Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.02.2012, 11:49   #1
Franzi87
 
Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung - Standard

Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung



Hallo liebes Forum,
habe mir heute anscheinend auch dieses Virus eingefangen der mir durch dieses Fenster mit der Aufforderung zum Bezahlen mein Windows sperrt. Schonmal vielen Dank für die Hilfe, wüsste ohne dieses Forum nicht was ich tun sollte.
Habe gerade schoneinmal einen Scan mit OTL durchgeführt. Hier ist das Ergebnis. Hoffe ihr könnt mir sagen was ich tun muss. Danke euch.




Code:
ATTFilter
OTL logfile created on: 12.02.2012 12:35:58 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Franzi\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 65,93% Memory free
7,73 Gb Paging File | 6,21 Gb Available in Paging File | 80,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,94 Gb Total Space | 360,98 Gb Free Space | 79,52% Space Free | Partition Type: NTFS
 
Computer Name: FRANZI-PC | User Name: Franzi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Franzi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
PRC - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
PRC - C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
MOD - C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\extensions\{ca4eedb3-5719-4e27-a478-8d13f761c28d}\components\RadioWMPCoreGecko10.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\ZipArchive.dll ()
MOD - C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\QtCore4.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\QtGui4.dll ()
MOD - C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\QtNetwork4.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (dtpd) -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe ()
SRV:64bit: - (iked) -- C:\Program Files\ShrewSoft\VPN Client\iked.exe ()
SRV:64bit: - (ipsecd) -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe ()
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Guard.Mail.ru) -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor7.0) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (SMARTVHidMiniVistaAmd64) -- C:\Windows\SysNative\drivers\SMARTVHidMiniVistaAmd64.sys (SMART Technologies ULC)
DRV:64bit: - (SMARTMouseFilterx64) -- C:\Windows\SysNative\drivers\SMARTMouseFilterx64.sys (SMART Technologies ULC)
DRV:64bit: - (SMARTVTabletPCx64) -- C:\Windows\SysNative\drivers\SMARTVTabletPCx64.sys (SMART Technologies ULC)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc)
DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360310h9c6l0490z135f4431y248
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360310h9c6l0490z135f4431y248
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360310h9c6l0490z135f4431y248
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360310h9c6l0490z135f4431y248
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360310h9c6l0490z135f4431y248
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.defaultthis.engineName: "SparkleBox Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT340574&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?hl=de"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.8&q="
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.12 12:25:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.22 10:40:48 | 000,000,000 | ---D | M]
 
[2010.10.12 18:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franzi\AppData\Roaming\mozilla\Extensions
[2010.10.12 18:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franzi\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.02.05 17:09:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions
[2012.01.31 16:15:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.01.09 07:46:17 | 000,000,000 | ---D | M] (SparkleBox Community Toolbar) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{ca4eedb3-5719-4e27-a478-8d13f761c28d}
[2011.08.22 11:47:48 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.04.28 10:24:15 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.02.05 17:09:44 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\welcome@toolmin.com
[2011.06.06 13:15:00 | 000,000,921 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\conduit.xml
[2012.02.07 05:39:25 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-1.xml
[2010.12.10 22:54:16 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-10.xml
[2011.03.11 20:35:45 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-11.xml
[2011.03.26 11:03:35 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-12.xml
[2011.04.30 07:26:28 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-13.xml
[2011.05.08 18:49:00 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-14.xml
[2011.06.16 04:58:27 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-15.xml
[2011.06.22 06:40:07 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-16.xml
[2012.02.04 12:45:09 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-17.xml
[2012.02.05 17:09:58 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-18.xml
[2010.06.24 09:10:28 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-2.xml
[2010.06.28 17:10:23 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-3.xml
[2010.07.21 16:51:30 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-4.xml
[2010.07.24 19:49:05 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-5.xml
[2010.09.09 20:31:45 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-6.xml
[2010.09.16 19:35:53 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-7.xml
[2010.10.22 16:22:57 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-8.xml
[2010.10.30 07:03:46 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-9.xml
[2012.01.31 16:15:03 | 000,000,168 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin.gif
[2012.01.31 16:15:03 | 000,000,618 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin.src
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin.xml
[2011.08.22 11:47:44 | 000,003,915 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\sweetim.xml
[2011.11.24 14:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.03.31 13:11:57 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.12.16 18:57:15 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2012.02.12 12:25:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.12.15 19:07:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.12 17:20:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.12 17:20:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.12 17:20:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.12 17:20:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.05 17:09:44 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2012.01.12 17:20:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.12 17:20:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
O4 - HKCU..\Run: [EPSON Stylus D120 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICCE.EXE /FU "C:\Windows\TEMP\E_S322A.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F39FC9CE-EAD5-488E-BB8F-003EEC8C84E2}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e6047cce-bb59-11e0-9ccf-00262d7ce3bb}\Shell - "" = AutoRun
O33 - MountPoints2\{e6047cce-bb59-11e0-9ccf-00262d7ce3bb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.12 12:16:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.02.12 12:09:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Franzi\Desktop\OTL.exe
[2012.02.12 08:46:45 | 000,035,648 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.02.12 08:46:45 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.02.09 17:51:19 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\5. UB Mathe
[2012.02.09 08:20:36 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.02.09 08:20:35 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.02.09 08:20:35 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.02.09 08:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.02.09 08:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.02.09 08:17:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.02.08 17:57:38 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\food
[2012.02.05 17:09:40 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\toolplugin
[2012.02.04 08:09:01 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\Module der Standardsicherung
[2012.01.31 16:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7
[2012.01.31 16:15:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\icq
[2012.01.31 16:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guard-ICQ
[2012.01.31 16:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.7
[2012.01.29 11:23:15 | 000,000,000 | ---D | C] -- C:\Users\Franzi\10f5h
[2012.01.29 11:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\10-Fingersystem in 5 Stunden GS
[2012.01.29 11:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HERDT
[2012.01.26 08:34:17 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.01.26 08:34:16 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.01.26 08:34:16 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012.01.26 08:34:15 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012.01.26 08:34:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.01.26 08:34:15 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.01.22 10:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.22 10:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.01.22 10:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.01.22 10:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.22 10:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.01.22 10:40:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.01.21 16:59:02 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Documents\Steuern
[2012.01.17 16:39:00 | 000,000,000 | ---D | C] -- C:\Windows\Profiles
[2012.01.15 17:28:21 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\Seminar Zusammenfassungen
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.12 12:30:33 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.12 12:30:33 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.12 12:20:56 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.12 12:20:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.12 12:20:37 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.12 12:09:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Franzi\Desktop\OTL.exe
[2012.02.12 09:17:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.09 11:59:10 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.02.09 11:59:08 | 000,035,648 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.02.09 11:59:08 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.02.09 11:59:06 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.01.26 17:04:04 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.26 17:04:04 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.26 17:04:04 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.26 17:04:04 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.26 17:04:04 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2012.02.09 08:20:13 | 000,002,217 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2011.08.30 13:17:38 | 000,786,504 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602N.DAT
[2011.08.30 13:17:38 | 000,296,064 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602W.DAT
[2011.07.30 18:57:17 | 000,000,000 | ---- | C] () -- C:\Users\Franzi\AppData\Local\{A27A1C6C-CA79-4577-A744-540AC43516C9}
[2010.03.31 13:15:38 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.15 18:15:16 | 000,000,132 | ---- | C] () -- C:\Users\Franzi\AppData\Roaming\wklnhst.dat
[2010.03.15 08:36:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.01.13 19:11:09 | 000,001,845 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010.01.13 11:03:05 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010.01.13 10:42:11 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.01.13 10:42:10 | 000,000,150 | ---- | C] () -- C:\Windows\PidList.ini
[2010.01.13 10:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.11.06 01:41:19 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.11.05 21:14:13 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.11.05 21:14:13 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.11.05 21:14:11 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009.11.05 21:14:11 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.11.05 21:14:11 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005.11.11 11:43:28 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libssl32.dll
[2005.11.11 11:43:24 | 000,887,296 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
 
========== LOP Check ==========
 
[2011.12.12 16:47:36 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Canon
[2010.10.03 16:06:21 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Crossword Compiler Deutsch 8
[2010.03.27 16:44:17 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\DAEMON Tools Lite
[2012.02.12 10:03:52 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\ICQ
[2011.08.30 13:35:07 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Lasersoft Imaging
[2011.02.05 18:22:09 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Local
[2011.02.18 19:26:51 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Reviversoft
[2010.12.16 19:33:51 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\SMART Technologies
[2010.12.16 18:57:39 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\SMART Technologies Inc
[2010.03.15 18:15:18 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Template
[2010.10.12 18:27:44 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\TomTom
[2012.02.08 14:11:04 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\toolplugin
[2012.02.09 08:19:51 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\TuneUp Software
[2010.08.08 19:46:40 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\ViquaSoft
[2011.12.16 18:52:26 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:444C53BA

< End of report >
         

Alt 12.02.2012, 14:51   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung - Standard

Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung



Funktioniert noch der abgesicherte Modus mit Netzwerktreibern?




Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________

__________________

Alt 12.02.2012, 15:35   #3
Franzi87
 
Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung - Standard

Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung



ja der funktioniert problemlos.
__________________

Alt 12.02.2012, 15:40   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung - Standard

Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung



na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.02.2012, 16:58   #5
Franzi87
 
Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung - Standard

Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung



Hier der Malware Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.12.02

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Franzi :: FRANZI-PC [Administrator]

Schutz: Deaktiviert

12.02.2012 16:44:41
mbam-log-2012-02-12 (16-44-41).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 461848
Laufzeit: 57 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         


Alt 12.02.2012, 17:44   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung - Standard

Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________
--> Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung

Alt 12.02.2012, 17:54   #7
Franzi87
 
Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung - Standard

Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung



nein das war das erstemal heute. Lasse jetzt gerad ESET drüber laufen.

