F63D-4BA2-BB4B-15A0A57868B5}" = Logitech QuickCam
"{B0E1D8C3-099F-4705-B4D8-54E0A969B354}" = MVisn64
"{BBBE35B2-9349-3C48-BD3D-F574B17C7924}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In 
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AutoDateTime_is1" = OfficeOne AutoDateTime 5.1
"CCleaner" = CCleaner
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Unlocker" = Unlocker 1.9.1-x64
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0ADD81-270D-44C7-8AA9-882A42F2EC22}_is1" = ABC-Schutz-Simulator Version 1.0
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{24554152-AA9B-46C2-B227-9A4FC04B57FC}" = 11g Wireless LAN
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}" = 3DMark 11
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite MFC-250C
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B60A7A4-49F6-4D2A-8AE7-BCBAFA6224CE}" = Simulationsprogramm Integrierte Leitstelle V4
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5DB849D6-9392-4FB7-9ABB-87ED433152E5}" = LG United Mobile Drivers
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{86095E92-1959-8364-920E-82E81F64F8FB}" = Catalyst Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = 2007 Microsoft Office Suite Service Pack 3 (SP3)
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4C534E-431F-4A17-97D4-D1682B19A054}" = Emergency4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{B837579C-B73E-47ED-B722-B0076CDDFB2C}_is1" = BosMon 1.1.10
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA5151A0-FCCA-4EE5-8B0A-D068F62DE52A}_is1" = Flughafen-Feuerwehr-Simulator PATCH 1.1
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{Wegberg-Modifikation-5-0}_is1" = Feuer- und Notfallsimulation Wegberg Version 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Battlelog Web Plugins" = Battlelog Web Plugins
"Bus-Simulator 2012_is1" = Bus-Simulator 2012
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.6.0.2
"FUSSBALL MANAGER 12 Demo" = FUSSBALL MANAGER 12 Demo
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"LG PC Suite" = LG PC Suite
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"QcDrv" = Logitech® Camera-Treiber
"Screensaver BF3" = Screensaver BF3
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.11.2012 18:01:09 | Computer Name = Christian-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/11/17 23:01:09.958]: [00004924]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 17.11.2012 18:01:11 | Computer Name = Christian-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/11/17 23:01:11.459]: [00004924]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 17.11.2012 18:01:12 | Computer Name = Christian-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/11/17 23:01:12.959]: [00004924]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 17.11.2012 18:01:14 | Computer Name = Christian-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/11/17 23:01:14.459]: [00004924]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 17.11.2012 18:01:15 | Computer Name = Christian-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/11/17 23:01:15.959]: [00004924]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 17.11.2012 18:01:17 | Computer Name = Christian-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/11/17 23:01:17.459]: [00004924]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 17.11.2012 18:01:18 | Computer Name = Christian-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/11/17 23:01:18.959]: [00004924]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 17.11.2012 18:01:20 | Computer Name = Christian-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/11/17 23:01:20.459]: [00004924]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 17.11.2012 18:01:21 | Computer Name = Christian-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/11/17 23:01:21.959]: [00004924]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 17.11.2012 18:01:23 | Computer Name = Christian-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2012/11/17 23:01:23.459]: [00004924]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
[ OSession Events ]
Error - 16.12.2012 08:24:16 | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 338
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.12.2012 16:39:21 | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13446
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 18.12.2012 10:22:07 | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6541
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 18.12.2012 12:12:28 | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6606
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 20.12.2012 14:17:44 | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4992
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 22.12.2012 10:18:22 | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 24.12.2012 16:26:30 | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4362
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 25.12.2012 10:35:44 | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14162
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 25.12.2012 20:03:29 | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18287
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 28.12.2012 05:25:03 | Computer Name = Christian-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 58
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 09.11.2012 10:38:51 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 09.11.2012 11:00:30 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 09.11.2012 11:04:34 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 09.11.2012 11:28:05 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 09.11.2012 11:36:11 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 09.11.2012 12:32:27 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 09.11.2012 12:40:29 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 11.11.2012 07:19:15 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 11.11.2012 07:55:18 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
Error - 11.11.2012 08:31:20 | Computer Name = Christian-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >
--- --- ---


Sorry für den Doppelpost, aber bei Dateianhängen weiss man ja nicht was passiert wenn ein virus drauf sein sollte.

Alt 02.01.2013, 21:00   #5
markusg
/// Malware-holic
 
"Clickcompare" Virus trotz Schutzprogramm? - Standard

"Clickcompare" Virus trotz Schutzprogramm?


Hi,
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.01.2013, 21:12   #6
scholzi
 
"Clickcompare" Virus trotz Schutzprogramm? - Standard

"Clickcompare" Virus trotz Schutzprogramm?


Hallo,
hier den Log allerdings als Screen

Gruß
Christian
Miniaturansicht angehängter Grafiken
&quot;Clickcompare&quot; Virus trotz Schutzprogramm?-tdss.jpg  

Alt 03.01.2013, 18:59   #7
markusg
/// Malware-holic
 
"Clickcompare" Virus trotz Schutzprogramm? - Standard

"Clickcompare" Virus trotz Schutzprogramm?


öffne c: tdss-killer-version.txt, inhalt posten, danke
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.01.2013, 20:35   #8
scholzi
 
"Clickcompare" Virus trotz Schutzprogramm? - Standard

"Clickcompare" Virus trotz Schutzprogramm?


Hallo,
danke für den Hinweis.

