Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan.Win32.Mediyes

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.04.2012, 10:58   #1
Laurana
 
Trojan.Win32.Mediyes - Standard

Trojan.Win32.Mediyes



Hallo!

Kaspersky hat bei mir einen Trojaner (eigentlich 6 Stk) entdeckt: Trojan.Wind32.Mediyes der an folgender Datei dran hängt: C:\Windows\System32\aptw78cyn.dll. KIS erkennt sie zwar immer wieder mal beim hochfahren und schlägt vor sie zu desinfizieren aber das wars. Löschen kann ich sie nicht. Nach der Desinfektion ist sie aber wieder da.

Malwarbyte und SUPERAntiSpyware finden den Trojaner gar nicht.

Bitte um Hilfe wie ich den wieder loswerde! Danke schon mal im Voraus.

LG
Laurana

Hallo,

hab mit der free version von emsisoft einen complet scan durchgeführt, folgendes ist dabei herausgekommen:

Emsisoft Anti-Malware v. 6.0.0.57
(C) 2003-2012 Emsisoft - Emsisoft Anti-Malware - Best antivirus and firewall to protect from viruses, bots, spyware, keyloggers, trojans, scareware and rootkits

ID Object
0 Value: hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113} --> menutext Trace.Registry.seo toolbar!E1
1 Value: hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113} --> helptext Trace.Registry.seo toolbar!E1
2 c:\users\wienerblut\appdata\roaming\microst\ Trace.File.carberp!E1
3 Value: hkey_local_machine\software\microsoft\internet explorer\toolbar --> {ae07101b-46d4-4a98-af68-0333ea26e113} Trace.Registry.seo toolbar!E1

Alt 11.04.2012, 16:07   #2
markusg
/// Malware-holic
 
Trojan.Win32.Mediyes - Standard

Trojan.Win32.Mediyes



hi
1. öffne kaspersky, poste fundmeldungen
2.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 11.04.2012, 20:21   #3
Laurana
 
Trojan.Win32.Mediyes - Standard

Trojan.Win32.Mediyes



test test test

hi

2. OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/11/2012 8:39:20 PM - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\WIENERBLUT\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 53.54% Memory free
5.98 Gb Paging File | 3.85 Gb Available in Paging File | 64.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356.17 Gb Total Space | 1151.13 Gb Free Space | 84.88% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 14.12 Gb Free Space | 35.29% Space Free | Partition Type: NTFS
 