Alt 12.02.2012, 19:27   #8
Franzi87
 
Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung - Standard

Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung



So ESET ist nun auch einmal durchgelaufen und hat dabei 3 infizierte Dateien gefunden. Hier ist das Logfile.

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3e3ca1e25728454682b7a161116ed5c1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-12 07:14:52
# local_time=2012-02-12 08:14:52 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1792 16777215 100 0 9711420 9711420 0 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 26157 80697101 0 0
# compatibility_mode=8192 67108863 100 0 3867 3867 0 0
# scanned=350328
# found=3
# cleaned=0
# scan_time=6841
C:\Users\Franzi\AppData\Local\Mozilla\Firefox\firefox.exe	Win32/LockScreen.AIG trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Franzi\Downloads\RegistryReviverSetup.exe	a variant of Win32/RegistryReviver application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Franzi\Downloads\SweetImSetup.exe	a variant of Win32/SweetIM.B application (unable to clean)	00000000000000000000000000000000	I
         

Alt 13.02.2012, 08:15   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung - Standard

Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.02.2012, 19:06   #10
Franzi87
 
Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung - Standard

Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung



ok Danke das habe ich getan, hier das Ergebnis.

Code:
ATTFilter
OTL logfile created on: 16.02.2012 18:52:06 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Franzi\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 68,75% Memory free
7,73 Gb Paging File | 6,24 Gb Available in Paging File | 80,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,94 Gb Total Space | 358,63 Gb Free Space | 79,00% Space Free | Partition Type: NTFS
 
Computer Name: FRANZI-PC | User Name: Franzi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Franzi\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
PRC - C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
MOD - C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\ZipArchive.dll ()
MOD - C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\QtCore4.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\QtGui4.dll ()
MOD - C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\QtNetwork4.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (dtpd) -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe ()
SRV:64bit: - (iked) -- C:\Program Files\ShrewSoft\VPN Client\iked.exe ()
SRV:64bit: - (ipsecd) -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe ()
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Guard.Mail.ru) -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ePowerSvc) -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (OberonGameConsoleService) -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Updater Service) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor7.0) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (SMARTVHidMiniVistaAmd64) -- C:\Windows\SysNative\drivers\SMARTVHidMiniVistaAmd64.sys (SMART Technologies ULC)
DRV:64bit: - (SMARTMouseFilterx64) -- C:\Windows\SysNative\drivers\SMARTMouseFilterx64.sys (SMART Technologies ULC)
DRV:64bit: - (SMARTVTabletPCx64) -- C:\Windows\SysNative\drivers\SMARTVTabletPCx64.sys (SMART Technologies ULC)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc)
DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360310h9c6l0490z135f4431y248
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360310h9c6l0490z135f4431y248
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360310h9c6l0490z135f4431y248
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360310h9c6l0490z135f4431y248
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360310h9c6l0490z135f4431y248
IE - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.defaultthis.engineName: "SparkleBox Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT340574&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/webhp?hl=de"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.8&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.8&q="
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.12 12:25:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.22 10:40:48 | 000,000,000 | ---D | M]
 
[2010.10.12 18:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franzi\AppData\Roaming\mozilla\Extensions
[2010.10.12 18:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franzi\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.02.15 07:37:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions
[2012.01.31 16:15:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.15 07:37:22 | 000,000,000 | ---D | M] (SparkleBox Community Toolbar) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{ca4eedb3-5719-4e27-a478-8d13f761c28d}
[2011.08.22 11:47:48 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.04.28 10:24:15 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.02.05 17:09:44 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\welcome@toolmin.com
[2011.06.06 13:15:00 | 000,000,921 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\conduit.xml
[2012.02.14 19:56:46 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-1.xml
[2010.12.10 22:54:16 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-10.xml
[2011.03.11 20:35:45 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-11.xml
[2011.03.26 11:03:35 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-12.xml
[2011.04.30 07:26:28 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-13.xml
[2011.05.08 18:49:00 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-14.xml
[2011.06.16 04:58:27 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-15.xml
[2011.06.22 06:40:07 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-16.xml
[2012.02.04 12:45:09 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-17.xml
[2012.02.05 17:09:58 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-18.xml
[2010.06.24 09:10:28 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-2.xml
[2010.06.28 17:10:23 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-3.xml
[2010.07.21 16:51:30 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-4.xml
[2010.07.24 19:49:05 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-5.xml
[2010.09.09 20:31:45 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-6.xml
[2010.09.16 19:35:53 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-7.xml
[2010.10.22 16:22:57 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-8.xml
[2010.10.30 07:03:46 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-9.xml
[2012.01.31 16:15:03 | 000,000,168 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin.gif
[2012.01.31 16:15:03 | 000,000,618 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin.src
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin.xml
[2011.08.22 11:47:44 | 000,003,915 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\sweetim.xml
[2011.11.24 14:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.03.31 13:11:57 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.12.16 18:57:15 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2012.02.12 12:25:41 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.12.15 19:07:48 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.12 17:20:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.12 17:20:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.12 17:20:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.12 17:20:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.05 17:09:44 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2012.01.12 17:20:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.12 17:20:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SMART Board Service] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe (SMART Technologies)
O4 - HKLM..\Run: [SMART SNMP Agent] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe (SMART Technologies ULC)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000..\Run: [EPSON Stylus D120 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICCE.EXE /FU "C:\Windows\TEMP\E_S322A.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F39FC9CE-EAD5-488E-BB8F-003EEC8C84E2}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e6047cce-bb59-11e0-9ccf-00262d7ce3bb}\Shell - "" = AutoRun
O33 - MountPoints2\{e6047cce-bb59-11e0-9ccf-00262d7ce3bb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: PDVD8LanguageShortcut - hkey= - key= - c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RemoteControl8 - hkey= - key= - c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.12 18:16:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.12 18:15:58 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Franzi\Desktop\esetsmartinstaller_enu.exe
[2012.02.12 16:43:30 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\Malwarebytes
[2012.02.12 16:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.12 16:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.12 16:43:22 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.12 16:43:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.12 12:16:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.02.12 12:09:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Franzi\Desktop\OTL.exe
[2012.02.12 08:46:45 | 000,035,648 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.02.12 08:46:45 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.02.09 17:51:19 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\5. UB Mathe
[2012.02.09 08:20:36 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.02.09 08:20:35 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.02.09 08:20:35 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.02.09 08:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.02.09 08:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.02.09 08:17:17 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.02.08 17:57:38 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\food
[2012.02.05 17:09:40 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\toolplugin
[2012.02.04 08:09:01 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\Module der Standardsicherung
[2012.01.31 16:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.7
[2012.01.31 16:15:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\icq
[2012.01.31 16:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guard-ICQ
[2012.01.31 16:12:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.7
[2012.01.29 11:23:15 | 000,000,000 | ---D | C] -- C:\Users\Franzi\10f5h
[2012.01.29 11:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\10-Fingersystem in 5 Stunden GS
[2012.01.29 11:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HERDT
[2012.01.22 10:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.22 10:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.01.22 10:43:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.01.22 10:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.22 10:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.01.22 10:40:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.01.21 16:59:02 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Documents\Steuern
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.16 18:17:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.16 17:44:18 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.16 17:44:18 | 000,017,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.16 17:35:55 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.16 17:35:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.16 17:35:35 | 3111,518,208 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.15 19:45:24 | 000,132,320 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.02.15 13:49:23 | 000,419,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.14 21:08:16 | 001,534,410 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.14 21:08:16 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.14 21:08:16 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.14 21:08:16 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.14 21:08:16 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.12 18:16:11 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Franzi\Desktop\esetsmartinstaller_enu.exe
[2012.02.12 16:43:23 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.12 12:09:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Franzi\Desktop\OTL.exe
[2012.02.09 11:59:10 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.02.09 11:59:08 | 000,035,648 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.02.09 11:59:08 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.02.09 11:59:06 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
 
========== Files Created - No Company Name ==========
 
[2012.02.12 16:43:23 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.09 08:20:13 | 000,002,217 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2011.08.30 13:17:38 | 000,786,504 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602N.DAT
[2011.08.30 13:17:38 | 000,296,064 | ---- | C] () -- C:\Windows\SysWow64\CNQ9602W.DAT
[2011.07.30 18:57:17 | 000,000,000 | ---- | C] () -- C:\Users\Franzi\AppData\Local\{A27A1C6C-CA79-4577-A744-540AC43516C9}
[2010.03.31 13:15:38 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.15 18:15:16 | 000,000,132 | ---- | C] () -- C:\Users\Franzi\AppData\Roaming\wklnhst.dat
[2010.03.15 08:36:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.01.13 19:11:09 | 000,001,845 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010.01.13 11:03:05 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010.01.13 10:42:11 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.01.13 10:42:10 | 000,000,150 | ---- | C] () -- C:\Windows\PidList.ini
[2010.01.13 10:34:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.11.06 01:41:19 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.11.05 21:14:13 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.11.05 21:14:13 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.11.05 21:14:11 | 000,000,189 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009.11.05 21:14:11 | 000,000,168 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.11.05 21:14:11 | 000,000,147 | ---- | C] () -- C:\Windows\WisPriority.ini
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005.11.11 11:43:28 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libssl32.dll
[2005.11.11 11:43:24 | 000,887,296 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll
 