Ich habe zu Danken!
PHP-Code:
21:09:42.0932 1492  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:09:43.0067 1492  ============================================================
21:09:43.0067 1492  Current date time2013/01/02 21:09:43.0067
21:09:43.0067 1492  SystemInfo:
21:09:43.0068 1492  
21:09:43.0068 1492  OS Version6.1.7601 ServicePack1.0
21:09:43.0068 1492  Product typeWorkstation
21:09:43.0068 1492  ComputerNameCHRISTIAN-PC
21:09:43.0068 1492  UserNameChristian
21:09:43.0068 1492  Windows directoryC:\Windows
21:09:43.0068 1492  System windows directoryC:\Windows
21:09:43.0068 1492  Running under WOW64
21:09:43.0068 1492  Processor architectureIntel x64
21:09:43.0068 1492  Number of processors4
21:09:43.0068 1492  Page size0x1000
21:09:43.0068 1492  Boot typeNormal boot
21:09:43.0068 1492  ============================================================
21:09:43.0953 1492  Drive \Device\Harddisk0\DR0 Size0x7470C06000 (465.76 Gb), SectorSize0x200Cylinders0xED81SectorsPerTrack0x3FTracksPerCylinder0xFFType 'K0'Flags 0x00000040
21:09:44.0027 1492  ============================================================
21:09:44.0027 1492  \Device\Harddisk0\DR0:
21:09:44.0028 1492  MBR partitions:
21:09:44.0028 1492  \Device\Harddisk0\DR0\Partition1MBRType 0x7StartLBA 0x32800BlocksNum 0x1866E000
21:09:44.0028 1492  \Device\Harddisk0\DR0\Partition2MBRType 0x7StartLBA 0x186A0800BlocksNum 0x21CE5000
21:09:44.0028 1492  ============================================================
21:09:44.0044 1492  C: <-> \Device\Harddisk0\DR0\Partition2
21:09:44.0067 1492  D: <-> \Device\Harddisk0\DR0\Partition1
21:09:44.0067 1492  ============================================================
21:09:44.0068 1492  Initialize success
21:09:44.0068 1492  ============================================================
21:09:59.0094 5048  ============================================================
21:09:59.0094 5048  Scan started
21:09:59.0094 5048  ModeManualSigCheckTDLFS
21:09:59.0094 5048  ============================================================
21:09:59.0883 5048  ================ Scan system memory ========================
21:09:59.0884 5048  System memory ok
21:09:59.0884 5048  ================ Scan services =============================
21:09:59.0997 5048  A87D604AEA360176311474C87A63BB88 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:10:00.0068 5048  1394ohci ok
21:10:00.0094 5048  D81D9E70B8A6DD14D42D7B4EFA65D5F2 ACPI            C:\Windows\system32\drivers\ACPI.sys
21:10:00.0105 5048  ACPI ok
21:10:00.0113 5048  99F8E788246D495CE3794D7E7821D2CA AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:10:00.0171 5048  AcpiPmi ok
21:10:00.0264 5048  D19C4EE2AC7C47B8F5F84FFF1A789D8A AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:10:00.0279 5048  AdobeARMservice ok
21:10:00.0380 5048  95CE557D16A75606CCC2D7F3B0B0BCCB AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:10:00.0395 5048  AdobeFlashPlayerUpdateSvc ok
21:10:00.0429 5048  2F6B34B83843F0C5118B63AC634F5BF4 adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:10:00.0452 5048  adp94xx ok
21:10:00.0480 5048  597F78224EE9224EA1A13D6350CED962 adpahci         C:\Windows\system32\drivers\adpahci.sys
21:10:00.0501 5048  adpahci ok
21:10:00.0504 5048  E109549C90F62FB570B9540C4B148E54 adpu320         C:\Windows\system32\drivers\adpu320.sys
21:10:00.0517 5048  adpu320 ok
21:10:00.0530 5048  4B78B431F225FD8624C5655CB1DE7B61 AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:10:00.0641 5048  AeLookupSvc ok
21:10:00.0689 5048  1C7857B62DE5994A75B054A9FD4C3825 AFD             C:\Windows\system32\drivers\afd.sys
21:10:00.0726 5048  AFD ok
21:10:00.0751 5048  608C14DBA7299D8CB6ED035A68A15799 agp440          C:\Windows\system32\drivers\agp440.sys
21:10:00.0764 5048  agp440 ok
21:10:00.0772 5048  3290D6946B5E30E70414990574883DDB ALG             C:\Windows\System32\alg.exe
21:10:00.0838 5048  ALG ok
21:10:00.0850 5048  5812713A477A3AD7363C7438CA2EE038 aliide          C:\Windows\system32\drivers\aliide.sys
21:10:00.0872 5048  aliide ok
21:10:00.0924 5048  4C1E3649C89C7D542CD18ECC5210099D AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:10:00.0968 5048  AMD External Events Utility ok
21:10:01.0014 5048  1FF8B4431C353CE385C875F194924C0C amdide          C:\Windows\system32\drivers\amdide.sys
21:10:01.0029 5048  amdide ok
21:10:01.0046 5048  7024F087CFF1833A806193EF9D22CDA9 AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:10:01.0079 5048  AmdK8 ok
21:10:01.0267 5048  A3C0A15B39F979E8F3EABA901D72ECD7 amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:10:01.0472 5048  amdkmdag ok
21:10:01.0505 5048  20F3CD38B107C1BD747C0EA37D450165 amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
21:10:01.0538 5048  amdkmdap ok
21:10:01.0560 5048  1E56388B3FE0D031C44144EB8C4D6217 AmdPPM          C:\Windows\system32\drivers\amdppm.sys
21:10:01.0603 5048  AmdPPM ok
21:10:01.0645 5048  D4121AE6D0C0E7E13AA221AA57EF2D49 amdsata         C:\Windows\system32\drivers\amdsata.sys
21:10:01.0662 5048  amdsata ok
21:10:01.0682 5048  F67F933E79241ED32FF46A4F29B5120B amdsbs          C:\Windows\system32\drivers\amdsbs.sys
21:10:01.0711 5048  amdsbs ok
21:10:01.0725 5048  540DAF1CEA6094886D72126FD7C33048 amdxata         C:\Windows\system32\drivers\amdxata.sys
21:10:01.0740 5048  amdxata ok
21:10:01.0774 5048  EFD1765905491B742C531FF6C38E9EC7 andnetadb       C:\Windows\system32\Drivers\lgandnetadb.sys
21:10:01.0818 5048  andnetadb ok
21:10:01.0856 5048  8660C7BFE2CBA7E0B3F5D9ECD05D780E AndNetDiag      C:\Windows\system32\DRIVERS\lgandnetdiag64.sys
21:10:01.0894 5048  AndNetDiag ok
21:10:01.0925 5048  620F9CDFC8987FE26F6E0DC37D645B45 ANDNetModem     C:\Windows\system32\DRIVERS\lgandnetmodem64.sys
21:10:01.0942 5048  ANDNetModem ok
21:10:01.0975 5048  89A69C3F2F319B43379399547526D952 AppID           C:\Windows\system32\drivers\appid.sys
21:10:02.0082 5048  AppID ok
21:10:02.0107 5048  0BC381A15355A3982216F7172F545DE1 AppIDSvc        C:\Windows\System32\appidsvc.dll
21:10:02.0156 5048  AppIDSvc ok
21:10:02.0174 5048  3977D4A871CA0D4F2ED1E7DB46829731 Appinfo         C:\Windows\System32\appinfo.dll
21:10:02.0237 5048  Appinfo ok
21:10:02.0299 5048  A5299D04ED225D64CF07A568A3E1BF8C Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:10:02.0313 5048  Apple Mobile Device ok
21:10:02.0354 5048  4ABA3E75A76195A3E38ED2766C962899 AppMgmt         C:\Windows\System32\appmgmts.dll
21:10:02.0407 5048  AppMgmt ok
21:10:02.0425 5048  C484F8CEB1717C540242531DB7845C4E arc             C:\Windows\system32\drivers\arc.sys
21:10:02.0442 5048  arc ok
21:10:02.0470 5048  019AF6924AEFE7839F61C830227FE79C arcsas          C:\Windows\system32\drivers\arcsas.sys
21:10:02.0493 5048  arcsas ok
21:10:02.0575 5048  F7692E60147E56A1CEEE144974F41830 asComSvc        C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe
21:10:02.0623 5048  asComSvc UnsignedFile.Multi.Generic ) - warning
21:10:02.0623 5048  asComSvc detected UnsignedFile.Multi.Generic (1)
21:10:02.0684 5048  0466B91EE5767A769E9F8EDB8EF94DDB asHmComSvc      C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
21:10:02.0714 5048  asHmComSvc ok
21:10:02.0740 5048  FEF9DD9EA587F8886ADE43C1BEFBDAFE AsIO            C:\Windows\syswow64\drivers\AsIO.sys
21:10:02.0747 5048  AsIO ok
21:10:02.0827 5048  9217D874131AE6FF8F642F124F00A555 aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:10:02.0835 5048  aspnet_state ok
21:10:02.0888 5048  AD8947D621FDCA48F1F39F4624B60AA1 AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
21:10:02.0896 5048  AsSysCtrlService ok
21:10:02.0931 5048  1392B92179B07B672720763D9B1028A5 AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
21:10:02.0944 5048  AsUpIO ok
21:10:03.0023 5048  B4F550250E33C02E6E71955621F7A0A6 AsusFanControlService C:\Program Files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe
21:10:03.0050 5048  AsusFanControlService ok
21:10:03.0080 5048  A5E4CDB420540095D1293C874B5F89AA ASUSFILTER      C:\Windows\syswow64\drivers\ASUSFILTER.sys
21:10:03.0094 5048  ASUSFILTER ok
21:10:03.0141 5048  7882BB401553008C3D17251D98474412 ASUSstpt        C:\Windows\system32\DRIVERS\ASUSstpt.sys
21:10:03.0155 5048  ASUSstpt ok
21:10:03.0196 5048  23041D6FADF1287457E12CDBE2466554 ASUSumsc        C:\Windows\system32\DRIVERS\ASUSumsc.sys
21:10:03.0221 5048  ASUSumsc ok
21:10:03.0241 5048  769765CE2CC62867468CEA93969B2242 AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:10:03.0297 5048  AsyncMac ok
21:10:03.0327 5048  02062C0B390B7729EDC9E69C680A6F3C atapi           C:\Windows\system32\drivers\atapi.sys
21:10:03.0340 5048  atapi ok
21:10:03.0391 5048  B0790FF0E25B7A2674296052F2162C1A AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
21:10:03.0412 5048  AtiHDAudioService ok
21:10:03.0456 5048  F23FEF6D569FCE88671949894A8BECF1 AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:10:03.0528 5048  AudioEndpointBuilder ok
21:10:03.0554 5048  F23FEF6D569FCE88671949894A8BECF1 AudioSrv        C:\Windows\System32\Audiosrv.dll
21:10:03.0582 5048  AudioSrv ok
21:10:03.0664 5048  53A05544AB5D067B56F133225DBFC21B avmike          C:\Program Files\FRITZ!Fernzugang\avmike.exe
21:10:03.0680 5048  avmike ok
21:10:03.0735 5048  587EFD6A3A30A35A27904D21AE1FB882 AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
21:10:03.0756 5048  AVP ok
21:10:03.0787 5048  A6BF31A71B409DFA8CAC83159E1E2AFF AxInstSV        C:\Windows\System32\AxInstSV.dll
21:10:03.0825 5048  AxInstSV ok
21:10:03.0863 5048  3E5B191307609F7514148C6832BB0842 b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
21:10:03.0902 5048  b06bdrv ok
21:10:03.0920 5048  B5ACE6968304A3900EEB1EBFD9622DF2 b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
21:10:03.0944 5048  b57nd60a ok
21:10:03.0972 5048  FDE360167101B4E45A96F939F388AEB0 BDESVC          C:\Windows\System32\bdesvc.dll
21:10:04.0020 5048  BDESVC ok
21:10:04.0032 5048  16A47CE2DECC9B099349A5F840654746 Beep            C:\Windows\system32\drivers\Beep.sys
21:10:04.0062 5048  Beep ok
21:10:04.0096 5048  82974D6A2FD19445CC5171FC378668A4 BFE             C:\Windows\System32\bfe.dll
21:10:04.0162 5048  BFE ok
21:10:04.0191 5048  1EA7969E3271CBC59E1730697DC74682 BITS            C:\Windows\system32\qmgr.dll
21:10:04.0246 5048  BITS ok
21:10:04.0274 5048  61583EE3C3A17003C4ACD0475646B4D3 blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:10:04.0310 5048  blbdrive ok
21:10:04.0374 5048  EBBCD5DFBB1DE70E8F4AF8FA59E401FD Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:10:04.0394 5048  Bonjour Service ok
21:10:04.0424 5048  6C02A83164F5CC0A262F4199F0871CF5 bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:10:04.0455 5048  bowser ok
21:10:04.0481 5048  F09EEE9EDC320B5E1501F749FDE686C8 BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
21:10:04.0520 5048  BrFiltLo ok
21:10:04.0541 5048  B114D3098E9BDB8BEA8B053685831BE6 BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
21:10:04.0561 5048  BrFiltUp ok
21:10:04.0597 5048  5C2F352A4E961D72518261257AAE204B BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
21:10:04.0661 5048  BridgeMP ok
21:10:04.0694 5048  05F5A0D14A2EE1D8255C2AA0E9E8E694 Browser         C:\Windows\System32\browser.dll
21:10:04.0743 5048  Browser ok
21:10:04.0756 5048  43BEA8D483BF1870F018E2D02E06A5BD Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:10:04.0834 5048  Brserid ok
21:10:04.0861 5048  A6ECA2151B08A09CACECA35C07F05B42 BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:10:04.0901 5048  BrSerWdm ok
21:10:04.0920 5048  B79968002C277E869CF38BD22CD61524 BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:10:04.0955 5048  BrUsbMdm ok
21:10:04.0959 5048  A87528880231C54E75EA7A44943B38BF BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:10:05.0011 5048  BrUsbSer ok
21:10:05.0030 5048  9DA669F11D1F894AB4EB69BF546A42E8 BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:10:05.0065 5048  BTHMODEM ok
21:10:05.0112 5048  95F9C2976059462CBBF227F7AAB10DE9 bthserv         C:\Windows\system32\bthserv.dll
21:10:05.0153 5048  bthserv ok
21:10:05.0170 5048  B8BD2BB284668C84865658C77574381A cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:10:05.0211 5048  cdfs ok
21:10:05.0242 5048  F036CE71586E93D94DAB220D7BDF4416 cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:10:05.0267 5048  cdrom ok
21:10:05.0281 5048  F17D1D393BBC69C5322FBFAFACA28C7F CertPropSvc     C:\Windows\System32\certprop.dll
21:10:05.0342 5048  CertPropSvc ok
21:10:05.0392 5048  DC716E2329403300B2477997581BBFD7 certsrv         C:\Program Files\FRITZ!Fernzugang\certsrv.exe
21:10:05.0406 5048  certsrv ok
21:10:05.0421 5048  D7CD5C4E1B71FA62050515314CFB52CF circlass        C:\Windows\system32\drivers\circlass.sys
21:10:05.0441 5048  circlass ok
21:10:05.0457 5048  FE1EC06F2253F691FE36217C592A0206 CLFS            C:\Windows\system32\CLFS.sys
21:10:05.0472 5048  CLFS ok
21:10:05.0514 5048  D88040F816FDA31C3B466F0FA0918F29 clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:10:05.0529 5048  clr_optimization_v2.0.50727_32 ok
21:10:05.0561 5048  D1CEEA2B47CB998321C579651CE3E4F8 clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:10:05.0577 5048  clr_optimization_v2.0.50727_64 ok
21:10:05.0636 5048  C5A75EB48E2344ABDC162BDA79E16841 clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:10:05.0651 5048  clr_optimization_v4.0.30319_32 ok
21:10:05.0684 5048  C6F9AF94DCD58122A4D7E89DB6BED29D clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:10:05.0699 5048  clr_optimization_v4.0.30319_64 ok
21:10:05.0738 5048  0840155D0BDDF1190F84A663C284BD33 CmBatt          C:\Windows\system32\drivers\CmBatt.sys