Computer Name: WIENERBLUT-PC | User Name: WIENERBLUT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/04/11 20:35:01 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\WIENERBLUT\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/12 17:53:20 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/12 17:53:19 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/03/07 23:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/02/15 05:13:20 | 000,405,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/02/15 05:12:48 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012/02/01 11:46:36 | 003,357,584 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
PRC - [2012/01/22 09:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2012/01/17 14:04:40 | 000,162,856 | ---- | M] (Nokia Corporation) -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\NokiaLink.exe
PRC - [2012/01/17 13:16:56 | 001,556,864 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\DpEngine.exe
PRC - [2012/01/03 17:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/12/14 13:23:34 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011/12/14 13:23:32 | 001,514,304 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/04/11 17:17:41 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/04/11 17:17:41 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/04/07 17:02:52 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/04/07 17:02:52 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/03/12 17:53:19 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/02/15 19:42:56 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\af6e0dd358a5edc094dca9e7957f1038\WindowsFormsIntegration.ni.dll
MOD - [2012/02/15 19:41:47 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012/02/15 17:56:41 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/15 17:56:34 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012/02/15 17:56:29 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 17:56:21 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/02/15 17:56:10 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/15 17:56:05 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/15 17:56:03 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/02/15 17:55:56 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 17:55:51 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 17:55:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 17:55:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/14 23:13:24 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/01/17 14:04:56 | 000,315,944 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\plugins\imageformats\qtiff4.dll
MOD - [2012/01/17 14:04:54 | 000,268,840 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\plugins\imageformats\qmng4.dll
MOD - [2012/01/17 14:04:52 | 000,216,104 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\plugins\imageformats\qjpeg4.dll
MOD - [2012/01/17 14:04:52 | 000,036,392 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\plugins\imageformats\qico4.dll
MOD - [2012/01/17 14:04:50 | 000,298,536 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtXml4.dll
MOD - [2012/01/17 14:04:50 | 000,032,808 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\plugins\imageformats\qgif4.dll
MOD - [2012/01/17 14:04:48 | 001,250,856 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtScript4.dll
MOD - [2012/01/17 14:04:48 | 000,169,512 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtSql4.dll
MOD - [2012/01/17 14:04:46 | 006,768,168 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtGui4.dll
MOD - [2012/01/17 14:04:46 | 000,855,080 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtNetwork4.dll
MOD - [2012/01/17 14:04:44 | 002,096,680 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtDeclarative4.dll
MOD - [2012/01/17 14:04:44 | 002,012,712 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtCore4.dll
MOD - [2012/01/17 13:17:12 | 000,609,664 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpiTunes.dll
MOD - [2012/01/17 13:17:10 | 001,167,232 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpWpdPlugin.dll
MOD - [2012/01/17 13:17:08 | 000,621,952 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpWMP.dll
MOD - [2012/01/17 13:17:00 | 000,593,280 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpMSLPG.dll
MOD - [2012/01/17 13:17:00 | 000,519,040 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpImageParser.dll
MOD - [2012/01/17 13:16:56 | 001,556,864 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\DpEngine.exe
MOD - [2012/01/17 13:16:56 | 000,921,472 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpFileSystem.dll
MOD - [2012/01/17 13:16:52 | 000,722,816 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpAVParser.dll
MOD - [2012/01/17 13:16:50 | 000,470,912 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\DpAPI.dll
MOD - [2011/10/13 18:43:34 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2011/10/13 18:42:35 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/04/25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
MOD - [2011/04/25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
MOD - [2011/04/25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
MOD - [2011/04/25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
MOD - [2011/04/25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
MOD - [2011/04/25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
MOD - [2011/04/20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2011/03/02 13:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/13 01:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010/11/05 03:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010/05/12 15:13:05 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/30 17:01:10 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/23 02:44:58 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/12 17:53:20 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/02/15 05:12:48 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/01/22 09:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/12/14 13:23:32 | 001,514,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/14 13:23:22 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/12/14 05:57:44 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service)
SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/19 19:56:16 | 004,122,968 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010/11/25 23:07:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva351.sys -- (XDva351)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/02/15 05:47:12 | 009,182,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/02/15 04:12:48 | 000,264,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/12/05 21:47:16 | 000,086,032 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/11/02 11:13:28 | 000,034,768 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2011/11/02 11:13:12 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys -- (a2acc)
DRV - [2011/11/01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/11/01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/10/20 12:48:16 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2011/04/20 15:50:14 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011/03/10 19:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011/03/04 14:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 14:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/11/25 06:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/05/06 11:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/05/05 09:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2010/04/27 18:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/04/27 18:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010/04/12 08:24:12 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/11/26 01:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/11/02 21:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{13B6DECC-2E07-47FC-94F2-9B0929F674E3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_US&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^AT&apn_uid=4506ca31-8013-473f-9b1b-71a0614bd86a&apn_sauid=41894784-7CDF-4CB5-BF8D-CDF6CD06F353
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a06ed3ee000000000000485d60194296&tlver=1.4.19.19&ss=1&affID=17395
IE - HKCU\..\SearchScopes\{338D09FC-E690-4F6A-96D7-E772C3A749B7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={7FF1ABD6-5043-4AFA-9773-61460CF44C12}&mid=66dc38181af047d18338bd2b2b69d7da-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=tt014&pr=sa&d=2011-12-12 19:50:50&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.linkury.com"
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.8.0.8
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.0.8
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.100009
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.22
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_US&apn_uid=4506ca31-8013-473f-9b1b-71a0614bd86a&apn_ptnrs=^AAA&apn_sauid=41894784-7CDF-4CB5-BF8D-CDF6CD06F353&apn_dtid=^YYYYYY^YY^AT&&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/02/21 18:09:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/02/21 18:09:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/02/21 18:09:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/11 14:42:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/16 18:11:01 | 000,000,000 | ---D | M]
 