========== LOP Check ==========
 
[2011.12.12 16:47:36 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Canon
[2010.10.03 16:06:21 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Crossword Compiler Deutsch 8
[2010.03.27 16:44:17 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\DAEMON Tools Lite
[2012.02.16 18:05:37 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\ICQ
[2011.08.30 13:35:07 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Lasersoft Imaging
[2011.02.05 18:22:09 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Local
[2011.02.18 19:26:51 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Reviversoft
[2010.12.16 19:33:51 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\SMART Technologies
[2010.12.16 18:57:39 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\SMART Technologies Inc
[2010.03.15 18:15:18 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Template
[2010.10.12 18:27:44 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\TomTom
[2012.02.08 14:11:04 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\toolplugin
[2012.02.09 08:19:51 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\TuneUp Software
[2010.08.08 19:46:40 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\ViquaSoft
[2011.12.16 18:52:26 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.06.24 08:27:07 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Adobe
[2010.05.12 20:16:23 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Apple Computer
[2011.08.30 13:32:00 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\ArcSoft
[2010.03.13 19:44:35 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\ATI
[2011.10.23 08:44:18 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Avira
[2010.06.16 17:08:23 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\AVS4YOU
[2011.12.12 16:47:36 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Canon
[2010.10.03 16:06:21 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Crossword Compiler Deutsch 8
[2010.03.27 16:44:17 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\DAEMON Tools Lite
[2011.02.16 17:27:55 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\DivX
[2010.03.14 10:27:28 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Google
[2010.05.27 18:12:05 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\HP
[2012.02.07 05:38:52 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\HpUpdate
[2012.02.16 18:05:37 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\ICQ
[2010.03.13 19:43:05 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Identities
[2011.08.30 13:35:07 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Lasersoft Imaging
[2011.02.05 18:22:09 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Local
[2010.03.14 11:09:27 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Macromedia
[2012.02.12 16:43:30 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Malwarebytes
[2009.11.05 21:18:06 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Media Center Programs
[2011.08.22 11:47:43 | 000,000,000 | --SD | M] -- C:\Users\Franzi\AppData\Roaming\Microsoft
[2010.12.03 18:27:19 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Microsoft Games
[2010.03.15 08:36:11 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Mozilla
[2010.03.29 22:35:50 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Nero
[2011.02.18 19:26:51 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Reviversoft
[2011.05.14 15:59:56 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Skype
[2011.05.14 15:53:43 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\skypePM
[2010.12.16 19:33:51 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\SMART Technologies
[2010.12.16 18:57:39 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\SMART Technologies Inc
[2010.03.15 18:15:18 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Template
[2010.10.12 18:27:44 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\TomTom
[2012.02.08 14:11:04 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\toolplugin
[2012.02.09 08:19:51 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\TuneUp Software
[2010.08.08 19:46:40 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\ViquaSoft
[2011.09.27 10:11:42 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:444C53BA

< End of report >
         

Alt 16.02.2012, 20:58   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung - Standard

Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
IE - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_tj75&r=27360310h9c6l0490z135f4431y248
IE - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.defaultthis.engineName: "SparkleBox Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT340574&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.8&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.8&q="
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
[2012.01.31 16:15:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.15 07:37:22 | 000,000,000 | ---D | M] (SparkleBox Community Toolbar) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{ca4eedb3-5719-4e27-a478-8d13f761c28d}
[2011.08.22 11:47:48 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.04.28 10:24:15 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2012.02.05 17:09:44 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\welcome@toolmin.com
[2011.06.06 13:15:00 | 000,000,921 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\conduit.xml
[2012.02.14 19:56:46 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-1.xml
[2010.12.10 22:54:16 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-10.xml
[2011.03.11 20:35:45 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-11.xml
[2011.03.26 11:03:35 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-12.xml
[2011.04.30 07:26:28 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-13.xml
[2011.05.08 18:49:00 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-14.xml
[2011.06.16 04:58:27 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-15.xml
[2011.06.22 06:40:07 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-16.xml
[2012.02.04 12:45:09 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-17.xml
[2012.02.05 17:09:58 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-18.xml
[2010.06.24 09:10:28 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-2.xml
[2010.06.28 17:10:23 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-3.xml
[2010.07.21 16:51:30 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-4.xml
[2010.07.24 19:49:05 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-5.xml
[2010.09.09 20:31:45 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-6.xml
[2010.09.16 19:35:53 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-7.xml
[2010.10.22 16:22:57 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-8.xml
[2010.10.30 07:03:46 | 000,000,950 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-9.xml
[2012.01.31 16:15:03 | 000,000,168 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin.gif
[2012.01.31 16:15:03 | 000,000,618 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin.src
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin.xml
[2011.08.22 11:47:44 | 000,003,915 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\sweetim.xml
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e6047cce-bb59-11e0-9ccf-00262d7ce3bb}\Shell - "" = AutoRun
O33 - MountPoints2\{e6047cce-bb59-11e0-9ccf-00262d7ce3bb}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:444C53BA

:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.02.2012, 18:58   #12
Franzi87
 
Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung - Standard

Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung



Ok hier der OTL Log nach dem Fix.

Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named Program Files was found!
HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-2419196944-2182543560-2901153853-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2419196944-2182543560-2901153853-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2419196944-2182543560-2901153853-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Prefs.js: "Search the web" removed from browser.search.defaultenginename
Prefs.js: "SparkleBox Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT340574&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search the web" removed from browser.search.order.1
Prefs.js: "Search the web" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.8&q=" removed from keyword.URL
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.8&q=" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\Franzi\AppData\Roaming\Mozilla\FireFox\Profiles\9l632w5o.default\user.js moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{ca4eedb3-5719-4e27-a478-8d13f761c28d}\searchplugin folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{ca4eedb3-5719-4e27-a478-8d13f761c28d}\modules folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{ca4eedb3-5719-4e27-a478-8d13f761c28d}\META-INF folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{ca4eedb3-5719-4e27-a478-8d13f761c28d}\defaults folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{ca4eedb3-5719-4e27-a478-8d13f761c28d}\components folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{ca4eedb3-5719-4e27-a478-8d13f761c28d}\chrome folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{ca4eedb3-5719-4e27-a478-8d13f761c28d} folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\skin folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\nl-NL folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\it-IT folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\fr-FR folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\es-ES folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\en-US folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale\de-DE folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\locale folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar\content folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\en-GB@dictionaries.addons.mozilla.org\dictionaries folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\en-GB@dictionaries.addons.mozilla.org folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\welcome@toolmin.com\chrome\content folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\welcome@toolmin.com\chrome folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\9l632w5o.default\extensions\welcome@toolmin.com folder moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\conduit.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin.src moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\9l632w5o.default\searchplugins\sweetim.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}\ deleted successfully.
C:\Program Files (x86)\icq\Internet Explorer\icq.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}\ deleted successfully.
C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}\ deleted successfully.
File WebPrint EX\ewpexhlp.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-89AF-189327213627} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-89AF-189327213627}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-2419196944-2182543560-2901153853-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6047cce-bb59-11e0-9ccf-00262d7ce3bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6047cce-bb59-11e0-9ccf-00262d7ce3bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6047cce-bb59-11e0-9ccf-00262d7ce3bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6047cce-bb59-11e0-9ccf-00262d7ce3bb}\ not found.
File F:\LaunchU3.exe -a not found.
ADS C:\ProgramData\Temp:444C53BA deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Franzi
->Temp folder emptied: 807188 bytes
->Temporary Internet Files folder emptied: 9045333 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 134359380 bytes
->Flash cache emptied: 803 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19814366 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 32038746 bytes
 
Total Files Cleaned = 187,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02182012_195132

Files\Folders moved on Reboot...
C:\Users\Franzi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 19.02.2012, 17:52   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung - Standard

Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.02.2012, 18:24   #14
Franzi87
 
Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung - Standard

Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung



Ok der Tdsskiller hat eine Datei bemängelt. Hier das Log.