21:10:05.0767 5048  CmBatt ok
21:10:05.0771 5048  E19D3F095812725D88F9001985B94EDD cmdide          C:\Windows\system32\drivers\cmdide.sys
21:10:05.0783 5048  cmdide ok
21:10:05.0818 5048  9AC4F97C2D3E93367E2148EA940CD2CD CNG             C:\Windows\system32\Drivers\cng.sys
21:10:05.0846 5048  CNG ok
21:10:05.0862 5048  102DE219C3F61415F964C88E9085AD14 Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:10:05.0876 5048  Compbatt ok
21:10:05.0909 5048  03EDB043586CCEBA243D689BDDA370A8 CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
21:10:05.0936 5048  CompositeBus ok
21:10:05.0956 5048  COMSysApp ok
21:10:06.0034 5048  F08C6020E57F5E5BF2FD034DB10BEDFB cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
21:10:06.0054 5048  cphs ok
21:10:06.0088 5048  cpuz135 ok
21:10:06.0111 5048  1C827878A998C18847245FE1F34EE597 crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:10:06.0126 5048  crcdisk ok
21:10:06.0172 5048  9C01375BE382E834CC26D1B7EAF2C4FE CryptSvc        C:\Windows\system32\cryptsvc.dll
21:10:06.0204 5048  CryptSvc ok
21:10:06.0236 5048  54DA3DFD29ED9F1619B6F53F3CE55E49 CSC             C:\Windows\system32\drivers\csc.sys
21:10:06.0276 5048  CSC ok
21:10:06.0306 5048  3AB183AB4D2C79DCF459CD2C1266B043 CscService      C:\Windows\System32\cscsvc.dll
21:10:06.0351 5048  CscService ok
21:10:06.0394 5048  5C627D1B1138676C0A7AB2C2C190D123 DcomLaunch      C:\Windows\system32\rpcss.dll
21:10:06.0470 5048  DcomLaunch ok
21:10:06.0525 5048  3CEC7631A84943677AA8FA8EE5B6B43D defragsvc       C:\Windows\System32\defragsvc.dll
21:10:06.0588 5048  defragsvc ok
21:10:06.0612 5048  9BB2EF44EAA163B29C4A4587887A0FE4 DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:10:06.0649 5048  DfsC ok
21:10:06.0678 5048  43D808F5D9E1A18E5EEB5EBC83969E4E Dhcp            C:\Windows\system32\dhcpcore.dll
21:10:06.0707 5048  Dhcp ok
21:10:06.0739 5048  13096B05847EC78F0977F2C0F79E9AB3 discache        C:\Windows\system32\drivers\discache.sys
21:10:06.0794 5048  discache ok
21:10:06.0856 5048  9819EEE8B5EA3784EC4AF3B137A5244C Disk            C:\Windows\system32\drivers\disk.sys
21:10:06.0872 5048  Disk ok
21:10:06.0898 5048  5DB085A8A6600BE6401F2B24EECB5415 dmvsc           C:\Windows\system32\drivers\dmvsc.sys
21:10:06.0960 5048  dmvsc ok
21:10:06.0980 5048  16835866AAA693C7D7FCEBA8FFF706E4 Dnscache        C:\Windows\System32\dnsrslvr.dll
21:10:07.0034 5048  Dnscache ok
21:10:07.0058 5048  B1FB3DDCA0FDF408750D5843591AFBC6 dot3svc         C:\Windows\System32\dot3svc.dll
21:10:07.0118 5048  dot3svc ok
21:10:07.0143 5048  B26F4F737E8F9DF4F31AF6CF31D05820 DPS             C:\Windows\system32\dps.dll
21:10:07.0192 5048  DPS ok
21:10:07.0224 5048  9B19F34400D24DF84C858A421C205754 drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:10:07.0255 5048  drmkaud ok
21:10:07.0289 5048  F5BEE30450E18E6B83A5012C100616FD DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:10:07.0315 5048  DXGKrnl ok
21:10:07.0324 5048  E2DDA8726DA9CB5B2C4000C9018A9633 EapHost         C:\Windows\System32\eapsvc.dll
21:10:07.0365 5048  EapHost ok
21:10:07.0429 5048  DC5D737F51BE844D8C82C695EB17372F ebdrv           C:\Windows\system32\drivers\evbda.sys
21:10:07.0529 5048  ebdrv ok
21:10:07.0558 5048  C118A82CD78818C29AB228366EBF81C3 EFS             C:\Windows\System32\lsass.exe
21:10:07.0579 5048  EFS ok
21:10:07.0620 5048  C4002B6B41975F057D98C439030CEA07 ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:10:07.0677 5048  ehRecvr ok
21:10:07.0690 5048  4705E8EF9934482C5BB488CE28AFC681 ehSched         C:\Windows\ehome\ehsched.exe
21:10:07.0727 5048  ehSched ok
21:10:07.0831 5048  0E5DA5369A0FCAEA12456DD852545184 elxstor         C:\Windows\system32\drivers\elxstor.sys
21:10:07.0896 5048  elxstor ok
21:10:07.0911 5048  34A3C54752046E79A126E15C51DB409B ErrDev          C:\Windows\system32\drivers\errdev.sys
21:10:07.0946 5048  ErrDev ok
21:10:07.0992 5048  4166F82BE4D24938977DD1746BE9B8A0 EventSystem     C:\Windows\system32\es.dll
21:10:08.0060 5048  EventSystem ok
21:10:08.0089 5048  A510C654EC00C1E9BDD91EEB3A59823B exfat           C:\Windows\system32\drivers\exfat.sys
21:10:08.0132 5048  exfat ok
21:10:08.0150 5048  0ADC83218B66A6DB380C330836F3E36D fastfat         C:\Windows\system32\drivers\fastfat.sys
21:10:08.0202 5048  fastfat ok
21:10:08.0234 5048  DBEFD454F8318A0EF691FDD2EAAB44EB Fax             C:\Windows\system32\fxssvc.exe
21:10:08.0287 5048  Fax ok
21:10:08.0301 5048  D765D19CD8EF61F650C384F62FAC00AB fdc             C:\Windows\system32\drivers\fdc.sys
21:10:08.0337 5048  fdc ok
21:10:08.0363 5048  0438CAB2E03F4FB61455A7956026FE86 fdPHost         C:\Windows\system32\fdPHost.dll
21:10:08.0398 5048  fdPHost ok
21:10:08.0409 5048  802496CB59A30349F9A6DD22D6947644 FDResPub        C:\Windows\system32\fdrespub.dll
21:10:08.0456 5048  FDResPub ok
21:10:08.0494 5048  655661BE46B5F5F3FD454E2C3095B930 FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:10:08.0506 5048  FileInfo ok
21:10:08.0515 5048  5F671AB5BC87EEA04EC38A6CD5962A47 Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:10:08.0565 5048  Filetrace ok
21:10:08.0588 5048  C172A0F53008EAEB8EA33FE10E177AF5 flpydisk        C:\Windows\system32\drivers\flpydisk.sys
21:10:08.0602 5048  flpydisk ok
21:10:08.0615 5048  DA6B67270FD9DB3697B20FCE94950741 FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:10:08.0631 5048  FltMgr ok
21:10:08.0680 5048  5C4CB4086FB83115B153E47ADD961A0C FontCache       C:\Windows\system32\FntCache.dll
21:10:08.0751 5048  FontCache ok
21:10:08.0790 5048  A8B7F3818AB65695E3A0BB3279F6DCE6 FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:10:08.0798 5048  FontCache3.0.0.0 ok
21:10:08.0805 5048  D43703496149971890703B4B1B723EAC FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:10:08.0815 5048  FsDepends ok
21:10:08.0826 5048  6BD9295CC032DD3077C671FCCF579A7B Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:10:08.0836 5048  Fs_Rec ok
21:10:08.0919 5048  C5A4A998EEA6297A235169CCD1F2D93F Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
21:10:08.0934 5048  Futuremark SystemInfo Service ok
21:10:08.0962 5048  1F7B25B858FA27015169FE95E54108ED fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:10:08.0978 5048  fvevol ok
21:10:08.0997 5048  8C778D335C9D272CFD3298AB02ABE3B6 gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:10:09.0009 5048  gagp30kx ok
21:10:09.0043 5048  8E98D21EE06192492A5671A6144D092F GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:10:09.0054 5048  GEARAspiWDM ok
21:10:09.0092 5048  277BBC7E1AA1EE957F573A10ECA7EF3A gpsvc           C:\Windows\System32\gpsvc.dll
21:10:09.0122 5048  gpsvc ok
21:10:09.0189 5048  506708142BC63DABA64F2D3AD1DCD5BF gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:10:09.0201 5048  gupdate ok
21:10:09.0214 5048  506708142BC63DABA64F2D3AD1DCD5BF gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:10:09.0222 5048  gupdatem ok
21:10:09.0253 5048  1E6438D4EA6E1174A3B3B1EDC4DE660B hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
21:10:09.0266 5048  hamachi ok
21:10:09.0365 5048  785FD63B74B30986A9F2C7D965CA509F Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
21:10:09.0439 5048  Hamachi2Svc ok
21:10:09.0464 5048  F2523EF6460FC42405B12248338AB2F0 hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:10:09.0515 5048  hcw85cir ok
21:10:09.0550 5048  975761C778E33CD22498059B91E7373A HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:10:09.0594 5048  HdAudAddService ok
21:10:09.0623 5048  97BFED39B6B79EB12CDDBFEED51F56BB HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:10:09.0661 5048  HDAudBus ok
21:10:09.0680 5048  78E86380454A7B10A5EB255DC44A355F HidBatt         C:\Windows\system32\drivers\HidBatt.sys
21:10:09.0711 5048  HidBatt ok
21:10:09.0732 5048  7FD2A313F7AFE5C4DAB14798C48DD104 HidBth          C:\Windows\system32\drivers\hidbth.sys
21:10:09.0758 5048  HidBth ok
21:10:09.0776 5048  0A77D29F311B88CFAE3B13F9C1A73825 HidIr           C:\Windows\system32\drivers\hidir.sys
21:10:09.0794 5048  HidIr ok
21:10:09.0810 5048  BD9EB3958F213F96B97B1D897DEE006D hidserv         C:\Windows\System32\hidserv.dll
21:10:09.0873 5048  hidserv ok
21:10:09.0889 5048  9592090A7E2B61CD582B612B6DF70536 HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:10:09.0913 5048  HidUsb ok
21:10:09.0936 5048  387E72E739E15E3D37907A86D9FF98E2 hkmsvc          C:\Windows\system32\kmsvc.dll
21:10:09.0986 5048  hkmsvc ok
21:10:10.0009 5048  EFDFB3DD38A4376F93E7985173813ABD HomeGroupListener C:\Windows\system32\ListSvc.dll
21:10:10.0026 5048  HomeGroupListener ok
21:10:10.0047 5048  908ACB1F594274965A53926B10C81E89 HomeGroupProvider C:\Windows\system32\provsvc.dll
21:10:10.0080 5048  HomeGroupProvider ok
21:10:10.0113 5048  39D2ABCD392F3D8A6DCE7B60AE7B8EFC HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:10:10.0123 5048  HpSAMD ok
21:10:10.0145 5048  0EA7DE1ACB728DD5A369FD742D6EEE28 HTTP            C:\Windows\system32\drivers\HTTP.sys
21:10:10.0186 5048  HTTP ok
21:10:10.0206 5048  A5462BD6884960C9DC85ED49D34FF392 hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:10:10.0215 5048  hwpolicy ok
21:10:10.0240 5048  FA55C73D4AFFA7EE23AC4BE53B4592D3 i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:10:10.0251 5048  i8042prt ok
21:10:10.0288 5048  AAAF44DB3BD0B9D1FB6969B23ECC8366 iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:10:10.0303 5048  iaStorV ok
21:10:10.0368 5048  90D95B25F8413F937A2E155F196D892C ICCS            C:\Program Files (x86)\Intel\Intel(RIntegrated Clock Controller Service\ICCProxy.exe
21:10:10.0393 5048  ICCS UnsignedFile.Multi.Generic ) - warning
21:10:10.0393 5048  ICCS detected UnsignedFile.Multi.Generic (1)
21:10:10.0410 5048  C1010ADD3DDAE1196ED21057AF7B2AAE ICCWDT          C:\Windows\system32\DRIVERS\ICCWDT.sys
21:10:10.0426 5048  ICCWDT ok
21:10:10.0455 5048  5988FC40F8DB5B0739CD1E3A5D0D78BD idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:10:10.0480 5048  idsvc ok
21:10:10.0727 5048  371D7F91C0D2314EB984A4A6CBEABC92 igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
21:10:11.0069 5048  igfx ok
21:10:11.0104 5048  5C18831C61933628F5BB0EA2675B9D21 iirsp           C:\Windows\system32\drivers\iirsp.sys
21:10:11.0125 5048  iirsp ok
21:10:11.0162 5048  FCD84C381E0140AF901E58D48882D26B IKEEXT          C:\Windows\System32\ikeext.dll
21:10:11.0228 5048  IKEEXT ok
21:10:11.0337 5048  150AC23F21DBDBF8488408BA944B0D65 IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:10:11.0411 5048  IntcAzAudAddService ok
21:10:11.0454 5048  832CE330DD987227B7DEA8C03F22AEFA Intel(RCapability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
21:10:11.0478 5048  Intel(RCapability Licensing Service Interface - ok
21:10:11.0496 5048  F00F20E70C6EC3AA366910083A0518AA intelide        C:\Windows\system32\drivers\intelide.sys
21:10:11.0504 5048  intelide ok
21:10:11.0526 5048  ADA036632C664CAA754079041CF1F8C1 intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:10:11.0559 5048  intelppm ok
21:10:11.0602 5048  098A91C54546A3B878DAD6A7E90A455B IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:10:11.0660 5048  IPBusEnum ok
21:10:11.0677 5048  C9F0E1BD74365A8771590E9008D22AB6 IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:10:11.0713 5048  IpFilterDriver ok
21:10:11.0762 5048  08C2957BB30058E663720C5606885653 iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:10:11.0805 5048  iphlpsvc ok
21:10:11.0809 5048  0FC1AEA580957AA8817B8F305D18CA3A IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:10:11.0842 5048  IPMIDRV ok
21:10:11.0862 5048  AF9B39A7E7B6CAA203B3862582E9F2D0 IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:10:11.0921 5048  IPNAT ok
21:10:11.0983 5048  0F261EC4F514926177C70C1832374231 iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:10:12.0008 5048  iPod Service ok
21:10:12.0031 5048  3ABF5E7213EB28966D55D58B515D5CE9 IRENUM          C:\Windows\system32\drivers\irenum.sys
21:10:12.0064 5048  IRENUM ok
21:10:12.0088 5048  2F7B28DC3E1183E5EB418DF55C204F38 isapnp          C:\Windows\system32\drivers\isapnp.sys
21:10:12.0111 5048  isapnp ok
21:10:12.0117 5048  D931D7309DEB2317035B07C9F9E6B0BD iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:10:12.0140 5048  iScsiPrt ok
21:10:12.0174 5048  6BCEF45131C8B8E1C558BE540B190B3C iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
21:10:12.0183 5048  iusb3hcs ok
21:10:12.0275 5048  F080EADA8715F811B58BD35BB774F2F9 iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
21:10:12.0308 5048  iusb3hub ok
21:10:12.0337 5048  0F1756D9396740F053221FA6260FCE66 iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
21:10:12.0375 5048  iusb3xhc ok
21:10:12.0395 5048  C44B44E24B929631D9D7368F5B2B40CF jhi_service     C:\Program Files (x86)\Intel\Intel(RManagement Engine Components\DAL\jhi_service.exe
21:10:12.0407 5048  jhi_service ok
21:10:12.0432 5048  BC02336F1CBA7DCC7D1213BB588A68A5 kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:10:12.0450 5048  kbdclass ok
21:10:12.0462 5048  0705EFF5B42A9DB58548EEC3B26BB484 kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:10:12.0499 5048  kbdhid ok
21:10:12.0524 5048  C118A82CD78818C29AB228366EBF81C3 KeyIso          C:\Windows\system32\lsass.exe
21:10:12.0536 5048  KeyIso ok
21:10:12.0571 5048  8B5219318DF5895ABD230C373F2DF18A kl1             C:\Windows\system32\DRIVERS\kl1.sys
21:10:12.0589 5048  kl1 ok
21:10:12.0625 5048  65F3B81FA285EAB641F5E6EF7AEB984D KLIF            C:\Windows\system32\DRIVERS\klif.sys
21:10:12.0644 5048  KLIF ok