[2011/10/01 01:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Extensions
[2011/10/01 01:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2012/02/25 14:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions
[2012/02/25 01:39:56 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2012/02/15 22:49:22 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012/02/14 21:42:25 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011/12/21 14:02:49 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions\ffxtlbr@babylon.com
[2012/02/01 17:52:05 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions\toolbar@ask.com
[2012/04/11 20:20:08 | 000,002,404 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Roaming\Mozilla\Firefox\Profiles\polpnupy.default\searchplugins\askcom.xml
[2011/07/24 15:30:04 | 000,000,931 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Roaming\Mozilla\Firefox\Profiles\polpnupy.default\searchplugins\conduit.xml
[2012/02/25 01:25:49 | 000,002,412 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Roaming\Mozilla\Firefox\Profiles\polpnupy.default\searchplugins\Linkury Smartbar Search.xml
[2012/01/04 18:39:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/10/18 19:53:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/12 02:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
() (No name found) -- C:\USERS\WIENERBLUT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\POLPNUPY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/11 14:42:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/12 17:53:18 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/03/24 02:11:26 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/12/21 06:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/02 00:48:02 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/12/21 06:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2304157
CHR - default_search_provider: suggest_url = Conduit Search
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\WIENERBLUT\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Nokia Link] C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\NokiaLink.exe (Nokia Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/04/11 20:34:54 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\WIENERBLUT\Desktop\OTL.exe
[2012/04/10 12:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012/04/10 12:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012/04/10 12:26:00 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\Documents\Anti-Malware
[2012/04/09 22:53:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/04/09 15:47:22 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Local\GameSpy
[2012/04/09 06:37:52 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Roaming\UnknownApplicationVendor
[2012/04/09 06:11:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
[2012/04/09 02:32:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
[2012/04/09 01:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Desura
[2012/04/09 01:02:36 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2012/04/09 01:02:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2012/04/09 00:57:16 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Local\Downloaded Installations
[2012/04/09 00:21:54 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Local\Origin
[2012/04/09 00:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/04/09 00:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012/04/07 17:15:59 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Roaming\Malwarebytes
[2012/04/07 17:15:55 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/07 17:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/07 17:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/07 17:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/07 17:02:47 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/07 17:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/07 17:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/04/07 17:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/28 22:46:19 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\Documents\Spartan
[2012/03/26 18:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/03/17 14:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/03/17 14:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/03/17 14:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT
[2012/03/17 14:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/03/17 14:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/03/15 23:30:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[89 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/04/11 20:35:01 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\WIENERBLUT\Desktop\OTL.exe
[2012/04/11 20:01:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/11 19:48:20 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/11 19:48:10 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/11 17:21:53 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 17:21:53 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 17:14:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/11 17:14:10 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/11 00:34:20 | 000,139,224 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/04/10 23:45:38 | 000,183,152 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012/04/10 14:09:57 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/04/10 12:26:13 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/04/10 06:49:22 | 000,002,294 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/09 23:30:04 | 000,411,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/09 16:00:09 | 000,707,540 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/04/09 16:00:09 | 000,661,158 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/09 16:00:09 | 000,152,874 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/04/09 16:00:09 | 000,125,090 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/09 15:45:22 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\Crysis Wars(R) Updates.job