Code:
ATTFilter
19:21:05.0401 5168	TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
19:21:05.0583 5168	============================================================
19:21:05.0583 5168	Current date / time: 2012/02/19 19:21:05.0583
19:21:05.0583 5168	SystemInfo:
19:21:05.0583 5168	
19:21:05.0583 5168	OS Version: 6.1.7600 ServicePack: 0.0
19:21:05.0583 5168	Product type: Workstation
19:21:05.0584 5168	ComputerName: FRANZI-PC
19:21:05.0584 5168	UserName: Franzi
19:21:05.0584 5168	Windows directory: C:\Windows
19:21:05.0584 5168	System windows directory: C:\Windows
19:21:05.0584 5168	Running under WOW64
19:21:05.0584 5168	Processor architecture: Intel x64
19:21:05.0584 5168	Number of processors: 4
19:21:05.0584 5168	Page size: 0x1000
19:21:05.0584 5168	Boot type: Normal boot
19:21:05.0584 5168	============================================================
19:21:06.0015 5168	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:21:06.0020 5168	\Device\Harddisk0\DR0:
19:21:06.0021 5168	MBR used
19:21:06.0021 5168	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x32000
19:21:06.0021 5168	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x17A2800, BlocksNum 0x38BE3030
19:21:06.0043 5168	Initialize success
19:21:06.0043 5168	============================================================
19:21:47.0208 1316	============================================================
19:21:47.0208 1316	Scan started
19:21:47.0208 1316	Mode: Manual; SigCheck; TDLFS; 
19:21:47.0208 1316	============================================================
19:21:47.0733 1316	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:21:47.0863 1316	1394ohci - ok
19:21:47.0987 1316	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:21:48.0020 1316	ACPI - ok
19:21:48.0108 1316	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:21:48.0215 1316	AcpiPmi - ok
19:21:48.0354 1316	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:21:48.0392 1316	adp94xx - ok
19:21:48.0515 1316	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:21:48.0544 1316	adpahci - ok
19:21:48.0677 1316	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:21:48.0693 1316	adpu320 - ok
19:21:48.0841 1316	AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
19:21:48.0881 1316	AFD - ok
19:21:49.0043 1316	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:21:49.0066 1316	agp440 - ok
19:21:49.0201 1316	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:21:49.0219 1316	aliide - ok
19:21:49.0335 1316	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:21:49.0356 1316	amdide - ok
19:21:49.0482 1316	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:21:49.0512 1316	AmdK8 - ok
19:21:49.0606 1316	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:21:49.0638 1316	AmdPPM - ok
19:21:49.0751 1316	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:21:49.0771 1316	amdsata - ok
19:21:49.0813 1316	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:21:49.0842 1316	amdsbs - ok
19:21:49.0936 1316	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:21:49.0954 1316	amdxata - ok
19:21:50.0075 1316	AmUStor         (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
19:21:50.0108 1316	AmUStor - ok
19:21:50.0253 1316	ApfiltrService  (9815014f3e30357168da272088c6f12f) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:21:50.0315 1316	ApfiltrService - ok
19:21:50.0409 1316	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:21:50.0527 1316	AppID - ok
19:21:50.0659 1316	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:21:50.0683 1316	arc - ok
19:21:50.0728 1316	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:21:50.0746 1316	arcsas - ok
19:21:50.0851 1316	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:21:51.0077 1316	AsyncMac - ok
19:21:51.0192 1316	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:21:51.0210 1316	atapi - ok
19:21:51.0346 1316	athr            (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys
19:21:51.0477 1316	athr - ok
19:21:51.0702 1316	atikmdag        (37456be85384e4cc38dc899f07f88c45) C:\Windows\system32\DRIVERS\atikmdag.sys
19:21:52.0014 1316	atikmdag - ok
19:21:52.0111 1316	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
19:21:52.0129 1316	avgntflt - ok
19:21:52.0148 1316	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
19:21:52.0167 1316	avipbb - ok
19:21:52.0189 1316	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
19:21:52.0203 1316	avkmgr - ok
19:21:52.0307 1316	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:21:52.0384 1316	b06bdrv - ok
19:21:52.0477 1316	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:21:52.0511 1316	b57nd60a - ok
19:21:52.0631 1316	BCM43XX         (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
19:21:52.0731 1316	BCM43XX - ok
19:21:52.0846 1316	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:21:52.0936 1316	Beep - ok
19:21:53.0067 1316	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:21:53.0114 1316	blbdrive - ok
19:21:53.0341 1316	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:21:53.0409 1316	bowser - ok
19:21:53.0497 1316	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:21:53.0541 1316	BrFiltLo - ok
19:21:53.0573 1316	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:21:53.0601 1316	BrFiltUp - ok
19:21:53.0670 1316	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:21:53.0738 1316	Brserid - ok
19:21:53.0827 1316	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:21:53.0876 1316	BrSerWdm - ok
19:21:53.0918 1316	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:21:53.0956 1316	BrUsbMdm - ok
19:21:54.0056 1316	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:21:54.0102 1316	BrUsbSer - ok
19:21:54.0187 1316	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:21:54.0238 1316	BTHMODEM - ok
19:21:54.0361 1316	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:21:54.0446 1316	cdfs - ok
19:21:54.0535 1316	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:21:54.0588 1316	cdrom - ok
19:21:54.0705 1316	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:21:54.0734 1316	circlass - ok
19:21:54.0781 1316	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:21:54.0809 1316	CLFS - ok
19:21:54.0947 1316	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:21:54.0980 1316	CmBatt - ok
19:21:55.0010 1316	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:21:55.0021 1316	cmdide - ok
19:21:55.0084 1316	CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
19:21:55.0142 1316	CNG - ok
19:21:55.0242 1316	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:21:55.0263 1316	Compbatt - ok
19:21:55.0294 1316	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:21:55.0351 1316	CompositeBus - ok
19:21:55.0494 1316	cpuz132 - ok
19:21:55.0573 1316	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:21:55.0590 1316	crcdisk - ok
19:21:55.0732 1316	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:21:55.0797 1316	DfsC - ok
19:21:55.0832 1316	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:21:55.0905 1316	discache - ok
19:21:55.0988 1316	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:21:56.0007 1316	Disk - ok
19:21:56.0030 1316	DKbFltr - ok
19:21:56.0122 1316	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:21:56.0178 1316	drmkaud - ok
19:21:56.0272 1316	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:21:56.0320 1316	DXGKrnl - ok
19:21:56.0452 1316	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:21:56.0636 1316	ebdrv - ok
19:21:56.0783 1316	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:21:56.0818 1316	elxstor - ok
19:21:56.0933 1316	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:21:56.0972 1316	ErrDev - ok
19:21:57.0093 1316	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:21:57.0175 1316	exfat - ok
19:21:57.0203 1316	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:21:57.0273 1316	fastfat - ok
19:21:57.0375 1316	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:21:57.0401 1316	fdc - ok
19:21:57.0437 1316	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:21:57.0453 1316	FileInfo - ok
19:21:57.0532 1316	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:21:57.0603 1316	Filetrace - ok
19:21:57.0654 1316	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:21:57.0704 1316	flpydisk - ok
19:21:57.0805 1316	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:21:57.0827 1316	FltMgr - ok
19:21:57.0858 1316	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:21:57.0869 1316	FsDepends - ok
19:21:57.0954 1316	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:21:57.0974 1316	Fs_Rec - ok
19:21:58.0041 1316	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:21:58.0067 1316	fvevol - ok
19:21:58.0104 1316	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:21:58.0120 1316	gagp30kx - ok
19:21:58.0243 1316	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:21:58.0258 1316	GEARAspiWDM - ok
19:21:58.0389 1316	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:21:58.0433 1316	hcw85cir - ok
19:21:58.0530 1316	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:21:58.0583 1316	HdAudAddService - ok
19:21:58.0684 1316	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:21:58.0745 1316	HDAudBus - ok
19:21:58.0785 1316	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
19:21:58.0801 1316	HECIx64 - ok
19:21:58.0839 1316	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:21:58.0885 1316	HidBatt - ok
19:21:58.0921 1316	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:21:58.0942 1316	HidBth - ok
19:21:58.0964 1316	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:21:58.0988 1316	HidIr - ok
19:21:59.0011 1316	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:21:59.0040 1316	HidUsb - ok
19:21:59.0171 1316	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:21:59.0186 1316	HpSAMD - ok
19:21:59.0231 1316	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:21:59.0340 1316	HTTP - ok
19:21:59.0368 1316	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:21:59.0379 1316	hwpolicy - ok
19:21:59.0413 1316	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:21:59.0430 1316	i8042prt - ok
19:21:59.0639 1316	iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
19:21:59.0667 1316	iaStor - ok
19:21:59.0775 1316	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:21:59.0800 1316	iaStorV - ok
19:22:00.0099 1316	igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:22:00.0371 1316	igfx - ok
19:22:00.0472 1316	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:22:00.0483 1316	iirsp - ok
19:22:00.0635 1316	IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys
19:22:00.0707 1316	IntcAzAudAddService - ok
19:22:00.0790 1316	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:22:00.0799 1316	intelide - ok
19:22:00.0830 1316	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:22:00.0844 1316	intelppm - ok
19:22:00.0942 1316	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:22:01.0003 1316	IpFilterDriver - ok
19:22:01.0118 1316	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:22:01.0151 1316	IPMIDRV - ok
19:22:01.0180 1316	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:22:01.0248 1316	IPNAT - ok
19:22:01.0360 1316	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:22:01.0458 1316	IRENUM - ok
19:22:01.0485 1316	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:22:01.0503 1316	isapnp - ok
19:22:01.0528 1316	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:22:01.0550 1316	iScsiPrt - ok
19:22:01.0591 1316	k57nd60a        (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
19:22:01.0610 1316	k57nd60a - ok
19:22:01.0739 1316	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:22:01.0759 1316	kbdclass - ok
19:22:01.0796 1316	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:22:01.0840 1316	kbdhid - ok
19:22:01.0906 1316	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
19:22:01.0923 1316	KSecDD - ok
19:22:01.0948 1316	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
19:22:01.0966 1316	KSecPkg - ok
19:22:02.0057 1316	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:22:02.0132 1316	ksthunk - ok
19:22:02.0253 1316	L1E             (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
19:22:02.0284 1316	L1E - ok
19:22:02.0383 1316	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:22:02.0477 1316	lltdio - ok
19:22:02.0604 1316	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:22:02.0625 1316	LSI_FC - ok
19:22:02.0664 1316	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:22:02.0681 1316	LSI_SAS - ok
19:22:02.0702 1316	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:22:02.0717 1316	LSI_SAS2 - ok
19:22:02.0734 1316	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:22:02.0747 1316	LSI_SCSI - ok
19:22:02.0780 1316	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:22:02.0858 1316	luafv - ok
19:22:02.0985 1316	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
19:22:03.0001 1316	MBAMProtector - ok
19:22:03.0121 1316	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:22:03.0140 1316	megasas - ok
19:22:03.0162 1316	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:22:03.0180 1316	MegaSR - ok
19:22:03.0211 1316	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:22:03.0282 1316	Modem - ok
19:22:03.0307 1316	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:22:03.0355 1316	monitor - ok
19:22:03.0401 1316	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:22:03.0423 1316	mouclass - ok
19:22:03.0509 1316	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:22:03.0558 1316	mouhid - ok
19:22:03.0599 1316	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:22:03.0619 1316	mountmgr - ok
19:22:03.0642 1316	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:22:03.0655 1316	mpio - ok
19:22:03.0674 1316	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:22:03.0732 1316	mpsdrv - ok
19:22:03.0815 1316	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:22:03.0869 1316	MRxDAV - ok
19:22:03.0919 1316	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:22:03.0954 1316	mrxsmb - ok
19:22:04.0004 1316	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:22:04.0025 1316	mrxsmb10 - ok
19:22:04.0065 1316	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:22:04.0103 1316	mrxsmb20 - ok
19:22:04.0204 1316	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:22:04.0221 1316	msahci - ok
19:22:04.0239 1316	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:22:04.0260 1316	msdsm - ok
19:22:04.0299 1316	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:22:04.0344 1316	Msfs - ok
19:22:04.0367 1316	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:22:04.0444 1316	mshidkmdf - ok