21:10:12.0652 5048  9BD99E1AB3F664120AB95C35F9EC1EB0 KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
21:10:12.0663 5048  KLIM6 ok
21:10:12.0673 5048  2C43FD500522EF3B8C283A5846B7FC41 klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
21:10:12.0684 5048  klkbdflt ok
21:10:12.0700 5048  70A6D2E292017EC47949696F51ABE18D klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
21:10:12.0711 5048  klmouflt ok
21:10:12.0729 5048  A8081ED8D48FA611D11DB97F49A5343D kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
21:10:12.0741 5048  kltdi ok
21:10:12.0750 5048  185D21CB8F10CFB351FF65DA88C18BC9 kneps           C:\Windows\system32\DRIVERS\kneps.sys
21:10:12.0764 5048  kneps ok
21:10:12.0777 5048  97A7070AEA4C058B6418519E869A63B4 KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:10:12.0785 5048  KSecDD ok
21:10:12.0792 5048  26C43A7C2862447EC59DEDA188D1DA07 KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:10:12.0802 5048  KSecPkg ok
21:10:12.0828 5048  6869281E78CB31A43E969F06B57347C4 ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:10:12.0886 5048  ksthunk ok
21:10:12.0922 5048  6AB66E16AA859232F64DEB66887A8C9C KtmRm           C:\Windows\system32\msdtckrm.dll
21:10:13.0026 5048  KtmRm ok
21:10:13.0101 5048  D9F42719019740BAA6D1C6D536CBDAA6 LanmanServer    C:\Windows\System32\srvsvc.dll
21:10:13.0162 5048  LanmanServer ok
21:10:13.0194 5048  851A1382EED3E3A7476DB004F4EE3E1A LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:10:13.0254 5048  LanmanWorkstation ok
21:10:13.0289 5048  1538831CF8AD2979A04C423779465827 lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:10:13.0328 5048  lltdio ok
21:10:13.0358 5048  C1185803384AB3FEED115F79F109427F lltdsvc         C:\Windows\System32\lltdsvc.dll
21:10:13.0407 5048  lltdsvc ok
21:10:13.0430 5048  F993A32249B66C9D622EA5592A8B76B8 lmhosts         C:\Windows\System32\lmhsvc.dll
21:10:13.0477 5048  lmhosts ok
21:10:13.0510 5048  75F29D77B0540FCF47EE3BE000BBABDA LMS             C:\Program Files (x86)\Intel\Intel(RManagement Engine Components\LMS\LMS.exe
21:10:13.0522 5048  LMS ok
21:10:13.0560 5048  1A93E54EB0ECE102495A51266DCDB6A6 LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:10:13.0571 5048  LSI_FC ok
21:10:13.0582 5048  1047184A9FDC8BDBFF857175875EE810 LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:10:13.0597 5048  LSI_SAS ok
21:10:13.0607 5048  30F5C0DE1EE8B5BC9306C1F0E4A75F93 LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
21:10:13.0618 5048  LSI_SAS2 ok
21:10:13.0630 5048  0504EACAFF0D3C8AED161C4B0D369D4A LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:10:13.0641 5048  LSI_SCSI ok
21:10:13.0653 5048  43D0F98E1D56CCDDB0D5254CFF7B356E luafv           C:\Windows\system32\drivers\luafv.sys
21:10:13.0696 5048  luafv ok
21:10:13.0754 5048  D1663479406E086459AEDF3472737B47 LVcKap64        C:\Windows\system32\DRIVERS\LVcKap64.sys
21:10:13.0801 5048  LVcKap64 ok
21:10:13.0879 5048  6AA7433F1C735AC4A850862E53465E68 LVMVDrv         C:\Windows\system32\DRIVERS\LVMVDrv.sys
21:10:13.0926 5048  LVMVDrv ok
21:10:13.0966 5048  B2085E335F2B57077B0CBADB6F1245CD lvpopf64        C:\Windows\system32\DRIVERS\lvpopf64.sys
21:10:13.0994 5048  lvpopf64 ok
21:10:14.0037 5048  29F36309CD6783F994F13721910BDA1A LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2Mon.sys
21:10:14.0051 5048  LVPr2Mon ok
21:10:14.0108 5048  7F11DBD9B64E80E32A150BF1B32CC1CD LVPrcS64        c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
21:10:14.0123 5048  LVPrcS64 ok
21:10:14.0170 5048  986C1CB787A007BAA5F74E7D316D7246 LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
21:10:14.0199 5048  LVRS64 ok
21:10:14.0217 5048  C9592EA0BC8B82014C5A195907A71E33 LVSrvLauncher   C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
21:10:14.0227 5048  LVSrvLauncher ok
21:10:14.0365 5048  5747BC465ABEA2858C5D037252AED84E LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
21:10:14.0441 5048  LVUVC64 ok
21:10:14.0459 5048  0BE09CD858ABF9DF6ED259D57A1A1663 Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:10:14.0492 5048  Mcx2Svc ok
21:10:14.0525 5048  A55805F747C6EDB6A9080D7C633BD0F4 megasas         C:\Windows\system32\drivers\megasas.sys
21:10:14.0541 5048  megasas ok
21:10:14.0562 5048  BAF74CE0072480C3B6B7C13B2A94D6B3 MegaSR          C:\Windows\system32\drivers\MegaSR.sys
21:10:14.0591 5048  MegaSR ok
21:10:14.0613 5048  6B01B7414A105B9E51652089A03027CF MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
21:10:14.0626 5048  MEIx64 ok
21:10:14.0679 5048  123271BD5237AB991DC5C21FDF8835EB Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:10:14.0694 5048  Microsoft Office Groove Audit Service ok
21:10:14.0729 5048  E40E80D0304A73E8D269F7141D77250B MMCSS           C:\Windows\system32\mmcss.dll
21:10:14.0784 5048  MMCSS ok
21:10:14.0804 5048  800BA92F7010378B09F9ED9270F07137 Modem           C:\Windows\system32\drivers\modem.sys
21:10:14.0844 5048  Modem ok
21:10:14.0868 5048  B03D591DC7DA45ECE20B3B467E6AADAA monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:10:14.0894 5048  monitor ok
21:10:14.0925 5048  7D27EA49F3C1F687D357E77A470AEA99 mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:10:14.0946 5048  mouclass ok
21:10:14.0963 5048  D3BF052C40B0C4166D9FD86A4288C1E6 mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:10:14.0992 5048  mouhid ok
21:10:15.0015 5048  32E7A3D591D671A6DF2DB515A5CBE0FA mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:10:15.0025 5048  mountmgr ok
21:10:15.0072 5048  8C7336950F1E69CDFD811CBBD9CF00A2 MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:10:15.0085 5048  MozillaMaintenance ok
21:10:15.0099 5048  A44B420D30BD56E145D6A2BC8768EC58 mpio            C:\Windows\system32\drivers\mpio.sys
21:10:15.0126 5048  mpio ok
21:10:15.0136 5048  6C38C9E45AE0EA2FA5E551F2ED5E978F mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:10:15.0164 5048  mpsdrv ok
21:10:15.0193 5048  54FFC9C8898113ACE189D4AA7199D2C1 MpsSvc          C:\Windows\system32\mpssvc.dll
21:10:15.0241 5048  MpsSvc ok
21:10:15.0252 5048  DC722758B8261E1ABAFD31A3C0A66380 MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:10:15.0284 5048  MRxDAV ok
21:10:15.0315 5048  A5D9106A73DC88564C825D317CAC68AC mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:10:15.0341 5048  mrxsmb ok
21:10:15.0362 5048  D711B3C1D5F42C0C2415687BE09FC163 mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:10:15.0373 5048  mrxsmb10 ok
21:10:15.0391 5048  9423E9D355C8D303E76B8CFBD8A5C30C mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:10:15.0400 5048  mrxsmb20 ok
21:10:15.0412 5048  C25F0BAFA182CBCA2DD3C851C2E75796 msahci          C:\Windows\system32\drivers\msahci.sys
21:10:15.0420 5048  msahci ok
21:10:15.0433 5048  DB801A638D011B9633829EB6F663C900 msdsm           C:\Windows\system32\drivers\msdsm.sys
21:10:15.0447 5048  msdsm ok
21:10:15.0463 5048  DE0ECE52236CFA3ED2DBFC03F28253A8 MSDTC           C:\Windows\System32\msdtc.exe
21:10:15.0489 5048  MSDTC ok
21:10:15.0516 5048  AA3FB40E17CE1388FA1BEDAB50EA8F96 Msfs            C:\Windows\system32\drivers\Msfs.sys
21:10:15.0569 5048  Msfs ok
21:10:15.0597 5048  F9D215A46A8B9753F61767FA72A20326 mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:10:15.0660 5048  mshidkmdf ok
21:10:15.0679 5048  D916874BBD4F8B07BFB7FA9B3CCAE29D msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:10:15.0695 5048  msisadrv ok
21:10:15.0720 5048  808E98FF49B155C522E6400953177B08 MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:10:15.0777 5048  MSiSCSI ok
21:10:15.0781 5048  msiserver ok
21:10:15.0801 5048  49CCF2C4FEA34FFAD8B1B59D49439366 MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:10:15.0845 5048  MSKSSRV ok
21:10:15.0874 5048  BDD71ACE35A232104DDD349EE70E1AB3 MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:10:15.0924 5048  MSPCLOCK ok
21:10:15.0938 5048  4ED981241DB27C3383D72092B618A1D0 MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:10:15.0978 5048  MSPQM ok
21:10:15.0999 5048  759A9EEB0FA9ED79DA1FB7D4EF78866D MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:10:16.0011 5048  MsRPC ok
21:10:16.0022 5048  0EED230E37515A0EAEE3C2E1BC97B288 mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:10:16.0030 5048  mssmbios ok
21:10:16.0041 5048  2E66F9ECB30B4221A318C92AC2250779 MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:10:16.0080 5048  MSTEE ok
21:10:16.0095 5048  7EA404308934E675BFFDE8EDF0757BCD MTConfig        C:\Windows\system32\drivers\MTConfig.sys
21:10:16.0104 5048  MTConfig ok
21:10:16.0117 5048  F9A18612FD3526FE473C1BDA678D61C8 Mup             C:\Windows\system32\Drivers\mup.sys
21:10:16.0125 5048  Mup ok
21:10:16.0156 5048  582AC6D9873E31DFA28A4547270862DD napagent        C:\Windows\system32\qagentRT.dll
21:10:16.0222 5048  napagent ok
21:10:16.0263 5048  1EA3749C4114DB3E3161156FFFFA6B33 NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:10:16.0302 5048  NativeWifiP ok
21:10:16.0357 5048  760E38053BF56E501D562B70AD796B88 NDIS            C:\Windows\system32\drivers\ndis.sys
21:10:16.0391 5048  NDIS ok
21:10:16.0412 5048  9F9A1F53AAD7DA4D6FEF5BB73AB811AC NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:10:16.0437 5048  NdisCap ok
21:10:16.0479 5048  DE4CEF317628F50B576673964A8C712B ndisrd          C:\Windows\system32\DRIVERS\ndisrd.sys
21:10:16.0494 5048  ndisrd ok
21:10:16.0512 5048  30639C932D9FEF22B31268FE25A1B6E5 NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:10:16.0542 5048  NdisTapi ok
21:10:16.0549 5048  136185F9FB2CC61E573E676AA5402356 Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:10:16.0595 5048  Ndisuio ok
21:10:16.0618 5048  53F7305169863F0A2BDDC49E116C2E11 NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:10:16.0672 5048  NdisWan ok
21:10:16.0687 5048  015C0D8E0E0421B4CFD48CFFE2825879 NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:10:16.0724 5048  NDProxy ok
21:10:16.0753 5048  6F4607E2333FE21E9E3FF8133A88B35B Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
21:10:16.0773 5048  Netaapl ok
21:10:16.0785 5048  86743D9F5D2B1048062B14B1D84501C4 NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:10:16.0849 5048  NetBIOS ok
21:10:16.0871 5048  09594D1089C523423B32A4229263F068 NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:10:16.0901 5048  NetBT ok
21:10:16.0923 5048  C118A82CD78818C29AB228366EBF81C3 Netlogon        C:\Windows\system32\lsass.exe
21:10:16.0932 5048  Netlogon ok
21:10:16.0974 5048  847D3AE376C0817161A14A82C8922A9E Netman          C:\Windows\System32\netman.dll
21:10:17.0038 5048  Netman ok
21:10:17.0112 5048  D22CD77D4F0D63D1169BB35911BFF12D NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:10:17.0127 5048  NetMsmqActivator ok
21:10:17.0140 5048  D22CD77D4F0D63D1169BB35911BFF12D NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:10:17.0153 5048  NetPipeActivator ok
21:10:17.0171 5048  5F28111C648F1E24F7DBC87CDEB091B8 netprofm        C:\Windows\System32\netprofm.dll
21:10:17.0234 5048  netprofm ok
21:10:17.0238 5048  D22CD77D4F0D63D1169BB35911BFF12D NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:10:17.0251 5048  NetTcpActivator ok
21:10:17.0255 5048  D22CD77D4F0D63D1169BB35911BFF12D NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:10:17.0268 5048  NetTcpPortSharing ok
21:10:17.0307 5048  77889813BE4D166CDAB78DDBA990DA92 nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:10:17.0328 5048  nfrd960 ok
21:10:17.0360 5048  8AD77806D336673F270DB31645267293 NlaSvc          C:\Windows\System32\nlasvc.dll
21:10:17.0394 5048  NlaSvc ok
21:10:17.0417 5048  1E4C4AB5C9B8DD13179BBDC75A2A01F7 Npfs            C:\Windows\system32\drivers\Npfs.sys
21:10:17.0454 5048  Npfs ok
21:10:17.0465 5048  D54BFDF3E0C953F823B3D0BFE4732528 nsi             C:\Windows\system32\nsisvc.dll
21:10:17.0488 5048  nsi ok
21:10:17.0497 5048  E7F5AE18AF4168178A642A9247C63001 nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:10:17.0536 5048  nsiproxy ok
21:10:17.0584 5048  E453ACF4E7D44E5530B5D5F2B9CA8563 Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:10:17.0637 5048  Ntfs ok
21:10:17.0647 5048  9899284589F75FA8724FF3D16AED75C1 Null            C:\Windows\system32\drivers\Null.sys
21:10:17.0685 5048  Null ok
21:10:17.0715 5048  0A92CB65770442ED0DC44834632F66AD nvraid          C:\Windows\system32\drivers\nvraid.sys
21:10:17.0741 5048  nvraid ok
21:10:17.0760 5048  DAB0E87525C10052BF65F06152F37E4A nvstor          C:\Windows\system32\drivers\nvstor.sys
21:10:17.0775 5048  nvstor ok
21:10:17.0788 5048  270D7CD42D6E3979F6DD0146650F0E05 nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:10:17.0802 5048  nv_agp ok
21:10:17.0833 5048  9ED2D6751813F5589710A8122CD227B2 NWIM            C:\Windows\system32\DRIVERS\avmnwim.sys
21:10:17.0860 5048  NWIM ok
21:10:17.0914 5048  05965ED689DFF62ED50F3CE86B758985 nwtsrv          C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
21:10:17.0929 5048  nwtsrv ok
21:10:17.0998 5048  785F487A64950F3CB8E9F16253BA3B7B odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:10:18.0021 5048  odserv ok
21:10:18.0030 5048  3589478E4B22CE21B41FA1BFC0B8B8A0 ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:10:18.0062 5048  ohci1394 ok
21:10:18.0111 5048  5A432A042DAE460ABE7199B758E8606C ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:10:18.0157 5048  ose ok
21:10:18.0205 5048  3EAC4455472CC2C97107B5291E0DCAFE p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:10:18.0261 5048  p2pimsvc ok
21:10:18.0280 5048  927463ECB02179F88E4B9A17568C63C3 p2psvc          C:\Windows\system32\p2psvc.dll
21:10:18.0303 5048  p2psvc ok