[2012/04/09 02:41:02 | 000,001,512 | ---- | M] () -- C:\Users\WIENERBLUT\Desktop\MWLL Launcher.lnk
[2012/04/09 02:33:11 | 000,022,328 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Roaming\PnkBstrK.sys
[2012/04/09 02:32:42 | 000,669,184 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2012/04/09 02:32:10 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\Crysis Wars.lnk
[2012/04/09 02:27:20 | 000,002,346 | ---- | M] () -- C:\Windows\System32\ealregsnapshot1.reg
[2012/04/09 01:03:15 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2012/04/09 00:21:45 | 000,000,669 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/04/09 00:09:00 | 000,001,260 | ---- | M] () -- C:\Users\Public\Desktop\Crysis.lnk
[2012/04/07 17:02:25 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/30 23:34:58 | 000,042,088 | ---- | M] () -- C:\Users\WIENERBLUT\Documents\11.04.08 Tanzaufführung.jpg
[2012/03/30 23:32:23 | 000,629,190 | ---- | M] () -- C:\Users\WIENERBLUT\Documents\PIC_0609 (2).JPG
[2012/03/27 23:05:21 | 004,210,865 | ---- | M] () -- C:\Users\WIENERBLUT\Documents\DSCF1501.JPG
[2012/03/26 18:11:34 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/03/19 00:35:31 | 000,066,342 | ---- | M] () -- C:\Users\WIENERBLUT\Desktop\ultimate-untot.htm
[2012/03/17 14:05:21 | 000,002,009 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[89 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/04/10 12:26:13 | 000,001,057 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/04/09 02:41:02 | 000,001,512 | ---- | C] () -- C:\Users\WIENERBLUT\Desktop\MWLL Launcher.lnk
[2012/04/09 02:34:58 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\Crysis Wars(R) Updates.job
[2012/04/09 02:32:10 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\Crysis Wars.lnk
[2012/04/09 00:57:42 | 000,002,346 | ---- | C] () -- C:\Windows\System32\ealregsnapshot1.reg
[2012/04/09 00:21:45 | 000,000,669 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/04/09 00:09:00 | 000,001,260 | ---- | C] () -- C:\Users\Public\Desktop\Crysis.lnk
[2012/04/07 17:15:55 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/04/07 17:02:25 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/30 23:34:46 | 000,042,088 | ---- | C] () -- C:\Users\WIENERBLUT\Documents\11.04.08 Tanzaufführung.jpg
[2012/03/30 23:30:54 | 000,629,190 | ---- | C] () -- C:\Users\WIENERBLUT\Documents\PIC_0609 (2).JPG
[2012/03/30 16:11:48 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/27 22:58:41 | 004,210,865 | ---- | C] () -- C:\Users\WIENERBLUT\Documents\DSCF1501.JPG
[2012/03/26 18:11:34 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/03/26 18:11:03 | 000,002,294 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/19 00:34:58 | 000,066,342 | ---- | C] () -- C:\Users\WIENERBLUT\Desktop\ultimate-untot.htm
[2012/03/17 14:05:21 | 000,002,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/02/23 21:22:01 | 000,036,292 | ---- | C] () -- C:\Users\WIENERBLUT\AppData\Roaming\icarus-dxdiag.xml
[2012/02/15 04:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/02/15 04:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/02/14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012/01/29 03:25:02 | 000,139,224 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/01/29 03:24:40 | 000,183,152 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/01/29 03:24:39 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/01/29 03:24:38 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012/01/10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/12/23 19:07:02 | 000,017,408 | ---- | C] () -- C:\Users\WIENERBLUT\AppData\Local\WebpageIcons.db
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll
[2011/10/14 16:32:35 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/07/29 02:09:53 | 000,007,605 | ---- | C] () -- C:\Users\WIENERBLUT\AppData\Local\Resmon.ResmonCfg
[2011/03/11 13:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011/02/28 19:40:33 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/12/25 20:07:40 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/12/25 20:07:40 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/12/07 18:20:12 | 000,022,328 | ---- | C] () -- C:\Users\WIENERBLUT\AppData\Roaming\PnkBstrK.sys
[2010/12/07 18:19:55 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010/11/27 02:55:50 | 000,000,098 | ---- | C] () -- C:\Users\WIENERBLUT\AppData\Local\fusioncache.dat
[2010/11/26 18:41:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/30 20:41:04 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/08/30 20:33:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/30 20:11:24 | 000,000,018 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2010/08/30 11:46:44 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010/05/12 15:13:56 | 000,707,540 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010/05/12 15:13:56 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010/05/12 15:13:56 | 000,152,874 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010/05/12 15:13:56 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== LOP Check ==========
 