19:22:04.0532 1316	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:22:04.0549 1316	msisadrv - ok
19:22:04.0655 1316	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:22:04.0737 1316	MSKSSRV - ok
19:22:04.0774 1316	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:22:04.0836 1316	MSPCLOCK - ok
19:22:04.0861 1316	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:22:04.0924 1316	MSPQM - ok
19:22:04.0954 1316	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:22:04.0971 1316	MsRPC - ok
19:22:04.0994 1316	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:22:05.0005 1316	mssmbios - ok
19:22:05.0042 1316	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:22:05.0110 1316	MSTEE - ok
19:22:05.0210 1316	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:22:05.0252 1316	MTConfig - ok
19:22:05.0280 1316	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:22:05.0295 1316	Mup - ok
19:22:05.0337 1316	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:22:05.0387 1316	NativeWifiP - ok
19:22:05.0526 1316	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:22:05.0574 1316	NDIS - ok
19:22:05.0672 1316	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:22:05.0760 1316	NdisCap - ok
19:22:05.0787 1316	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:22:05.0851 1316	NdisTapi - ok
19:22:05.0905 1316	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:22:05.0985 1316	Ndisuio - ok
19:22:06.0013 1316	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:22:06.0062 1316	NdisWan - ok
19:22:06.0100 1316	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:22:06.0190 1316	NDProxy - ok
19:22:06.0305 1316	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:22:06.0361 1316	NetBIOS - ok
19:22:06.0389 1316	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:22:06.0450 1316	NetBT - ok
19:22:06.0556 1316	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:22:06.0578 1316	nfrd960 - ok
19:22:06.0695 1316	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:22:06.0776 1316	Npfs - ok
19:22:06.0811 1316	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:22:06.0897 1316	nsiproxy - ok
19:22:07.0014 1316	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:22:07.0112 1316	Ntfs - ok
19:22:07.0196 1316	NTIDrvr         (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
19:22:07.0210 1316	NTIDrvr - ok
19:22:07.0239 1316	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:22:07.0307 1316	Null - ok
19:22:07.0363 1316	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:22:07.0376 1316	nvraid - ok
19:22:07.0402 1316	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:22:07.0419 1316	nvstor - ok
19:22:07.0518 1316	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:22:07.0544 1316	nv_agp - ok
19:22:07.0693 1316	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:22:07.0723 1316	ohci1394 - ok
19:22:07.0827 1316	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:22:07.0852 1316	Parport - ok
19:22:07.0887 1316	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:22:07.0898 1316	partmgr - ok
19:22:07.0921 1316	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:22:07.0936 1316	pci - ok
19:22:07.0954 1316	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:22:07.0965 1316	pciide - ok
19:22:07.0993 1316	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:22:08.0009 1316	pcmcia - ok
19:22:08.0027 1316	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:22:08.0052 1316	pcw - ok
19:22:08.0079 1316	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:22:08.0170 1316	PEAUTH - ok
19:22:08.0314 1316	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:22:08.0397 1316	PptpMiniport - ok
19:22:08.0441 1316	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:22:08.0480 1316	Processor - ok
19:22:08.0601 1316	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:22:08.0690 1316	Psched - ok
19:22:08.0715 1316	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:22:08.0723 1316	PxHlpa64 - ok
19:22:08.0819 1316	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:22:08.0908 1316	ql2300 - ok
19:22:08.0995 1316	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:22:09.0012 1316	ql40xx - ok
19:22:09.0038 1316	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:22:09.0072 1316	QWAVEdrv - ok
19:22:09.0111 1316	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:22:09.0175 1316	RasAcd - ok
19:22:09.0263 1316	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:22:09.0324 1316	RasAgileVpn - ok
19:22:09.0375 1316	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:22:09.0456 1316	Rasl2tp - ok
19:22:09.0556 1316	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:22:09.0647 1316	RasPppoe - ok
19:22:09.0688 1316	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:22:09.0756 1316	RasSstp - ok
19:22:09.0793 1316	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:22:09.0859 1316	rdbss - ok
19:22:09.0885 1316	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:22:09.0903 1316	rdpbus - ok
19:22:09.0931 1316	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:22:10.0000 1316	RDPCDD - ok
19:22:10.0037 1316	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:22:10.0080 1316	RDPENCDD - ok
19:22:10.0103 1316	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:22:10.0147 1316	RDPREFMP - ok
19:22:10.0164 1316	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
19:22:10.0228 1316	RDPWD - ok
19:22:10.0265 1316	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:22:10.0280 1316	rdyboost - ok
19:22:10.0366 1316	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:22:10.0443 1316	rspndr - ok
19:22:10.0545 1316	RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys
19:22:10.0562 1316	RTHDMIAzAudService - ok
19:22:10.0590 1316	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:22:10.0609 1316	sbp2port - ok
19:22:10.0631 1316	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:22:10.0707 1316	scfilter - ok
19:22:10.0750 1316	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:22:10.0800 1316	secdrv - ok
19:22:10.0881 1316	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:22:10.0906 1316	Serenum - ok
19:22:10.0946 1316	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:22:10.0979 1316	Serial - ok
19:22:11.0060 1316	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:22:11.0105 1316	sermouse - ok
19:22:11.0152 1316	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:22:11.0206 1316	sffdisk - ok
19:22:11.0217 1316	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:22:11.0248 1316	sffp_mmc - ok
19:22:11.0260 1316	sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:22:11.0286 1316	sffp_sd - ok
19:22:11.0323 1316	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:22:11.0363 1316	sfloppy - ok
19:22:11.0409 1316	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:22:11.0420 1316	SiSRaid2 - ok
19:22:11.0439 1316	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:22:11.0449 1316	SiSRaid4 - ok
19:22:11.0487 1316	SMARTMouseFilterx64 (323ddcd15db2a7fed09df1f835cafcfb) C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys
19:22:11.0494 1316	SMARTMouseFilterx64 - ok
19:22:11.0529 1316	SMARTVHidMiniVistaAmd64 (6c691320c71ca8e8c38f52b2ce652c64) C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
19:22:11.0538 1316	SMARTVHidMiniVistaAmd64 - ok
19:22:11.0659 1316	SMARTVTabletPCx64 (20563f6830badd675407af0f5bca76ba) C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys
19:22:11.0689 1316	SMARTVTabletPCx64 - ok
19:22:11.0779 1316	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:22:11.0837 1316	Smb - ok
19:22:11.0952 1316	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:22:11.0974 1316	spldr - ok
19:22:12.0129 1316	sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
19:22:12.0129 1316	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
19:22:12.0153 1316	sptd ( LockedFile.Multi.Generic ) - warning
19:22:12.0153 1316	sptd - detected LockedFile.Multi.Generic (1)
19:22:12.0212 1316	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:22:12.0261 1316	srv - ok
19:22:12.0656 1316	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:22:12.0705 1316	srv2 - ok
19:22:12.0811 1316	SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:22:12.0860 1316	SrvHsfHDA - ok
19:22:12.0941 1316	SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:22:13.0071 1316	SrvHsfV92 - ok
19:22:13.0168 1316	SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:22:13.0210 1316	SrvHsfWinac - ok
19:22:13.0266 1316	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:22:13.0297 1316	srvnet - ok
19:22:13.0394 1316	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:22:13.0406 1316	stexstor - ok
19:22:13.0433 1316	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:22:13.0445 1316	swenum - ok
19:22:13.0571 1316	Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
19:22:13.0687 1316	Tcpip - ok
19:22:13.0840 1316	TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
19:22:13.0897 1316	TCPIP6 - ok
19:22:13.0926 1316	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:22:13.0968 1316	tcpipreg - ok
19:22:13.0983 1316	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:22:14.0025 1316	TDPIPE - ok
19:22:14.0039 1316	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:22:14.0081 1316	TDTCP - ok
19:22:14.0115 1316	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:22:14.0191 1316	tdx - ok
19:22:14.0729 1316	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:22:14.0740 1316	TermDD - ok
19:22:14.0915 1316	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:22:15.0006 1316	tssecsrv - ok
19:22:15.0160 1316	TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
19:22:15.0173 1316	TuneUpUtilitiesDrv - ok
19:22:15.0337 1316	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:22:15.0380 1316	tunnel - ok
19:22:15.0496 1316	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:22:15.0510 1316	uagp35 - ok
19:22:15.0594 1316	UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
19:22:15.0602 1316	UBHelper - ok
19:22:15.0719 1316	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:22:15.0793 1316	udfs - ok
19:22:15.0881 1316	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:22:15.0892 1316	uliagpkx - ok
19:22:15.0971 1316	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:22:16.0004 1316	umbus - ok
19:22:16.0120 1316	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:22:16.0157 1316	UmPass - ok
19:22:16.0297 1316	usbccgp         (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
19:22:16.0412 1316	usbccgp - ok
19:22:17.0122 1316	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:22:17.0175 1316	usbcir - ok
19:22:17.0288 1316	usbehci         (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
19:22:17.0307 1316	usbehci - ok
19:22:17.0416 1316	usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
19:22:17.0454 1316	usbhub - ok
19:22:17.0543 1316	usbohci         (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
19:22:17.0577 1316	usbohci - ok
19:22:17.0673 1316	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:22:17.0730 1316	usbprint - ok
19:22:17.0836 1316	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:22:17.0891 1316	usbscan - ok
19:22:17.0936 1316	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:22:17.0975 1316	USBSTOR - ok
19:22:18.0062 1316	usbuhci         (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
19:22:18.0099 1316	usbuhci - ok
19:22:18.0216 1316	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
19:22:18.0266 1316	usbvideo - ok
19:22:18.0401 1316	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:22:18.0422 1316	vdrvroot - ok
19:22:18.0530 1316	vflt            (70eb327d68d7cec357b734b0be5b4a21) C:\Windows\system32\DRIVERS\vfilter.sys
19:22:18.0591 1316	vflt - ok
19:22:18.0670 1316	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:22:18.0698 1316	vga - ok
19:22:18.0723 1316	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:22:18.0802 1316	VgaSave - ok
19:22:18.0836 1316	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:22:18.0852 1316	vhdmp - ok
19:22:18.0868 1316	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:22:18.0879 1316	viaide - ok
19:22:18.0919 1316	vnet            (71bf90872b6a7b34a26f4794dda7aec3) C:\Windows\system32\DRIVERS\virtualnet.sys
19:22:18.0948 1316	vnet - ok
19:22:19.0028 1316	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:22:19.0049 1316	volmgr - ok
19:22:19.0093 1316	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:22:19.0122 1316	volmgrx - ok
19:22:19.0152 1316	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:22:19.0169 1316	volsnap - ok
19:22:19.0208 1316	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:22:19.0234 1316	vsmraid - ok
19:22:19.0253 1316	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:22:19.0270 1316	vwifibus - ok
19:22:19.0286 1316	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:22:19.0318 1316	vwififlt - ok
19:22:19.0401 1316	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:22:19.0434 1316	vwifimp - ok
19:22:19.0471 1316	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:22:19.0503 1316	WacomPen - ok
19:22:19.0598 1316	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:22:19.0687 1316	WANARP - ok
19:22:19.0702 1316	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:22:19.0745 1316	Wanarpv6 - ok
19:22:19.0828 1316	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:22:19.0845 1316	Wd - ok
19:22:19.0893 1316	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:22:19.0925 1316	Wdf01000 - ok
19:22:20.0033 1316	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:22:20.0088 1316	WfpLwf - ok
19:22:20.0111 1316	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:22:20.0121 1316	WIMMount - ok
19:22:20.0226 1316	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:22:20.0279 1316	WmiAcpi - ok
19:22:20.0337 1316	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:22:20.0387 1316	ws2ifsl - ok
19:22:20.0489 1316	WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
19:22:20.0530 1316	WSDPrintDevice - ok
19:22:20.0577 1316	WSDScan         (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
19:22:20.0623 1316	WSDScan - ok
19:22:20.0678 1316	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:22:20.0734 1316	WudfPf - ok
19:22:20.0824 1316	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:22:20.0876 1316	WUDFRd - ok
19:22:20.0942 1316	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:22:21.0364 1316	\Device\Harddisk0\DR0 - ok
19:22:21.0369 1316	Boot (0x1200)   (5084b237f994720576dda6f076446c33) \Device\Harddisk0\DR0\Partition0