21:10:18.0316 5048  0086431C29C35BE1DBC43F52CC273887 Parport         C:\Windows\system32\drivers\parport.sys
21:10:18.0343 5048  Parport ok
21:10:18.0363 5048  E9766131EEADE40A27DC27D2D68FBA9C partmgr         C:\Windows\system32\drivers\partmgr.sys
21:10:18.0373 5048  partmgr ok
21:10:18.0383 5048  3AEAA8B561E63452C655DC0584922257 PcaSvc          C:\Windows\System32\pcasvc.dll
21:10:18.0416 5048  PcaSvc ok
21:10:18.0437 5048  94575C0571D1462A0F70BDE6BD6EE6B3 pci             C:\Windows\system32\drivers\pci.sys
21:10:18.0446 5048  pci ok
21:10:18.0451 5048  B5B8B5EF2E5CB34DF8DCF8831E3534FA pciide          C:\Windows\system32\drivers\pciide.sys
21:10:18.0458 5048  pciide ok
21:10:18.0472 5048  B2E81D4E87CE48589F98CB8C05B01F2F pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:10:18.0488 5048  pcmcia ok
21:10:18.0501 5048  D6B9C2E1A11A3A4B26A182FFEF18F603 pcw             C:\Windows\system32\drivers\pcw.sys
21:10:18.0508 5048  pcw ok
21:10:18.0526 5048  68769C3356B3BE5D1C732C97B9A80D6E PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:10:18.0572 5048  PEAUTH ok
21:10:18.0616 5048  B9B0A4299DD2D76A4243F75FD54DC680 PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
21:10:18.0689 5048  PeerDistSvc ok
21:10:18.0754 5048  E495E408C93141E8FC72DC0C6046DDFA PerfHost        C:\Windows\SysWow64\perfhost.exe
21:10:18.0783 5048  PerfHost ok
21:10:18.0842 5048  C7CF6A6E137463219E1259E3F0F0DD6C pla             C:\Windows\system32\pla.dll
21:10:18.0934 5048  pla ok
21:10:18.0987 5048  25FBDEF06C4D92815B353F6E792C8129 PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:10:19.0042 5048  PlugPlay ok
21:10:19.0059 5048  7195581CEC9BB7D12ABE54036ACC2E38 PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:10:19.0076 5048  PNRPAutoReg ok
21:10:19.0096 5048  3EAC4455472CC2C97107B5291E0DCAFE PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:10:19.0116 5048  PNRPsvc ok
21:10:19.0140 5048  4F15D75ADF6156BF56ECED6D4A55C389 PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:10:19.0192 5048  PolicyAgent ok
21:10:19.0213 5048  6BA9D927DDED70BD1A9CADED45F8B184 Power           C:\Windows\system32\umpo.dll
21:10:19.0255 5048  Power ok
21:10:19.0292 5048  F92A2C41117A11A00BE01CA01A7FCDE9 PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:10:19.0343 5048  PptpMiniport ok
21:10:19.0360 5048  0D922E23C041EFB1C3FAC2A6F943C9BF Processor       C:\Windows\system32\drivers\processr.sys
21:10:19.0383 5048  Processor ok
21:10:19.0414 5048  53E83F1F6CF9D62F32801CF66D8352A8 ProfSvc         C:\Windows\system32\profsvc.dll
21:10:19.0456 5048  ProfSvc ok
21:10:19.0466 5048  C118A82CD78818C29AB228366EBF81C3 ProtectedStorage C:\Windows\system32\lsass.exe
21:10:19.0477 5048  ProtectedStorage ok
21:10:19.0491 5048  0557CF5A2556BD58E26384169D72438D Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:10:19.0535 5048  Psched ok
21:10:19.0588 5048  A53A15A11EBFD21077463EE2C7AFEEF0 ql2300          C:\Windows\system32\drivers\ql2300.sys
21:10:19.0683 5048  ql2300 ok
21:10:19.0695 5048  4F6D12B51DE1AAEFF7DC58C4D75423C8 ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:10:19.0707 5048  ql40xx ok
21:10:19.0740 5048  906191634E99AEA92C4816150BDA3732 QWAVE           C:\Windows\system32\qwave.dll
21:10:19.0758 5048  QWAVE ok
21:10:19.0770 5048  76707BB36430888D9CE9D705398ADB6C QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:10:19.0808 5048  QWAVEdrv ok
21:10:19.0825 5048  5A0DA8AD5762FA2D91678A8A01311704 RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:10:19.0862 5048  RasAcd ok
21:10:19.0895 5048  7ECFF9B22276B73F43A99A15A6094E90 RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:10:19.0930 5048  RasAgileVpn ok
21:10:19.0944 5048  8F26510C5383B8DBE976DE1CD00FC8C7 RasAuto         C:\Windows\System32\rasauto.dll
21:10:19.0984 5048  RasAuto ok
21:10:20.0002 5048  471815800AE33E6F1C32FB1B97C490CA Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:10:20.0044 5048  Rasl2tp ok
21:10:20.0075 5048  EE867A0870FC9E4972BA9EAAD35651E2 RasMan          C:\Windows\System32\rasmans.dll
21:10:20.0105 5048  RasMan ok
21:10:20.0116 5048  855C9B1CD4756C5E9A2AA58A15F58C25 RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:10:20.0161 5048  RasPppoe ok
21:10:20.0184 5048  E8B1E447B008D07FF47D016C2B0EEECB RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:10:20.0241 5048  RasSstp ok
21:10:20.0264 5048  77F665941019A1594D887A74F301FA2F rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:10:20.0312 5048  rdbss ok
21:10:20.0333 5048  302DA2A0539F2CF54D7C6CC30C1F2D8D rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:10:20.0352 5048  rdpbus ok
21:10:20.0370 5048  CEA6CC257FC9B7715F1C2B4849286D24 RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:10:20.0399 5048  RDPCDD ok
21:10:20.0422 5048  1B6163C503398B23FF8B939C67747683 RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:10:20.0447 5048  RDPDR ok
21:10:20.0452 5048  BB5971A4F00659529A5C44831AF22365 RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:10:20.0498 5048  RDPENCDD ok
21:10:20.0502 5048  216F3FA57533D98E1F74DED70113177A RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:10:20.0525 5048  RDPREFMP ok
21:10:20.0558 5048  E61608AA35E98999AF9AAEEEA6114B0A RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:10:20.0591 5048  RDPWD ok
21:10:20.0621 5048  34ED295FA0121C241BFEF24764FC4520 rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:10:20.0635 5048  rdyboost ok
21:10:20.0650 5048  254FB7A22D74E5511C73A3F6D802F192 RemoteAccess    C:\Windows\System32\mprdim.dll
21:10:20.0683 5048  RemoteAccess ok
21:10:20.0706 5048  E4D94F24081440B5FC5AA556C7C62702 RemoteRegistry  C:\Windows\system32\regsvc.dll
21:10:20.0768 5048  RemoteRegistry ok
21:10:20.0790 5048  E4DC58CF7B3EA515AE917FF0D402A7BB RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:10:20.0851 5048  RpcEptMapper ok
21:10:20.0877 5048  D5BA242D4CF8E384DB90E6A8ED850B8C RpcLocator      C:\Windows\system32\locator.exe
21:10:20.0913 5048  RpcLocator ok
21:10:20.0944 5048  5C627D1B1138676C0A7AB2C2C190D123 RpcSs           C:\Windows\system32\rpcss.dll
21:10:20.0991 5048  RpcSs ok
21:10:21.0012 5048  DDC86E4F8E7456261E637E3552E804FF rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:10:21.0050 5048  rspndr ok
21:10:21.0088 5048  7F4F11527AF5A7E4526CB6A146B3E40C RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
21:10:21.0113 5048  RTL8167 ok
21:10:21.0143 5048  48055A360EB2D3AE03673BF0C982154F RTL8187         C:\Windows\system32\DRIVERS\RTL8187.sys
21:10:21.0162 5048  RTL8187 ok
21:10:21.0182 5048  E60C0A09F997826C7627B244195AB581 s3cap           C:\Windows\system32\drivers\vms3cap.sys
21:10:21.0212 5048  s3cap ok
21:10:21.0333 5048  98C2EC721DD2A5783C98DE6EFF03D86D SaiK8014        C:\Windows\system32\DRIVERS\SaiK8014.sys
21:10:21.0357 5048  SaiK8014 ok
21:10:21.0377 5048  64BC6CC8FD3408DF37EA488D88D54A4A SaiMini         C:\Windows\system32\DRIVERS\SaiMini.sys
21:10:21.0396 5048  SaiMini ok
21:10:21.0423 5048  6A78C024625926CC4B67B3E6AD14910A SaiNtBus        C:\Windows\system32\drivers\SaiBus.sys
21:10:21.0443 5048  SaiNtBus ok
21:10:21.0449 5048  C118A82CD78818C29AB228366EBF81C3 SamSs           C:\Windows\system32\lsass.exe
21:10:21.0466 5048  SamSs ok
21:10:21.0484 5048  AC03AF3329579FFFB455AA2DAABBE22B sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:10:21.0494 5048  sbp2port ok
21:10:21.0518 5048  9B7395789E3791A3B6D000FE6F8B131E SCardSvr        C:\Windows\System32\SCardSvr.dll
21:10:21.0547 5048  SCardSvr ok
21:10:21.0562 5048  253F38D0D7074C02FF8DEB9836C97D2B scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:10:21.0601 5048  scfilter ok
21:10:21.0635 5048  262F6592C3299C005FD6BEC90FC4463A Schedule        C:\Windows\system32\schedsvc.dll
21:10:21.0666 5048  Schedule ok
21:10:21.0679 5048  F17D1D393BBC69C5322FBFAFACA28C7F SCPolicySvc     C:\Windows\System32\certprop.dll
21:10:21.0701 5048  SCPolicySvc ok
21:10:21.0717 5048  6EA4234DC55346E0709560FE7C2C1972 SDRSVC          C:\Windows\System32\SDRSVC.dll
21:10:21.0756 5048  SDRSVC ok
21:10:21.0826 5048  3EA8A16169C26AFBEB544E0E48421186 secdrv          C:\Windows\system32\drivers\secdrv.sys
21:10:21.0897 5048  secdrv ok
21:10:21.0914 5048  BC617A4E1B4FA8DF523A061739A0BD87 seclogon        C:\Windows\system32\seclogon.dll
21:10:21.0943 5048  seclogon ok
21:10:21.0970 5048  C32AB8FA018EF34C0F113BD501436D21 SENS            C:\Windows\system32\sens.dll
21:10:22.0038 5048  SENS ok
21:10:22.0068 5048  0336CFFAFAAB87A11541F1CF1594B2B2 SensrSvc        C:\Windows\system32\sensrsvc.dll
21:10:22.0122 5048  SensrSvc ok
21:10:22.0138 5048  CB624C0035412AF0DEBEC78C41F5CA1B Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:10:22.0171 5048  Serenum ok
21:10:22.0192 5048  C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 Serial          C:\Windows\system32\DRIVERS\serial.sys
21:10:22.0231 5048  Serial ok
21:10:22.0268 5048  1C545A7D0691CC4A027396535691C3E3 sermouse        C:\Windows\system32\drivers\sermouse.sys
21:10:22.0298 5048  sermouse ok
21:10:22.0334 5048  0B6231BF38174A1628C4AC812CC75804 SessionEnv      C:\Windows\system32\sessenv.dll
21:10:22.0377 5048  SessionEnv ok
21:10:22.0381 5048  A554811BCD09279536440C964AE35BBF sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:10:22.0400 5048  sffdisk ok
21:10:22.0404 5048  FF414F0BAEFEBA59BC6C04B3DB0B87BF sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:10:22.0423 5048  sffp_mmc ok
21:10:22.0435 5048  DD85B78243A19B59F0637DCF284DA63C sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:10:22.0472 5048  sffp_sd ok
21:10:22.0475 5048  A9D601643A1647211A1EE2EC4E433FF4 sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:10:22.0498 5048  sfloppy ok
21:10:22.0528 5048  B95F6501A2F8B2E78C697FEC401970CE SharedAccess    C:\Windows\System32\ipnathlp.dll
21:10:22.0583 5048  SharedAccess ok
21:10:22.0607 5048  AAF932B4011D14052955D4B212A4DA8D ShellHWDetection C:\Windows\System32\shsvcs.dll
21:10:22.0666 5048  ShellHWDetection ok
21:10:22.0687 5048  843CAF1E5FDE1FFD5FF768F23A51E2E1 SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
21:10:22.0700 5048  SiSRaid2 ok
21:10:22.0712 5048  6A6C106D42E9FFFF8B9FCB4F754F6DA4 SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:10:22.0726 5048  SiSRaid4 ok
21:10:22.0769 5048  A4FAB5F7818A69DA6E740943CB8F7CA9 SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:10:22.0784 5048  SkypeUpdate ok
21:10:22.0806 5048  548260A7B8654E024DC30BF8A7C5BAA4 Smb             C:\Windows\system32\DRIVERS\smb.sys
21:10:22.0869 5048  Smb ok
21:10:22.0905 5048  6313F223E817CC09AA41811DAA7F541D SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:10:22.0938 5048  SNMPTRAP ok
21:10:22.0954 5048  B9E31E5CACDFE584F34F730A677803F9 spldr           C:\Windows\system32\drivers\spldr.sys
21:10:22.0970 5048  spldr ok
21:10:23.0002 5048  85DAA09A98C9286D4EA2BA8D0E644377 Spooler         C:\Windows\System32\spoolsv.exe
21:10:23.0027 5048  Spooler ok
21:10:23.0090 5048  E17E0188BB90FAE42D83E98707EFA59C sppsvc          C:\Windows\system32\sppsvc.exe
21:10:23.0236 5048  sppsvc ok
21:10:23.0275 5048  93D7D61317F3D4BC4F4E9F8A96A7DE45 sppuinotify     C:\Windows\system32\sppuinotify.dll
21:10:23.0321 5048  sppuinotify ok
21:10:23.0350 5048  441FBA48BFF01FDB9D5969EBC1838F0B srv             C:\Windows\system32\DRIVERS\srv.sys
21:10:23.0385 5048  srv ok
21:10:23.0411 5048  B4ADEBBF5E3677CCE9651E0F01F7CC28 srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:10:23.0446 5048  srv2 ok
21:10:23.0475 5048  27E461F0BE5BFF5FC737328F749538C3 srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:10:23.0492 5048  srvnet ok
21:10:23.0525 5048  51B52FBD583CDE8AA9BA62B8B4298F33 SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:10:23.0569 5048  SSDPSRV ok
21:10:23.0578 5048  AB7AEBF58DAD8DAAB7A6C45E6A8885CB SstpSvc         C:\Windows\system32\sstpsvc.dll
21:10:23.0602 5048  SstpSvc ok
21:10:23.0620 5048  F3817967ED533D08327DC73BC4D5542A stexstor        C:\Windows\system32\drivers\stexstor.sys
21:10:23.0628 5048  stexstor ok
21:10:23.0655 5048  8DD52E8E6128F4B2DA92CE27402871C1 stisvc          C:\Windows\System32\wiaservc.dll
21:10:23.0691 5048  stisvc ok
21:10:23.0713 5048  7785DC213270D2FC066538DAF94087E7 storflt         C:\Windows\system32\drivers\vmstorfl.sys
21:10:23.0721 5048  storflt ok
21:10:23.0739 5048  C40841817EF57D491F22EB103DA587CC StorSvc         C:\Windows\system32\storsvc.dll
21:10:23.0791 5048  StorSvc ok
21:10:23.0822 5048  D34E4943D5AC096C8EDEEBFD80D76E23 storvsc         C:\Windows\system32\drivers\storvsc.sys
21:10:23.0837 5048  storvsc ok
21:10:23.0853 5048  D01EC09B6711A5F8E7E6564A4D0FBC90 swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:10:23.0873 5048  swenum ok
21:10:23.0901 5048  E08E46FDD841B7184194011CA1955A0B swprv           C:\Windows\System32\swprv.dll
21:10:23.0938 5048  swprv ok
21:10:23.0970 5048  BF9CCC0BF39B418C8D0AE8B05CF95B7D SysMain         C:\Windows\system32\sysmain.dll
21:10:24.0027 5048  SysMain ok
21:10:24.0046 5048  E3C61FD7B7C2557E1F1B0B4CEC713585 TabletInputService C:\Windows\System32\TabSvc.dll
21:10:24.0059 5048  TabletInputService ok
21:10:24.0073 5048  40F0849F65D13EE87B9A9AE3C1DD6823 TapiSrv         C:\Windows\System32\tapisrv.dll
21:10:24.0112 5048  TapiSrv ok
21:10:24.0127 5048  1BE03AC720F4D302EA01D40F588162F6 TBS             C:\Windows\System32\tbssvc.dll
21:10:24.0151 5048  TBS ok
21:10:24.0197 5048  37608401DFDB388CAF66917F6B2D6FB0 Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:10:24.0237 5048  Tcpip ok
21:10:24.0287 5048  37608401DFDB388CAF66917F6B2D6FB0 TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:10:24.0311 5048  TCPIP6 ok