19:22:21.0371 1316	\Device\Harddisk0\DR0\Partition0 - ok
19:22:21.0400 1316	Boot (0x1200)   (3eb7387fe34f95fdc6f45ff6db20bcf6) \Device\Harddisk0\DR0\Partition1
19:22:21.0402 1316	\Device\Harddisk0\DR0\Partition1 - ok
19:22:21.0403 1316	============================================================
19:22:21.0403 1316	Scan finished
19:22:21.0403 1316	============================================================
19:22:21.0430 4980	Detected object count: 1
19:22:21.0430 4980	Actual detected object count: 1
19:22:46.0144 4980	sptd ( LockedFile.Multi.Generic ) - skipped by user
19:22:46.0144 4980	sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
19:22:56.0158 1512	============================================================
19:22:56.0158 1512	Scan started
19:22:56.0158 1512	Mode: Manual; SigCheck; TDLFS; 
19:22:56.0158 1512	============================================================
19:22:56.0511 1512	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:22:56.0556 1512	1394ohci - ok
19:22:56.0654 1512	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:22:56.0687 1512	ACPI - ok
19:22:56.0719 1512	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:22:56.0746 1512	AcpiPmi - ok
19:22:56.0799 1512	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:22:56.0830 1512	adp94xx - ok
19:22:56.0869 1512	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:22:56.0885 1512	adpahci - ok
19:22:56.0911 1512	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:22:56.0926 1512	adpu320 - ok
19:22:56.0986 1512	AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
19:22:57.0016 1512	AFD - ok
19:22:57.0044 1512	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:22:57.0055 1512	agp440 - ok
19:22:57.0079 1512	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:22:57.0090 1512	aliide - ok
19:22:57.0114 1512	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:22:57.0124 1512	amdide - ok
19:22:57.0138 1512	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:22:57.0153 1512	AmdK8 - ok
19:22:57.0173 1512	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:22:57.0187 1512	AmdPPM - ok
19:22:57.0228 1512	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:22:57.0240 1512	amdsata - ok
19:22:57.0268 1512	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:22:57.0284 1512	amdsbs - ok
19:22:57.0369 1512	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:22:57.0390 1512	amdxata - ok
19:22:57.0430 1512	AmUStor         (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
19:22:57.0445 1512	AmUStor - ok
19:22:57.0485 1512	ApfiltrService  (9815014f3e30357168da272088c6f12f) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:22:57.0501 1512	ApfiltrService - ok
19:22:57.0530 1512	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:22:57.0552 1512	AppID - ok
19:22:57.0581 1512	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:22:57.0593 1512	arc - ok
19:22:57.0616 1512	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:22:57.0629 1512	arcsas - ok
19:22:57.0650 1512	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:22:57.0698 1512	AsyncMac - ok
19:22:57.0714 1512	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:22:57.0724 1512	atapi - ok
19:22:57.0783 1512	athr            (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys
19:22:57.0816 1512	athr - ok
19:22:58.0037 1512	atikmdag        (37456be85384e4cc38dc899f07f88c45) C:\Windows\system32\DRIVERS\atikmdag.sys
19:22:58.0128 1512	atikmdag - ok
19:22:58.0166 1512	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
19:22:58.0177 1512	avgntflt - ok
19:22:58.0192 1512	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
19:22:58.0202 1512	avipbb - ok
19:22:58.0222 1512	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
19:22:58.0231 1512	avkmgr - ok
19:22:58.0273 1512	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:22:58.0293 1512	b06bdrv - ok
19:22:58.0354 1512	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:22:58.0387 1512	b57nd60a - ok
19:22:58.0427 1512	BCM43XX         (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
19:22:58.0463 1512	BCM43XX - ok
19:22:58.0478 1512	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:22:58.0522 1512	Beep - ok
19:22:58.0544 1512	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:22:58.0558 1512	blbdrive - ok
19:22:58.0607 1512	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:22:58.0634 1512	bowser - ok
19:22:58.0663 1512	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:22:58.0691 1512	BrFiltLo - ok
19:22:58.0706 1512	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:22:58.0727 1512	BrFiltUp - ok
19:22:58.0757 1512	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:22:58.0776 1512	Brserid - ok
19:22:58.0793 1512	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:22:58.0812 1512	BrSerWdm - ok
19:22:58.0829 1512	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:22:58.0849 1512	BrUsbMdm - ok
19:22:58.0859 1512	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:22:58.0873 1512	BrUsbSer - ok
19:22:58.0887 1512	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:22:58.0905 1512	BTHMODEM - ok
19:22:58.0927 1512	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:22:58.0971 1512	cdfs - ok
19:22:58.0990 1512	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:22:59.0006 1512	cdrom - ok
19:22:59.0027 1512	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:22:59.0045 1512	circlass - ok
19:22:59.0080 1512	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:22:59.0097 1512	CLFS - ok
19:22:59.0158 1512	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:22:59.0184 1512	CmBatt - ok
19:22:59.0243 1512	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:22:59.0262 1512	cmdide - ok
19:22:59.0316 1512	CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
19:22:59.0349 1512	CNG - ok
19:22:59.0375 1512	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:22:59.0386 1512	Compbatt - ok
19:22:59.0461 1512	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:22:59.0489 1512	CompositeBus - ok
19:22:59.0550 1512	cpuz132 - ok
19:22:59.0641 1512	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:22:59.0658 1512	crcdisk - ok
19:22:59.0721 1512	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:22:59.0735 1512	DfsC - ok
19:22:59.0766 1512	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:22:59.0814 1512	discache - ok
19:22:59.0833 1512	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:22:59.0844 1512	Disk - ok
19:22:59.0847 1512	DKbFltr - ok
19:22:59.0867 1512	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:22:59.0885 1512	drmkaud - ok
19:22:59.0952 1512	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:22:59.0992 1512	DXGKrnl - ok
19:23:00.0127 1512	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:23:00.0181 1512	ebdrv - ok
19:23:00.0226 1512	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:23:00.0247 1512	elxstor - ok
19:23:00.0266 1512	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:23:00.0281 1512	ErrDev - ok
19:23:00.0304 1512	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:23:00.0349 1512	exfat - ok
19:23:00.0371 1512	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:23:00.0416 1512	fastfat - ok
19:23:00.0431 1512	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:23:00.0445 1512	fdc - ok
19:23:00.0470 1512	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:23:00.0482 1512	FileInfo - ok
19:23:00.0500 1512	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:23:00.0544 1512	Filetrace - ok
19:23:00.0577 1512	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:23:00.0589 1512	flpydisk - ok
19:23:00.0616 1512	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:23:00.0632 1512	FltMgr - ok
19:23:00.0659 1512	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:23:00.0670 1512	FsDepends - ok
19:23:00.0688 1512	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:23:00.0699 1512	Fs_Rec - ok
19:23:00.0741 1512	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:23:00.0757 1512	fvevol - ok
19:23:00.0793 1512	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:23:00.0805 1512	gagp30kx - ok
19:23:00.0843 1512	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:23:00.0857 1512	GEARAspiWDM - ok
19:23:00.0911 1512	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:23:00.0928 1512	hcw85cir - ok
19:23:00.0952 1512	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:23:00.0976 1512	HdAudAddService - ok
19:23:00.0995 1512	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:23:01.0014 1512	HDAudBus - ok
19:23:01.0052 1512	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
19:23:01.0061 1512	HECIx64 - ok
19:23:01.0095 1512	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:23:01.0110 1512	HidBatt - ok
19:23:01.0177 1512	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:23:01.0211 1512	HidBth - ok
19:23:01.0231 1512	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:23:01.0253 1512	HidIr - ok
19:23:01.0278 1512	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:23:01.0293 1512	HidUsb - ok
19:23:01.0316 1512	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:23:01.0328 1512	HpSAMD - ok
19:23:01.0354 1512	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:23:01.0413 1512	HTTP - ok
19:23:01.0435 1512	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:23:01.0446 1512	hwpolicy - ok
19:23:01.0470 1512	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:23:01.0486 1512	i8042prt - ok
19:23:01.0527 1512	iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
19:23:01.0543 1512	iaStor - ok
19:23:01.0599 1512	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:23:01.0631 1512	iaStorV - ok
19:23:01.0904 1512	igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:23:01.0996 1512	igfx - ok
19:23:02.0017 1512	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:23:02.0027 1512	iirsp - ok
19:23:02.0105 1512	IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys
19:23:02.0155 1512	IntcAzAudAddService - ok
19:23:02.0179 1512	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:23:02.0190 1512	intelide - ok
19:23:02.0209 1512	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:23:02.0224 1512	intelppm - ok
19:23:02.0243 1512	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:23:02.0289 1512	IpFilterDriver - ok
19:23:02.0308 1512	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:23:02.0323 1512	IPMIDRV - ok
19:23:02.0347 1512	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:23:02.0392 1512	IPNAT - ok
19:23:02.0416 1512	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:23:02.0435 1512	IRENUM - ok
19:23:02.0452 1512	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:23:02.0463 1512	isapnp - ok
19:23:02.0484 1512	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:23:02.0498 1512	iScsiPrt - ok
19:23:02.0536 1512	k57nd60a        (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
19:23:02.0550 1512	k57nd60a - ok
19:23:02.0584 1512	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:23:02.0607 1512	kbdclass - ok
19:23:02.0641 1512	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:23:02.0666 1512	kbdhid - ok
19:23:02.0729 1512	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
19:23:02.0742 1512	KSecDD - ok
19:23:02.0759 1512	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
19:23:02.0773 1512	KSecPkg - ok
19:23:02.0803 1512	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:23:02.0848 1512	ksthunk - ok
19:23:02.0943 1512	L1E             (2ac603c3188c704cfce353659aa7ad71) C:\Windows\system32\DRIVERS\L1E62x64.sys
19:23:02.0966 1512	L1E - ok
19:23:02.0995 1512	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:23:03.0055 1512	lltdio - ok
19:23:03.0082 1512	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:23:03.0095 1512	LSI_FC - ok
19:23:03.0120 1512	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:23:03.0133 1512	LSI_SAS - ok
19:23:03.0147 1512	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:23:03.0158 1512	LSI_SAS2 - ok
19:23:03.0179 1512	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:23:03.0191 1512	LSI_SCSI - ok
19:23:03.0214 1512	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:23:03.0259 1512	luafv - ok
19:23:03.0285 1512	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
19:23:03.0294 1512	MBAMProtector - ok
19:23:03.0322 1512	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:23:03.0333 1512	megasas - ok
19:23:03.0352 1512	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:23:03.0367 1512	MegaSR - ok
19:23:03.0380 1512	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:23:03.0424 1512	Modem - ok
19:23:03.0441 1512	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:23:03.0458 1512	monitor - ok
19:23:03.0479 1512	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:23:03.0490 1512	mouclass - ok
19:23:03.0509 1512	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:23:03.0524 1512	mouhid - ok
19:23:03.0544 1512	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:23:03.0558 1512	mountmgr - ok
19:23:03.0577 1512	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:23:03.0592 1512	mpio - ok
19:23:03.0608 1512	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:23:03.0654 1512	mpsdrv - ok
19:23:03.0672 1512	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:23:03.0692 1512	MRxDAV - ok
19:23:03.0743 1512	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:23:03.0758 1512	mrxsmb - ok
19:23:03.0805 1512	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:23:03.0824 1512	mrxsmb10 - ok
19:23:03.0866 1512	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:23:03.0881 1512	mrxsmb20 - ok
19:23:03.0915 1512	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:23:03.0927 1512	msahci - ok
19:23:03.0951 1512	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:23:03.0966 1512	msdsm - ok
19:23:03.0988 1512	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:23:04.0033 1512	Msfs - ok
19:23:04.0046 1512	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:23:04.0091 1512	mshidkmdf - ok
19:23:04.0110 1512	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:23:04.0121 1512	msisadrv - ok
19:23:04.0145 1512	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:23:04.0189 1512	MSKSSRV - ok
19:23:04.0208 1512	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:23:04.0252 1512	MSPCLOCK - ok
19:23:04.0273 1512	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:23:04.0316 1512	MSPQM - ok
19:23:04.0355 1512	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:23:04.0387 1512	MsRPC - ok
19:23:04.0406 1512	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:23:04.0416 1512	mssmbios - ok