21:10:24.0339 5048  1B16D0BD9841794A6E0CDE0CEF744ABC tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:10:24.0348 5048  tcpipreg ok
21:10:24.0368 5048  3371D21011695B16333A3934340C4E7C TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:10:24.0413 5048  TDPIPE ok
21:10:24.0438 5048  51C5ECEB1CDEE2468A1748BE550CFBC8 TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:10:24.0472 5048  TDTCP ok
21:10:24.0501 5048  DDAD5A7AB24D8B65F8D724F5C20FD806 tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:10:24.0538 5048  tdx ok
21:10:24.0643 5048  2BBB318EA9F34FDC508CEA4AAB98D770 TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
21:10:24.0678 5048  TeamViewer7 ok
21:10:24.0688 5048  561E7E1F06895D78DE991E01DD0FB6E5 TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:10:24.0696 5048  TermDD ok
21:10:24.0725 5048  2E648163254233755035B46DD7B89123 TermService     C:\Windows\System32\termsrv.dll
21:10:24.0765 5048  TermService ok
21:10:24.0780 5048  F0344071948D1A1FA732231785A0664C Themes          C:\Windows\system32\themeservice.dll
21:10:24.0793 5048  Themes ok
21:10:24.0802 5048  E40E80D0304A73E8D269F7141D77250B THREADORDER     C:\Windows\system32\mmcss.dll
21:10:24.0825 5048  THREADORDER ok
21:10:24.0838 5048  7E7AFD841694F6AC397E99D75CEAD49D TrkWks          C:\Windows\System32\trkwks.dll
21:10:24.0876 5048  TrkWks ok
21:10:24.0921 5048  773212B2AAA24C1E31F10246B15B276C TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:10:24.0959 5048  TrustedInstaller ok
21:10:24.0975 5048  CE18B2CDFC837C99E5FAE9CA6CBA5D30 tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:10:25.0021 5048  tssecsrv ok
21:10:25.0048 5048  D11C783E3EF9A3C52C0EBE83CC5000E9 TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:10:25.0066 5048  TsUsbFlt ok
21:10:25.0072 5048  9CC2CCAE8A84820EAECB886D477CBCB8 TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
21:10:25.0082 5048  TsUsbGD ok
21:10:25.0105 5048  3566A8DAAFA27AF944F5D705EAA64894 tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:10:25.0144 5048  tunnel ok
21:10:25.0163 5048  B4DD609BD7E282BFC683CEC7EAAAAD67 uagp35          C:\Windows\system32\drivers\uagp35.sys
21:10:25.0172 5048  uagp35 ok
21:10:25.0185 5048  FF4232A1A64012BAA1FD97C7B67DF593 udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:10:25.0232 5048  udfs ok
21:10:25.0263 5048  3CBDEC8D06B9968ABA702EBA076364A1 UI0Detect       C:\Windows\system32\UI0Detect.exe
21:10:25.0292 5048  UI0Detect ok
21:10:25.0317 5048  4BFE1BC28391222894CBF1E7D0E42320 uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:10:25.0340 5048  uliagpkx ok
21:10:25.0355 5048  DC54A574663A895C8763AF0FA1FF7561 umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:10:25.0396 5048  umbus ok
21:10:25.0415 5048  B2E8E8CB557B156DA5493BBDDCC1474D UmPass          C:\Windows\system32\drivers\umpass.sys
21:10:25.0448 5048  UmPass ok
21:10:25.0481 5048  A293DCD756D04D8492A750D03B9A297C UmRdpService    C:\Windows\System32\umrdp.dll
21:10:25.0514 5048  UmRdpService ok
21:10:25.0588 5048  193AD338F2A64D17300AD640ADFA5D0A UNS             C:\Program Files (x86)\Intel\Intel(RManagement Engine Components\UNS\UNS.exe
21:10:25.0607 5048  UNS ok
21:10:25.0630 5048  D47EC6A8E81633DD18D2436B19BAF6DE upnphost        C:\Windows\System32\upnphost.dll
21:10:25.0697 5048  upnphost ok
21:10:25.0745 5048  43228F8EDD1B0BCDD3145AD246E63D39 USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
21:10:25.0761 5048  USBAAPL64 ok
21:10:25.0794 5048  82E8F44688E6FAC57B5B7C6FC7ADBC2A usbaudio        C:\Windows\system32\drivers\usbaudio.sys
21:10:25.0837 5048  usbaudio ok
21:10:25.0866 5048  6F1A3157A1C89435352CEB543CDB359C usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:10:25.0896 5048  usbccgp ok
21:10:25.0935 5048  AF0892A803FDDA7492F595368E3B68E7 usbcir          C:\Windows\system32\drivers\usbcir.sys
21:10:25.0969 5048  usbcir ok
21:10:25.0973 5048  C025055FE7B87701EB042095DF1A2D7B usbehci         C:\Windows\system32\drivers\usbehci.sys
21:10:26.0001 5048  usbehci ok
21:10:26.0025 5048  287C6C9410B111B68B52CA298F7B8C24 usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:10:26.0062 5048  usbhub ok
21:10:26.0087 5048  9840FC418B4CBD632D3D0A667A725C31 usbohci         C:\Windows\system32\drivers\usbohci.sys
21:10:26.0103 5048  usbohci ok
21:10:26.0124 5048  73188F58FB384E75C4063D29413CEE3D usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:10:26.0141 5048  usbprint ok
21:10:26.0165 5048  AAA2513C8AED8B54B189FD0C6B1634C0 usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:10:26.0177 5048  usbscan ok
21:10:26.0198 5048  FED648B01349A3C8395A5169DB5FB7D6 USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:10:26.0244 5048  USBSTOR ok
21:10:26.0258 5048  62069A34518BCF9C1FD9E74B3F6DB7CD usbuhci         C:\Windows\system32\drivers\usbuhci.sys
21:10:26.0293 5048  usbuhci ok
21:10:26.0342 5048  454800C2BC7F3927CE030141EE4F4C50 usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
21:10:26.0401 5048  usbvideo ok
21:10:26.0427 5048  EDBB23CBCF2CDF727D64FF9B51A6070E UxSms           C:\Windows\System32\uxsms.dll
21:10:26.0491 5048  UxSms ok
21:10:26.0515 5048  C118A82CD78818C29AB228366EBF81C3 VaultSvc        C:\Windows\system32\lsass.exe
21:10:26.0532 5048  VaultSvc ok
21:10:26.0559 5048  C5C876CCFC083FF3B128F933823E87BD vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:10:26.0574 5048  vdrvroot ok
21:10:26.0597 5048  8D6B481601D01A456E75C3210F1830BE vds             C:\Windows\System32\vds.exe
21:10:26.0660 5048  vds ok
21:10:26.0675 5048  DA4DA3F5E02943C2DC8C6ED875DE68DD vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:10:26.0690 5048  vga ok
21:10:26.0697 5048  53E92A310193CB3C03BEA963DE7D9CFC VgaSave         C:\Windows\System32\drivers\vga.sys
21:10:26.0733 5048  VgaSave ok
21:10:26.0755 5048  2CE2DF28C83AEAF30084E1B1EB253CBB vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:10:26.0770 5048  vhdmp ok
21:10:26.0782 5048  E5689D93FFE4E5D66C0178761240DD54 viaide          C:\Windows\system32\drivers\viaide.sys
21:10:26.0789 5048  viaide ok
21:10:26.0811 5048  86EA3E79AE350FEA5331A1303054005F vmbus           C:\Windows\system32\drivers\vmbus.sys
21:10:26.0821 5048  vmbus ok
21:10:26.0830 5048  7DE90B48F210D29649380545DB45A187 VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
21:10:26.0854 5048  VMBusHID ok
21:10:26.0879 5048  D2AAFD421940F640B407AEFAAEBD91B0 volmgr          C:\Windows\system32\drivers\volmgr.sys
21:10:26.0887 5048  volmgr ok
21:10:26.0904 5048  A255814907C89BE58B79EF2F189B843B volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:10:26.0916 5048  volmgrx ok
21:10:26.0927 5048  DF8126BD41180351A093A3AD2FC8903B volsnap         C:\Windows\system32\drivers\volsnap.sys
21:10:26.0937 5048  volsnap ok
21:10:26.0956 5048  5E2016EA6EBACA03C04FEAC5F330D997 vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:10:26.0966 5048  vsmraid ok
21:10:27.0011 5048  B60BA0BC31B0CB414593E169F6F21CC2 VSS             C:\Windows\system32\vssvc.exe
21:10:27.0070 5048  VSS ok
21:10:27.0082 5048  36D4720B72B5C5D9CB2B9C29E9DF67A1 vwifibus        C:\Windows\System32\drivers\vwifibus.sys
21:10:27.0117 5048  vwifibus ok
21:10:27.0155 5048  1C9D80CC3849B3788048078C26486E1A W32Time         C:\Windows\system32\w32time.dll
21:10:27.0202 5048  W32Time ok
21:10:27.0216 5048  4E9440F4F152A7B944CB1663D3935A3E WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:10:27.0242 5048  WacomPen ok
21:10:27.0278 5048  356AFD78A6ED4457169241AC3965230C WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:10:27.0336 5048  WANARP ok
21:10:27.0382 5048  356AFD78A6ED4457169241AC3965230C Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:10:27.0416 5048  Wanarpv6 ok
21:10:27.0442 5048  78F4E7F5C56CB9716238EB57DA4B6A75 wbengine        C:\Windows\system32\wbengine.exe
21:10:27.0516 5048  wbengine ok
21:10:27.0533 5048  3AA101E8EDAB2DB4131333F4325C76A3 WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:10:27.0552 5048  WbioSrvc ok
21:10:27.0569 5048  7368A2AFD46E5A4481D1DE9D14848EDD wcncsvc         C:\Windows\System32\wcncsvc.dll
21:10:27.0610 5048  wcncsvc ok
21:10:27.0627 5048  20F7441334B18CEE52027661DF4A6129 WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:10:27.0681 5048  WcsPlugInService ok
21:10:27.0704 5048  72889E16FF12BA0F235467D6091B17DC Wd              C:\Windows\system32\drivers\wd.sys
21:10:27.0717 5048  Wd ok
21:10:27.0750 5048  442783E2CB0DA19873B7A63833FF4CB4 Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:10:27.0777 5048  Wdf01000 ok
21:10:27.0789 5048  BF1FC3F79B863C914687A737C2F3D681 WdiServiceHost  C:\Windows\system32\wdi.dll
21:10:27.0841 5048  WdiServiceHost ok
21:10:27.0844 5048  BF1FC3F79B863C914687A737C2F3D681 WdiSystemHost   C:\Windows\system32\wdi.dll
21:10:27.0857 5048  WdiSystemHost ok
21:10:27.0872 5048  3DB6D04E1C64272F8B14EB8BC4616280 WebClient       C:\Windows\System32\webclnt.dll
21:10:27.0905 5048  WebClient ok
21:10:27.0924 5048  C749025A679C5103E575E3B48E092C43 Wecsvc          C:\Windows\system32\wecsvc.dll
21:10:27.0961 5048  Wecsvc ok
21:10:27.0976 5048  7E591867422DC788B9E5BD337A669A08 wercplsupport   C:\Windows\System32\wercplsupport.dll
21:10:28.0000 5048  wercplsupport ok
21:10:28.0022 5048  6D137963730144698CBD10F202E9F251 WerSvc          C:\Windows\System32\WerSvc.dll
21:10:28.0046 5048  WerSvc ok
21:10:28.0071 5048  611B23304BF067451A9FDEE01FBDD725 WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:10:28.0093 5048  WfpLwf ok
21:10:28.0107 5048  05ECAEC3E4529A7153B3136CEB49F0EC WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:10:28.0114 5048  WIMMount ok
21:10:28.0127 5048  WinDefend ok
21:10:28.0130 5048  WinHttpAutoProxySvc ok
21:10:28.0177 5048  19B07E7E8915D701225DA41CB3877306 Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:10:28.0201 5048  Winmgmt ok
21:10:28.0237 5048  BCB1310604AA415C4508708975B3931E WinRM           C:\Windows\system32\WsmSvc.dll
21:10:28.0329 5048  WinRM ok
21:10:28.0417 5048  FE88B288356E7B47B74B13372ADD906D WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:10:28.0456 5048  WinUsb ok
21:10:28.0488 5048  4FADA86E62F18A1B2F42BA18AE24E6AA Wlansvc         C:\Windows\System32\wlansvc.dll
21:10:28.0535 5048  Wlansvc ok
21:10:28.0563 5048  F6FF8944478594D0E414D3F048F0D778 WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
21:10:28.0576 5048  WmiAcpi ok
21:10:28.0605 5048  38B84C94C5A8AF291ADFEA478AE54F93 wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:10:28.0639 5048  wmiApSrv ok
21:10:28.0677 5048  WMPNetworkSvc ok
21:10:28.0697 5048  96C6E7100D724C69FCF9E7BF590D1DCA WPCSvc          C:\Windows\System32\wpcsvc.dll
21:10:28.0723 5048  WPCSvc ok
21:10:28.0732 5048  93221146D4EBBF314C29B23CD6CC391D WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:10:28.0754 5048  WPDBusEnum ok
21:10:28.0766 5048  6BCC1D7D2FD2453957C5479A32364E52 ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:10:28.0810 5048  ws2ifsl ok
21:10:28.0826 5048  E8B1FE6669397D1772D8196DF0E57A9E wscsvc          C:\Windows\system32\wscsvc.dll
21:10:28.0868 5048  wscsvc ok
21:10:28.0871 5048  WSearch ok
21:10:28.0938 5048  D9EF901DCA379CFE914E9FA13B73B4C4 wuauserv        C:\Windows\system32\wuaueng.dll
21:10:29.0021 5048  wuauserv ok
21:10:29.0055 5048  AB886378EEB55C6C75B4F2D14B6C869F WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:10:29.0090 5048  WudfPf ok
21:10:29.0110 5048  DDA4CAF29D8C0A297F886BFE561E6659 WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:10:29.0126 5048  WUDFRd ok
21:10:29.0153 5048  B20F051B03A966392364C83F009F7D17 wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:10:29.0170 5048  wudfsvc ok
21:10:29.0198 5048  9A3452B3C2A46C073166C5CF49FAD1AE WwanSvc         C:\Windows\System32\wwansvc.dll
21:10:29.0236 5048  WwanSvc ok
21:10:29.0310 5048  X6va008 ok
21:10:29.0342 5048  ================ Scan global ===============================
21:10:29.0356 5048  BA0CD8C393E8C9F83354106093832C7B C:\Windows\system32\basesrv.dll
21:10:29.0389 5048  72CC564BBC70DE268784BCE91EB8A28F C:\Windows\system32\winsrv.dll
21:10:29.0398 5048  72CC564BBC70DE268784BCE91EB8A28F C:\Windows\system32\winsrv.dll
21:10:29.0416 5048  D6160F9D869BA3AF0B787F971DB56368 C:\Windows\system32\sxssrv.dll
21:10:29.0443 5048  24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\system32\services.exe
21:10:29.0447 5048  [Global] - ok
21:10:29.0448 5048  ================ Scan MBR ==================================
21:10:29.0467 5048  A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:10:29.0699 5048  \Device\Harddisk0\DR0 ok
21:10:29.0700 5048  ================ Scan VBR ==================================
21:10:29.0730 5048  218F2C4E6F57310B3A08CDC0DB024F3C ] \Device\Harddisk0\DR0\Partition1
21:10:29.0732 5048  \Device\Harddisk0\DR0\Partition1 ok
21:10:29.0735 5048  A9C0201B6CA8F0D22FEA3908F1A12DA4 ] \Device\Harddisk0\DR0\Partition2
21:10:29.0736 5048  \Device\Harddisk0\DR0\Partition2 ok
21:10:29.0737 5048  ============================================================
21:10:29.0737 5048  Scan finished
21:10:29.0737 5048  ============================================================
21:10:29.0748 1664  Detected object count2
21:10:29.0748 1664  Actual detected object count2
21:10:59.0767 1664  asComSvc UnsignedFile.Multi.Generic ) - skipped by user
21:10:59.0767 1664  asComSvc UnsignedFile.Multi.Generic ) - User select actionSkip 
21:10:59.0769 1664  ICCS UnsignedFile.Multi.Generic ) - skipped by user
21:10:59.0769 1664  ICCS UnsignedFile.Multi.Generic ) - User select actionSkip 
21:26:56.0338 4200  Deinitialize success 

Gruß

Alt 03.01.2013, 20:37   #9
markusg
/// Malware-holic
 
"Clickcompare" Virus trotz Schutzprogramm? - Standard

"Clickcompare" Virus trotz Schutzprogramm?


Hi
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.01.2013, 21:32   #10
scholzi
 
"Clickcompare" Virus trotz Schutzprogramm? - Standard

"Clickcompare" Virus trotz Schutzprogramm?


Hier der geforderte log.
Ich weiss einfach nicht wie ich "Drop down coupons" und Clickcompare entfernen kann. Habe sämtliche toolbars o.ä. auffälliges mMn. entfernt.


Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-03.05 - Christian 03.01.2013  20:44:06.2.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8148.6131 [GMT 1:00]
ausgeführt von:: c:\users\Christian\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-03 bis 2013-01-03  ))))))))))))))))))))))))))))))
.
.
2013-01-03 19:56 . 2013-01-03 19:56	--------	d-----w-	c:\users\Dome\AppData\Local\temp
2013-01-03 19:56 . 2013-01-03 19:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-30 15:46 . 2012-12-30 15:53	--------	d-----w-	c:\program files (x86)\trend micro
2012-12-30 15:46 . 2012-12-30 15:46	--------	d-----w-	C:\rsit
2012-12-30 14:40 . 2012-12-30 14:40	--------	d-----w-	c:\users\Christian\AppData\Roaming\Malwarebytes
2012-12-30 14:40 . 2012-12-30 14:40	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-30 14:40 . 2012-12-30 14:40	--------	d-----w-	c:\programdata\Malwarebytes
2012-12-30 14:40 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-29 14:10 . 2012-12-29 14:10	--------	d-----w-	c:\users\Christian\AppData\Local\WindowsContactPictures
2012-12-29 14:01 . 2012-12-29 14:01	--------	d-----w-	c:\users\Christian\AppData\Roaming\LG Electronics
2012-12-29 13:49 . 2012-12-29 13:49	--------	d-----w-	c:\users\Christian\AppData\Local\LG Electronics
2012-12-29 13:48 . 2012-12-29 13:49	--------	d-----w-	c:\program files (x86)\LG Electronics
2012-12-29 10:31 . 2012-12-29 10:31	--------	d-----w-	c:\users\Christian\AppData\Local\PDF24
2012-12-25 20:00 . 2012-12-25 20:01	--------	d-sh--w-	c:\users\Christian\wc
2012-12-25 19:48 . 2012-12-25 20:00	--------	d-sh--w-	c:\users\Christian\AppData\Roaming\wyUpdate AU
2012-12-25 19:48 . 2012-12-25 19:48	--------	d-----w-	c:\program files (x86)\BK Elektronik
2012-12-22 18:50 . 2012-12-29 23:08	--------	d-----w-	c:\users\Christian\AppData\Roaming\FileZilla
2012-12-22 18:50 . 2012-12-22 18:50	--------	d-----w-	c:\program files (x86)\FileZilla FTP Client
2012-12-21 05:37 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-21 05:37 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-21 05:37 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-21 05:37 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:19 . 2012-12-16 14:19	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-16 14:19 . 2012-12-16 14:19	--------	d-----w-	c:\program files\iTunes
2012-12-16 14:19 . 2012-12-16 14:19	--------	d-----w-	c:\program files (x86)\iTunes
2012-12-16 14:19 . 2012-12-16 14:19	--------	d-----w-	c:\program files\iPod
2012-12-13 19:04 . 2012-12-13 19:04	--------	d-----w-	c:\program files\OfficeOne
2012-12-13 05:06 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-11 19:16 . 2012-12-11 19:16	--------	d-----w-	c:\program files (x86)\LogMeIn Hamachi
2012-12-09 17:56 . 2012-12-30 09:22	--------	d-----w-	c:\users\Christian\AppData\Roaming\Skype
2012-12-09 17:55 . 2012-12-09 17:55	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-12-09 17:55 . 2012-12-09 17:55	--------	d-----r-	c:\program files (x86)\Skype
2012-12-09 17:55 . 2012-12-10 12:41	--------	d-----w-	c:\programdata\Skype
2012-12-09 17:51 . 2012-12-09 17:52	--------	d-----w-	c:\users\Christian\AppData\Local\Facebook
2012-12-09 17:09 . 2012-12-09 17:09	--------	d-----w-	c:\program files (x86)\Screensaver
2012-12-09 15:24 . 2012-12-09 15:24	--------	d-----w-	c:\programdata\EA Core
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-31 10:16 . 2012-07-28 14:18	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-31 10:16 . 2012-07-28 14:18	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-13 15:14 . 2012-07-31 14:25	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-11-15 15:16 . 2012-09-05 13:25	613720	----a-w-	c:\windows\system32\drivers\klif.sys
2012-11-15 15:16 . 2012-06-08 09:38	54104	----a-w-	c:\windows\system32\drivers\kltdi.sys
2012-10-17 15:03 . 2012-10-17 15:03	916456	----a-w-	c:\windows\system32\deployJava1.dll
2012-10-17 15:03 . 2012-10-17 15:03	289768	----a-w-	c:\windows\system32\javaws.exe
2012-10-17 15:03 . 2012-10-17 15:03	1034216	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-10-17 15:03 . 2012-10-17 15:03	189416	----a-w-	c:\windows\system32\javaw.exe
2012-10-17 15:03 . 2012-10-17 15:03	188904	----a-w-	c:\windows\system32\java.exe
2012-10-17 15:03 . 2012-10-17 15:03	108008	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-16 08:38 . 2012-11-28 19:32	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 19:32	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 19:32	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-15 15:17	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-15 15:17	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-15 15:17	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-15 15:17	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2012-11-15 356376]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2012-09-06 162408]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"LogitechCommunicationsManager"="c:\program files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2006-12-22 497176]
"LogitechQuickCamRibbon"="c:\program files (x86)\Logitech\QuickCam10\QuickCam10.exe" [2006-12-22 756248]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448]
R2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-02-02 951936]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys [2012-07-03 31744]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys [2012-07-03 29184]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys [2012-07-03 36352]
R3 ASUSstpt;ASUS USB 3.0 Boost Storage Driver (Storage Driver);c:\windows\system32\DRIVERS\ASUSstpt.sys [2011-09-15 24648]
R3 ASUSumsc;ASUS USB 3.0 Boost Storage Driver (WDM);c:\windows\system32\DRIVERS\ASUSumsc.sys [2011-09-15 141896]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-09-20 136896]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-05-27 160768]
R3 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys [2006-12-22 1001120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 RTL8187;11g Wireless USB Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2007-02-07 250152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R4 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-02-17 149120]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-26 16152]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-11-15 54104]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2011-08-12 32360]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.00.21\AsusFanControlService.exe [2012-01-13 1478272]
S2 avmike;AVM FRITZ!Fernzugang IKE Service;c:\program files\FRITZ!Fernzugang\avmike.exe [2012-02-02 336248]
S2 certsrv;AVM FRITZ!Fernzugang Cert Service;c:\program files\FRITZ!Fernzugang\certsrv.exe [2011-10-31 143736]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-12-10 2465712]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]
S2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2006-12-22 172832]
S2 nwtsrv;AVM FRITZ!Fernzugang Client;c:\program files\FRITZ!Fernzugang\nwtsrv.exe [2011-10-31 189304]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-07 363800]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-26 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-26 787736]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-09-18 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-09-18 29528]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2009-10-07 271640]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 NWIM;AVM VPN Miniport;c:\windows\system32\DRIVERS\avmnwim.sys [2011-07-05 412024]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-29 646248]
S3 SaiK8014;SaiK8014;c:\windows\system32\DRIVERS\SaiK8014.sys [2010-04-22 171016]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 10:16]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 13:38]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 13:38]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-431522603-206524160-444697413-1001Core.job
- c:\users\Dome\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-29 18:11]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-431522603-206524160-444697413-1001UA.job
- c:\users\Dome\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-29 18:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-12 7560296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
"SaiVolume"="c:\program files\Saitek\VolumeTracker\SaiVolume.exe" [2010-04-21 186880]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-04-21 378880]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-04-21 195072]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\gt9py5em.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?barid={657BB8AD-EC74-11E1-A49A-10BF4873948C}&src=2&crg=3.1010000.10001&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-04 18:29; personas@christopher.beard; c:\users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\gt9py5em.default\extensions\personas@christopher.beard.xpi
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-431522603-206524160-444697413-1000\Software\SecuROM\License information*]
"datasecu"=hex:b9,ad,78,f7,0e,83,b6,8a,c1,a5,08,cf,22,7d,3e,a8,bc,e3,8f,c6,1a,
   e2,dc,d8,b0,c4,33,57,45,8e,4e,ca,c2,09,22,00,42,d1,55,97,77,e3,30,c8,04,76,\
"rkeysecu"=hex:9f,6d,14,54,a5,72,00,e7,29,6f,af,2b,af,27,e9,95
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-03  21:25:49
ComboFix-quarantined-files.txt  2013-01-03 20:25
ComboFix2.txt  2012-12-30 17:21
.
Vor Suchlauf: 15 Verzeichnis(se), 183.726.092.288 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 183.849.582.592 Bytes frei
.
- - End Of File - - FABBE93E3BFFA83E3192993D4CFBB235
--- --- ---
Alt 05.01.2013, 16:33   #11
markusg
/// Malware-holic
 
"Clickcompare" Virus trotz Schutzprogramm? - Standard

"Clickcompare" Virus trotz Schutzprogramm?


lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.01.2013, 17:19   #12
scholzi
 
"Clickcompare" Virus trotz Schutzprogramm? - Standard

"Clickcompare" Virus trotz Schutzprogramm?