19:23:04.0431 1512	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:23:04.0476 1512	MSTEE - ok
19:23:04.0488 1512	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:23:04.0501 1512	MTConfig - ok
19:23:04.0525 1512	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:23:04.0536 1512	Mup - ok
19:23:04.0559 1512	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:23:04.0584 1512	NativeWifiP - ok
19:23:04.0624 1512	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
19:23:04.0652 1512	NDIS - ok
19:23:04.0673 1512	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:23:04.0718 1512	NdisCap - ok
19:23:04.0728 1512	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:23:04.0770 1512	NdisTapi - ok
19:23:04.0795 1512	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:23:04.0840 1512	Ndisuio - ok
19:23:04.0858 1512	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:23:04.0905 1512	NdisWan - ok
19:23:04.0923 1512	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:23:04.0968 1512	NDProxy - ok
19:23:04.0984 1512	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:23:05.0027 1512	NetBIOS - ok
19:23:05.0045 1512	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:23:05.0092 1512	NetBT - ok
19:23:05.0123 1512	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:23:05.0134 1512	nfrd960 - ok
19:23:05.0151 1512	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:23:05.0195 1512	Npfs - ok
19:23:05.0212 1512	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:23:05.0255 1512	nsiproxy - ok
19:23:05.0359 1512	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:23:05.0409 1512	Ntfs - ok
19:23:05.0441 1512	NTIDrvr         (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
19:23:05.0449 1512	NTIDrvr - ok
19:23:05.0495 1512	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:23:05.0552 1512	Null - ok
19:23:05.0674 1512	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:23:05.0701 1512	nvraid - ok
19:23:05.0736 1512	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:23:05.0763 1512	nvstor - ok
19:23:05.0796 1512	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:23:05.0808 1512	nv_agp - ok
19:23:05.0882 1512	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:23:05.0905 1512	ohci1394 - ok
19:23:05.0937 1512	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:23:05.0953 1512	Parport - ok
19:23:05.0975 1512	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:23:05.0988 1512	partmgr - ok
19:23:06.0010 1512	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:23:06.0023 1512	pci - ok
19:23:06.0043 1512	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
19:23:06.0053 1512	pciide - ok
19:23:06.0082 1512	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:23:06.0098 1512	pcmcia - ok
19:23:06.0116 1512	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:23:06.0128 1512	pcw - ok
19:23:06.0157 1512	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:23:06.0210 1512	PEAUTH - ok
19:23:06.0258 1512	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:23:06.0304 1512	PptpMiniport - ok
19:23:06.0319 1512	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:23:06.0332 1512	Processor - ok
19:23:06.0356 1512	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:23:06.0400 1512	Psched - ok
19:23:06.0426 1512	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:23:06.0434 1512	PxHlpa64 - ok
19:23:06.0507 1512	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:23:06.0550 1512	ql2300 - ok
19:23:06.0628 1512	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:23:06.0647 1512	ql40xx - ok
19:23:06.0671 1512	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:23:06.0692 1512	QWAVEdrv - ok
19:23:06.0711 1512	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:23:06.0754 1512	RasAcd - ok
19:23:06.0785 1512	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:23:06.0830 1512	RasAgileVpn - ok
19:23:06.0864 1512	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:23:06.0910 1512	Rasl2tp - ok
19:23:06.0934 1512	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:23:06.0980 1512	RasPppoe - ok
19:23:06.0999 1512	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:23:07.0044 1512	RasSstp - ok
19:23:07.0061 1512	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:23:07.0107 1512	rdbss - ok
19:23:07.0130 1512	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:23:07.0146 1512	rdpbus - ok
19:23:07.0165 1512	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:23:07.0208 1512	RDPCDD - ok
19:23:07.0219 1512	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:23:07.0261 1512	RDPENCDD - ok
19:23:07.0281 1512	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:23:07.0323 1512	RDPREFMP - ok
19:23:07.0342 1512	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
19:23:07.0389 1512	RDPWD - ok
19:23:07.0410 1512	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
19:23:07.0423 1512	rdyboost - ok
19:23:07.0455 1512	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:23:07.0500 1512	rspndr - ok
19:23:07.0534 1512	RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys
19:23:07.0546 1512	RTHDMIAzAudService - ok
19:23:07.0580 1512	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:23:07.0593 1512	sbp2port - ok
19:23:07.0621 1512	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:23:07.0670 1512	scfilter - ok
19:23:07.0688 1512	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:23:07.0732 1512	secdrv - ok
19:23:07.0759 1512	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:23:07.0773 1512	Serenum - ok
19:23:07.0792 1512	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:23:07.0807 1512	Serial - ok
19:23:07.0828 1512	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:23:07.0843 1512	sermouse - ok
19:23:07.0876 1512	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:23:07.0894 1512	sffdisk - ok
19:23:07.0903 1512	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:23:07.0922 1512	sffp_mmc - ok
19:23:07.0932 1512	sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:23:07.0949 1512	sffp_sd - ok
19:23:07.0968 1512	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:23:07.0984 1512	sfloppy - ok
19:23:08.0010 1512	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:23:08.0022 1512	SiSRaid2 - ok
19:23:08.0039 1512	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:23:08.0053 1512	SiSRaid4 - ok
19:23:08.0075 1512	SMARTMouseFilterx64 (323ddcd15db2a7fed09df1f835cafcfb) C:\Windows\system32\DRIVERS\SMARTMouseFilterx64.sys
19:23:08.0084 1512	SMARTMouseFilterx64 - ok
19:23:08.0114 1512	SMARTVHidMiniVistaAmd64 (6c691320c71ca8e8c38f52b2ce652c64) C:\Windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
19:23:08.0122 1512	SMARTVHidMiniVistaAmd64 - ok
19:23:08.0138 1512	SMARTVTabletPCx64 (20563f6830badd675407af0f5bca76ba) C:\Windows\system32\DRIVERS\SMARTVTabletPCx64.sys
19:23:08.0151 1512	SMARTVTabletPCx64 - ok
19:23:08.0180 1512	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:23:08.0233 1512	Smb - ok
19:23:08.0252 1512	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:23:08.0264 1512	spldr - ok
19:23:08.0341 1512	sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
19:23:08.0342 1512	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
19:23:08.0344 1512	sptd ( LockedFile.Multi.Generic ) - warning
19:23:08.0344 1512	sptd - detected LockedFile.Multi.Generic (1)
19:23:08.0402 1512	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:23:08.0427 1512	srv - ok
19:23:08.0468 1512	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:23:08.0485 1512	srv2 - ok
19:23:08.0522 1512	SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:23:08.0537 1512	SrvHsfHDA - ok
19:23:08.0609 1512	SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:23:08.0659 1512	SrvHsfV92 - ok
19:23:08.0688 1512	SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:23:08.0711 1512	SrvHsfWinac - ok
19:23:08.0756 1512	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:23:08.0771 1512	srvnet - ok
19:23:08.0851 1512	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:23:08.0868 1512	stexstor - ok
19:23:08.0890 1512	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:23:08.0901 1512	swenum - ok
19:23:09.0029 1512	Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
19:23:09.0077 1512	Tcpip - ok
19:23:09.0162 1512	TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
19:23:09.0220 1512	TCPIP6 - ok
19:23:09.0250 1512	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:23:09.0294 1512	tcpipreg - ok
19:23:09.0317 1512	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:23:09.0361 1512	TDPIPE - ok
19:23:09.0373 1512	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:23:09.0416 1512	TDTCP - ok
19:23:09.0438 1512	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:23:09.0481 1512	tdx - ok
19:23:09.0497 1512	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:23:09.0507 1512	TermDD - ok
19:23:09.0538 1512	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:23:09.0580 1512	tssecsrv - ok
19:23:09.0661 1512	TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
19:23:09.0674 1512	TuneUpUtilitiesDrv - ok
19:23:09.0750 1512	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:23:09.0810 1512	tunnel - ok
19:23:09.0830 1512	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:23:09.0842 1512	uagp35 - ok
19:23:09.0873 1512	UBHelper        (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
19:23:09.0881 1512	UBHelper - ok
19:23:09.0920 1512	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:23:09.0975 1512	udfs - ok
19:23:10.0015 1512	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:23:10.0026 1512	uliagpkx - ok
19:23:10.0050 1512	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:23:10.0066 1512	umbus - ok
19:23:10.0088 1512	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:23:10.0103 1512	UmPass - ok
19:23:10.0154 1512	usbccgp         (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
19:23:10.0180 1512	usbccgp - ok
19:23:10.0212 1512	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:23:10.0234 1512	usbcir - ok
19:23:10.0312 1512	usbehci         (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
19:23:10.0337 1512	usbehci - ok
19:23:10.0361 1512	usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
19:23:10.0380 1512	usbhub - ok
19:23:10.0411 1512	usbohci         (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
19:23:10.0425 1512	usbohci - ok
19:23:10.0463 1512	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:23:10.0482 1512	usbprint - ok
19:23:10.0515 1512	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:23:10.0536 1512	usbscan - ok
19:23:10.0570 1512	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:23:10.0585 1512	USBSTOR - ok
19:23:10.0629 1512	usbuhci         (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
19:23:10.0654 1512	usbuhci - ok
19:23:10.0695 1512	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
19:23:10.0712 1512	usbvideo - ok
19:23:10.0747 1512	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:23:10.0759 1512	vdrvroot - ok
19:23:10.0797 1512	vflt            (70eb327d68d7cec357b734b0be5b4a21) C:\Windows\system32\DRIVERS\vfilter.sys
19:23:10.0808 1512	vflt - ok
19:23:10.0827 1512	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:23:10.0846 1512	vga - ok
19:23:10.0869 1512	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:23:10.0914 1512	VgaSave - ok
19:23:10.0937 1512	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:23:10.0950 1512	vhdmp - ok
19:23:10.0969 1512	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:23:10.0980 1512	viaide - ok
19:23:11.0010 1512	vnet            (71bf90872b6a7b34a26f4794dda7aec3) C:\Windows\system32\DRIVERS\virtualnet.sys
19:23:11.0020 1512	vnet - ok
19:23:11.0040 1512	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:23:11.0053 1512	volmgr - ok
19:23:11.0093 1512	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:23:11.0111 1512	volmgrx - ok
19:23:11.0131 1512	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:23:11.0149 1512	volsnap - ok
19:23:11.0164 1512	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:23:11.0178 1512	vsmraid - ok
19:23:11.0198 1512	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:23:11.0216 1512	vwifibus - ok
19:23:11.0231 1512	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:23:11.0252 1512	vwififlt - ok
19:23:11.0268 1512	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
19:23:11.0289 1512	vwifimp - ok
19:23:11.0316 1512	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:23:11.0331 1512	WacomPen - ok
19:23:11.0354 1512	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:23:11.0398 1512	WANARP - ok
19:23:11.0403 1512	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:23:11.0447 1512	Wanarpv6 - ok
19:23:11.0465 1512	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:23:11.0475 1512	Wd - ok
19:23:11.0514 1512	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:23:11.0535 1512	Wdf01000 - ok
19:23:11.0568 1512	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:23:11.0614 1512	WfpLwf - ok
19:23:11.0623 1512	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:23:11.0634 1512	WIMMount - ok
19:23:11.0672 1512	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:23:11.0685 1512	WmiAcpi - ok
19:23:11.0705 1512	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:23:11.0747 1512	ws2ifsl - ok
19:23:11.0790 1512	WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
19:23:11.0808 1512	WSDPrintDevice - ok
19:23:11.0855 1512	WSDScan         (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
19:23:11.0888 1512	WSDScan - ok
19:23:11.0935 1512	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:23:11.0992 1512	WudfPf - ok
19:23:12.0013 1512	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:23:12.0059 1512	WUDFRd - ok
19:23:12.0087 1512	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:23:12.0510 1512	\Device\Harddisk0\DR0 - ok
19:23:12.0515 1512	Boot (0x1200)   (5084b237f994720576dda6f076446c33) \Device\Harddisk0\DR0\Partition0
19:23:12.0516 1512	\Device\Harddisk0\DR0\Partition0 - ok
19:23:12.0546 1512	Boot (0x1200)   (3eb7387fe34f95fdc6f45ff6db20bcf6) \Device\Harddisk0\DR0\Partition1
19:23:12.0547 1512	\Device\Harddisk0\DR0\Partition1 - ok
19:23:12.0548 1512	============================================================
19:23:12.0548 1512	Scan finished
19:23:12.0548 1512	============================================================
19:23:12.0564 6924	Detected object count: 1
19:23:12.0564 6924	Actual detected object count: 1
19:23:14.0795 6924	sptd ( LockedFile.Multi.Generic ) - skipped by user
19:23:14.0796 6924	sptd ( LockedFile.Multi.Generic ) - User select action: Skip
         