PHP-Code:
11g Wireless LAN    LevelOne    27.07.2012        1.00 NOTWENDIG
3DMark 11    Futuremark Corporation    15.10.2012        1.0.3 UNNÖTIG
ABC-Schutz-Simulator Version 1.0    rondomedia Marketing Vertriebs GmbH    04.11.2012    0,96GB    UNNÖTIG
Adobe AIR    Adobe Systems Incorporated    05.01.2013        3.2.0.2070
Adobe Flash Player 11 ActiveX    Adobe Systems Incorporated    31.12.2012    6,00MB    11.5.502.135 NOTWNDIG
Adobe Flash Player 11 Plugin    Adobe Systems Incorporated    31.12.2012    6,00MB    11.5.502.135 NOTWENDIG
Adobe Reader X (10.1.4) - Deutsch    Adobe Systems Incorporated    19.08.2012    121MB    10.1.4 NOTWENDIG
AI Suite II    ASUSTeK Computer Inc.    02.10.2012        1.02.28 UNBEKANNT 
AMD Catalyst Install Manager    Advanced Micro DevicesInc.    02.11.2012    26,3MB    8.0.891.0 NOTWENDIG
Apple Application Support    Apple Inc.    02.12.2012    65,0MB    2.3.2 NOTWENDIG
Apple Mobile Device Support    Apple Inc.    02.12.2012    25,1MB    6.0.1.3 NOTWENDIG
Apple Software Update    Apple Inc.    28.07.2012    2,38MB    2.1.3.127 NOTWENDIG
Bonjour    Apple Inc.    28.07.2012    2,00MB    3.0.0.10 UNBEKANNT
Brother MFL-Pro Suite MFC-250C    Brother IndustriesLtd.    20.08.2012        1.0.1.0 NOTWENDIG
Bus-Simulator 2012    astragon    28.12.2012    NOTWENDIG    
CCleaner    Piriform    24.07.2012        3.21 NOTWENDIG
Cheat Engine 6.2    Dark Byte    03.11.2012    27,0MB    UNBEKANNT
Die Sims&#8482; 3    Electronic Arts    09.12.2012        1.42.130 NOTWENDIG
Emergency4        15.10.2012        1.03.001 NOTWENDIG
Euro Truck Simulator 2    SCS Software    03.11.2012    1,59GB    1.0.2 NOTWENDIG
Feuerund Notfallsimulation Wegberg Version 5.0    Marco H.    23.11.2012    1,84GB    5.0 NOTWENDIG
FileZilla Client 3.6.0.2    FileZilla Project    22.12.2012    17,1MB    3.6.0.2 NOTWENDIG
Flughafen-Feuerwehr-Simulator PATCH 1.1    rondomedia Marketing Vertriebs GmbH    22.09.2012    26,1MB    UNNÖTIG
FRITZ!Fernzugang    AVM Berlin    24.08.2012    6,67MB    1.2.6 NOTWENDIG
FUSSBALL MANAGER 12 Demo    Electronic Arts    15.09.2012    2,57GB    1.0.0.0 UNNÖTIG
Futuremark SystemInfo    Futuremark Corporation    15.10.2012        4.12.0 UNBEKANNT
GIMP 2.8.2    The GIMP Team    24.11.2012    234MB    2.8.2 UNBEKANNT
Google Earth    Google    19.12.2012    173MB    7.0.2.8415 NOTWENDIG
ICQ7M    ICQ    28.07.2012        7.8 NOTWENDIG
Intel(RManagement Engine Components    Intel Corporation    27.07.2012        8.0.2.1410 NOTWENDIG
Intel(RUSB 3.0 eXtensible Host Controller Driver    Intel Corporation    26.01.2012        1.0.3.214 NOTWENDIG
Intel® Trusted Connect Service Client    Intel Corporation    27.07.2012    10,6MB    1.23.605.1 NOTWENDIG
Intel® Watchdog Timer Driver (Intel® WDT)    Intel Corporation    29.07.2012    5,03MB    NOTWENDIG
iTunes    Apple Inc.    16.12.2012    189MB    11.0.1.12 NOTWENDIG
Java 7 Update 9    Oracle    03.09.2012    128MB    7.0.90 UNBEKANNT
Java 7 Update 9 (64-bit)    Oracle    17.10.2012    127MB    7.0.90 UNBEKANNT
Java SE Development Kit 7 Update 9 (64-bit)    Oracle    17.10.2012    188MB    1.7.0.90 UNBEKANNT
JavaFX 2.1.1    Oracle Corporation    19.08.2012    20,8MB    2.1.1 UNBEKANNT
Kaspersky Internet Security 2013    Kaspersky Lab    05.09.2012        13.0.1.4190 NOTWENDIG
LG PC Suite    LG Electronics    29.12.2012        5.2.17.20121218 NOTWENDIG 
LG United Mobile Drivers    LG Electronics    29.12.2012    6,70MB    3.8.1 NOTWENDIG 
Logitech QuickCam    Logitech Inc.    02.11.2012    38,2MB    10.50.1096 NOTWENDIG 
Logitech® Camera-Treiber        02.11.2012 NOTWENDIG         
LogMeIn Hamachi    LogMeInInc.    11.12.2012        2.1.0.294 UNBEKANNT
Malwarebytes Anti-Malware Version 1.70.0.1100    Malwarebytes Corporation    30.12.2012    18,4MB    1.70.0.1100 NOTWENDIG 
Microsoft .NET Framework 4 Client Profile    Microsoft Corporation    28.07.2012    38,8MB    4.0.30319 NOTWENDIG 
Microsoft .NET Framework 4 Client Profile DEU Language Pack    Microsoft Corporation    28.07.2012    2,93MB    4.0.30319NOTWENDIG 
Microsoft .NET Framework 4 Extended    Microsoft Corporation    29.07.2012    51,9MB    4.0.30319NOTWENDIG 
Microsoft Games for Windows LIVE Redistributable    Microsoft Corporation    05.10.2012    32,5MB    2.0.672.0 NOTWENDIG 
Microsoft Office Enterprise 2007    Microsoft Corporation    28.12.2012        12.0.6612.1000 NOTWENDIG 
Microsoft Visual C++ 2005 Redistributable    Microsoft Corporation    05.10.2012    426KB    8.0.56336 NOTWENDIG 
Microsoft Visual C++ 2008 Redistributable x64 9.0.21022.218    Microsoft Corporation    24.08.2012    788KB    9.0.21022.218 NOTWENDIG 
Microsoft Visual C++ 2008 Redistributable x64 9.0.30729    Microsoft Corporation    02.11.2012    792KB    9.0.30729 NOTWENDIG 
Microsoft Visual C++ 2008 Redistributable x64 9.0.30729.6161    Microsoft Corporation    02.11.2012    788KB    9.0.30729.6161 NOTWENDIG 
Microsoft Visual C++ 2008 Redistributable x86 9.0.30729    Microsoft Corporation    02.11.2012    608KB    9.0.30729 NOTWENDIG 
Microsoft Visual C++ 2008 Redistributable x86 9.0.30729.17    Microsoft Corporation    29.12.2012    230KB    9.0.30729 NOTWENDIG 
Microsoft Visual C++ 2008 Redistributable x86 9.0.30729.6161    Microsoft Corporation    03.11.2012    600KB    9.0.30729.6161 NOTWENDIG 
Microsoft Visual C++ 2010  x64 Redistributable 10.0.30319    Microsoft Corporation    27.07.2012    13,6MB    10.0.30319 NOTWENDIG 
Microsoft Visual C++ 2010  x86 Redistributable 10.0.30319    Microsoft Corporation    27.07.2012    11,0MB    10.0.30319 NOTWENDIG 
Microsoft WSE 3.0 Runtime    Microsoft Corp.    13.10.2012    942KB    3.0.5305.0 NOTWENDIG 
Mozilla Firefox 17.0.1 (x86 de)    Mozilla    10.12.2012    41,4MB    17.0.1 NOTWENDIG 
Mozilla Maintenance Service    Mozilla    10.12.2012    329KB    17.0.1 UNBEKANNT
MSXML 4.0 SP2 (KB954430)    Microsoft Corporation    04.11.2012    1,27MB    4.20.9870.0 UNBEKANNT
MSXML 4.0 SP2 (KB973688)    Microsoft Corporation    04.11.2012    1,33MB    4.20.9876.0 UNBEKANNT
Need For Speed&#8482; World    Electronic Arts    07.11.2012    12,5MB    1.0.0.659 UNNÖTIG 
NetSpeedMonitor 2.5.4.0 x64    Florian Gilles    02.10.2012    1,24MB    2.5.4.0 NOTWENDIG 
OfficeOne AutoDateTime 5.1    OfficeOne    13.12.2012    1,44MB    5.1 UNBEKANNT
Origin    Electronic ArtsInc.    17.10.2012        9.0.13.2142 NOTWENDIG 
PDF24 Creator 4.9.0    PDF24.org    09.10.2012    33,9MB    NOTWENDIG 
Realtek Ethernet Controller Driver    Realtek    27.07.2012        7.49.927.2011 NOTWENDIG
Realtek High Definition Audio Driver    Realtek Semiconductor Corp.    27.07.2012        6.0.1.6526 NOTWENDIG
Screensaver BF3        09.12.2012    UNNÖTIG    
Simulationsprogramm Integrierte Leitstelle V4    BK Elektronik    25.12.2012    40,7MB    4.0.14 NOTWENDIG 
Skype&#8482; 6.0    Skype Technologies S.A.    09.12.2012    20,3MB    6.0.126 NOTWENDIG 
Smart Technology Programming Software 7.0.0.26    Mad Catz    02.08.2012    63,4MB    7.0.0.26 NOTWENDIG
Smart Technology Volume Tracker 7.0.0.26    Mad Catz    02.08.2012    169KB    7.0.0.26 NOTWENDIG
TeamViewer 7    TeamViewer    01.08.2012        7.0.13989 NOTWENDIG 
Unity Web Player    Unity Technologies ApS    24.11.2012    12,0MB    UNNBEKANNT
Unlocker 1.9.1-x64    Cedrick Collomb    29.07.2012        1.9.1 NOTWENDIG
Versandhelfer    Deutsche Post AG    05.01.2013        1.0 UNNBEKANNT
VLC media player 2.0.2    VideoLAN    24.08.2012        2.0.2 NOTWENDIG
VLC media player 2.0.4    VideoLAN    29.11.2012        2.0.4 NOTWENDIG
Windows Media Player Firefox Plugin    Microsoft Corp    21.08.2012    296KB    1.0.0.8 NOTWENDIG
WinRAR 4.20 (64-Bit)    win.rar GmbH    29.07.2012        4.20.0 NOTWENDIG 
Geändert von scholzi (05.01.2013 um 17:26 Uhr)

Alt 05.01.2013, 19:23   #13
markusg
/// Malware-holic
 
"Clickcompare" Virus trotz Schutzprogramm? - Standard

"Clickcompare" Virus trotz Schutzprogramm?


deinstaliere:
3DMark*
ABC
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Bonjour****
Cheat*
Flughafen
FUSSBALL*
Futuremark*
GIMP*
Java*: alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Need*For*Speed&
Screensaver*
TeamViewer*: würd ich nur bei Bedarf instalieren, falls er unbedingt drauf sein muss, aktualisiere auf Version 8
Unity*
Versandhelfer****
VLC*: beide
neueste:
VideoLAN - Official page for VLC media player, the Open Source video framework!

Öffne Ccleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 06.01.2013, 13:50   #14
scholzi
 
"Clickcompare" Virus trotz Schutzprogramm? - Standard

"Clickcompare" Virus trotz Schutzprogramm?


Hallo,
vielen Dank für die Mühen, das man es hier so veständlich erklärt bekommt.
Ich bin mir sicher das ich Clickcompare & Dropdown Deals noch vom PC bekomme.

Hier die Log
PHP-Code:
# AdwCleaner v2.104 - Datei am 06/01/2013 um 13:47:45 erstellt
# Aktualisiert am 29/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : Christian - CHRISTIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Christian\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Christian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gefunden : C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Ordner Gefunden : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\gt9py5em.default\SweetPacksToolbarData
Ordner Gefunden : C:\Users\Christian\Documents\Save
Ordner Gefunden : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\1ClickDownload
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\SweetIM
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\Software\SweetIM
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKU\S-1-5-21-431522603-206524160-444697413-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\gt9py5em.default\prefs.js

Gefunden : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={657BB8AD-EC74-11E1-A49A-10BF48[...]
Gefunden : user_pref("quickstores.toolbar.affid", "2017");
Gefunden : user_pref("quickstores.toolbar.guid", "{0AF84E31-A819-F446-B5E1-72E98F529A56}");
Gefunden : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Gefunden : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1354823240207");
Gefunden : user_pref("sweetim.toolbar.Visibility.enable", "true");
Gefunden : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Gefunden : user_pref("sweetim.toolbar.cargo", "3.1010000.10001");
Gefunden : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Gefunden : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Gefunden : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Gefunden : user_pref("sweetim.toolbar.cda.returnValue", "disable");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Gefunden : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?la[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Gefunden : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Gefunden : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Gefunden : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...]
Gefunden : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Gefunden : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Gefunden : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Gefunden : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Gefunden : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Gefunden : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Gefunden : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Gefunden : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "true");
Gefunden : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Gefunden : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Gefunden : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Gefunden : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Gefunden : user_pref("sweetim.toolbar.mode.debug", "false");
Gefunden : user_pref("sweetim.toolbar.newtab.created", "false");
Gefunden : user_pref("sweetim.toolbar.newtab.enable", "true");
Gefunden : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={657BB[...]
Gefunden : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_V[...]
Gefunden : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Gefunden : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Gefunden : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Gefunden : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Gefunden : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Gefunden : user_pref("sweetim.toolbar.scripts.0.enable", "true");
Gefunden : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Gefunden : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Gefunden : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
Gefunden : user_pref("sweetim.toolbar.scripts.1.callback", "");
Gefunden : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Gefunden : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
Gefunden : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
Gefunden : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Gefunden : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
Gefunden : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.predictad.com/scripts/publishers/sweetim/pre[...]
Gefunden : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "true");
Gefunden : user_pref("sweetim.toolbar.scripts.2.callback", "simVerification");
Gefunden : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", "");
Gefunden : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Gefunden : user_pref("sweetim.toolbar.scripts.2.elementid", "id_script_sim_fb");
Gefunden : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Gefunden : user_pref("sweetim.toolbar.scripts.2.id", "id_script_fb_hxxpS");
Gefunden : user_pref("sweetim.toolbar.scripts.2.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Gefunden : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Gefunden : user_pref("sweetim.toolbar.search.history.capacity", "10");
Gefunden : user_pref("sweetim.toolbar.searchguard.enable", "false");
Gefunden : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Gefunden : user_pref("sweetim.toolbar.simapp_id", "{657BB8AD-EC74-11E1-A49A-10BF4873948C}");
Gefunden : user_pref("sweetim.toolbar.version", "1.7.0.3");

Datei : C:\Users\Dome\AppData\Roaming\Mozilla\Firefox\Profiles\x13rmaer.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Dome\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [10193 octets] - [06/01/2013 13:47:45]

########## EOF - C:\AdwCleaner[R1].txt - [10254 octets] ##########

Alt 06.01.2013, 17:23   #15
markusg
/// Malware-holic
 
"Clickcompare" Virus trotz Schutzprogramm? - Standard

"Clickcompare" Virus trotz Schutzprogramm?


Hi


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

Neustarten bitte, testen, wie der PC + Programme laufen. Toolbars etc sollten weg sein.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort
Seite 1 von 3 1 23

Themen zu "Clickcompare" Virus trotz Schutzprogramm?
absolut, ahnung, dauert, eingehen, erkannt, frage, gewisse, guten, hilfe!, kaspersky, natürlich, neu, posting, professionelle, rechner, sache, sachen, scan, scanne, trotz, virus, weiterleitung, woche, wochen, wörter


« Wie find ich herraus welcher "NEtzwerkausgang" von welchem Prozess/Datei verursacht wird? | Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht »

Ähnliche Themen: "Clickcompare" Virus trotz Schutzprogramm?


  1. Ordner läst sich trotz "Unlocker" nicht Löschen
    Alles rund um Windows - 18.10.2015 (16)
  2. "Suspicious.Cloud.9" (Trojaner) und "SAPE.DnwldSponsor.2" (Virus?, vielleicht False Positive)
    Plagegeister aller Art und deren Bekämpfung - 22.08.2015 (23)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  5. Sicherheitscenter deaktiviert und Virus "ADWARE/InstallCo.HA" "ADWARE/bProtect.D" "TR/Mevade.A.95" gefunden
    Log-Analyse und Auswertung - 10.09.2013 (10)
  6. Diverse "Buren" "Lamar" sowie ein Exploit Virus entdeckt
    Plagegeister aller Art und deren Bekämpfung - 04.09.2013 (13)
  7. "Redirect-Virus" unter Windows 8 / "document has moved redirecting..."
    Plagegeister aller Art und deren Bekämpfung - 23.01.2013 (11)
  8. Diverse Fehlermeldungen bei Start des Systems nach "Entfernen" des "Polizei-Virus"
    Log-Analyse und Auswertung - 27.10.2012 (10)
  9. "Falsche" E-Mail von Freund mit Link ins Netz -> Virus oder nur "Werbung"?
    Log-Analyse und Auswertung - 30.07.2012 (1)
  10. Vermehrtes Virenvrkommen nach "50€-Virus" unteranderem "TR/injetor569344.5"
    Plagegeister aller Art und deren Bekämpfung - 04.02.2012 (1)
  11. Verspätetes "Xmas-geschenk": 50€-Virus mit Text "System wird aus sicherheitsgründen blockiert"
    Log-Analyse und Auswertung - 02.01.2012 (5)
  12. Fremdzugriff auf PC trotz Schutzprogramm?
    Plagegeister aller Art und deren Bekämpfung - 06.11.2010 (7)
  13. Trojaner/Virus lähmt das Internet "extrem". "TR/Cospet.EO.1" !
    Plagegeister aller Art und deren Bekämpfung - 10.06.2010 (11)
  14. bräuchte Tipps bei Schutzprogramm "Mindestausstattung"
    Antiviren-, Firewall- und andere Schutzprogramme - 29.10.2008 (46)
  15. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  16. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)
  17. Bekomme "http://default.home/" und "ACCESS BLOCKED - VIRUS WARNING" nicht mehr los
    Log-Analyse und Auswertung - 16.01.2005 (5)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema "Clickcompare" Virus trotz Schutzprogramm? - Guten Tag, ich habe seit wenigen Wochen unter gewissen Wörter immer eine Weiterleitung mit "clickcompare" jetzt hatte ich es mal gegoogelt und erkannt das es ein Virus sei 0.Ö Ich - "Clickcompare" Virus trotz Schutzprogramm?...
Archiv
Du betrachtest: "Clickcompare" Virus trotz Schutzprogramm? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129