Alt 19.02.2012, 18:51   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung - Standard

Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung
adobe, alternate, antivir, autorun, avg, avira, bho, bonjour, error, excel, explorer, firefox, format, home, launch, logfile, mozilla, packard bell, photoshop, realtek, registry, scan, search the web, security, security scan, software, temp, version=1.0, virus, windows



Ähnliche Themen: Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung


  1. Neuer Rechner; Neuer Virenschutz & Windows 8 Secure-Einstellungen
    Antiviren-, Firewall- und andere Schutzprogramme - 12.10.2014 (21)
  2. Hunderte E-Mails nach Sperr-Trojaner ?
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (7)
  3. Sperr-Trojaner
    Log-Analyse und Auswertung - 05.10.2012 (6)
  4. E-mail sperr trojaner
    Log-Analyse und Auswertung - 16.07.2012 (12)
  5. Sperr-Trojaner eingefangen!
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (23)
  6. Windows Sperr Trojaner WinXP
    Log-Analyse und Auswertung - 03.05.2012 (3)
  7. Ein weiterer Fall: 50 € Virus - Windows gesperrt
    Log-Analyse und Auswertung - 11.04.2012 (22)
  8. (2x) Computer-Sperr-Trojaner entfernen
    Mülltonne - 30.03.2012 (3)
  9. Ein neuer Fall von TR\Crypt.XPACK.Gen.3
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (43)
  10. Windows Security Center Bezahlaufforderung von 100 €
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (1)
  11. XP Bezahlaufforderung Microsoft, Kaspersky... OTL schon laufen lassen...
    Plagegeister aller Art und deren Bekämpfung - 22.12.2011 (3)
  12. Hilfe zwecks Viruses!
    Log-Analyse und Auswertung - 13.11.2010 (22)
  13. Danger! Harmful viruses detected on your computer.
    Plagegeister aller Art und deren Bekämpfung - 13.04.2010 (5)
  14. Warning!!! Your computer contains various signs of viruses and malware..
    Plagegeister aller Art und deren Bekämpfung - 17.08.2009 (70)
  15. Probleme mit mir unbekanntem HDD-Sperr-Virus
    Plagegeister aller Art und deren Bekämpfung - 16.02.2008 (3)
  16. Escan: Total Viruses Found: 4
    Plagegeister aller Art und deren Bekämpfung - 14.09.2005 (2)
  17. e-scan viruses
    Plagegeister aller Art und deren Bekämpfung - 05.01.2005 (19)

Zum Thema Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung - Hallo liebes Forum, habe mir heute anscheinend auch dieses Virus eingefangen der mir durch dieses Fenster mit der Aufforderung zum Bezahlen mein Windows sperrt. Schonmal vielen Dank für die Hilfe, - Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung...
Archiv
Du betrachtest: Neuer Fall des Windows sperr Viruses mit Bezahlaufforderung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.