[2011/07/01 17:11:01 | 000,000,000 | -HSD | M] -- C:\Users\WIENERBLUT\AppData\Roaming\.#
[2011/04/30 02:00:39 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\BabylonToolbar
[2012/04/11 17:19:56 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\DesktopPlatform
[2012/04/07 15:33:11 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\DVDVideoSoft
[2012/04/07 15:30:43 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/02/29 22:41:15 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Firefly Studios
[2012/01/14 01:05:44 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\FOG Downloader
[2011/10/08 20:21:37 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\go
[2011/06/19 12:40:28 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Hi-Rez Studios
[2011/06/20 03:15:19 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\ijjigame
[2010/11/25 23:41:45 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\LolClient
[2012/01/17 22:52:34 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Might & Magic Heroes VI
[2011/08/21 05:24:23 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Might & Magic Heroes VI - Public Closed Beta
[2011/06/16 00:30:34 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Mount&Blade
[2011/06/15 18:20:32 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Mount&Blade Warband
[2011/05/08 02:25:12 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Mount&Blade With Fire and Sword
[2012/01/02 14:43:45 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Mumble
[2012/02/04 16:15:20 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Nokia
[2012/02/25 13:49:05 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\OpenCandy
[2011/12/21 13:21:01 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Origin
[2012/01/20 20:48:55 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\PC Suite
[2011/07/20 11:56:38 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\PDF Writer
[2011/06/24 23:30:25 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\PriceGong
[2011/10/01 01:29:53 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Prism
[2011/03/09 22:03:00 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Rift
[2011/07/29 22:55:43 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Screaming Bee
[2012/04/09 07:02:09 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\SoftGrid Client
[2011/12/23 18:54:32 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\The Creative Assembly
[2010/12/01 20:33:53 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\TP
[2011/11/22 20:35:58 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\TS3Client
[2011/09/02 23:46:11 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\ts3overlay
[2011/10/30 22:28:01 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\TuneUp Software
[2010/11/27 04:32:24 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Turbine
[2011/07/30 14:00:30 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Ubisoft
[2012/04/09 06:37:52 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\UnknownApplicationVendor
[2011/08/21 22:33:27 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\wargaming.net
[2012/04/09 15:45:22 | 000,000,304 | ---- | M] () -- C:\Windows\Tasks\Crysis Wars(R) Updates.job
[2012/03/16 17:01:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011/08/02 00:43:54 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/05/13 16:04:54 | 000,000,000 | ---D | M] -- C:\5bdff36955a43bb53c21dd30
[2012/02/04 16:15:51 | 000,000,000 | ---D | M] -- C:\AMD
[2011/10/29 03:41:26 | 000,000,000 | ---D | M] -- C:\ATI
[2012/04/09 23:27:37 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2010/11/25 15:53:16 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/12/02 02:01:54 | 000,000,000 | -HSD | M] -- C:\found.000
[2011/08/21 22:13:30 | 000,000,000 | ---D | M] -- C:\Games
[2011/07/30 17:22:46 | 000,000,000 | ---D | M] -- C:\Heatwave Interactive
[2010/11/25 16:00:50 | 000,000,000 | ---D | M] -- C:\Internet Explorer
[2011/04/29 20:48:52 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/09/15 17:57:01 | 000,000,000 | ---D | M] -- C:\Netgear
[2012/02/20 23:18:17 | 000,000,000 | ---D | M] -- C:\Perfect World Entertainment
[2012/04/10 12:26:00 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/04/09 22:53:52 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/06/07 17:44:45 | 000,000,000 | ---D | M] -- C:\rads
[2010/11/25 15:53:16 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012/04/11 20:42:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/11/25 16:01:07 | 000,000,000 | R--D | M] -- C:\Users
[2012/04/11 17:14:10 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2007/11/14 19:44:42 | 000,129,552 | ---- | M] (Promise Technology, Inc.) MD5=58CB1FA96B24DFE2196548E959B1996B -- C:\ATI\Win7_Vista\8_741\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2009/10/26 19:41:10 | 000,189,496 | ---- | M] (Advanced Micro Devices, Inc) MD5=6C27F0A964EA98F457CAAB9A47030538 -- C:\ATI\Win7_Vista\8_741\Packages\Drivers\SBDrv\SB6xx\RAID\W7\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010/03/04 04:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys
[2010/03/04 04:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011/03/04 14:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys
[2011/03/04 14:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys
[2011/04/20 15:50:14 | 000,570,160 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys
[2011/03/10 19:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys
[2009/11/02 21:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012/02/15 05:13:56 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
[2011/04/25 00:13:10 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll
[89 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2011/07/20 12:06:14 | 000,298,155 | ---- | M] () -- C:\Users\WIENERBLUT\10 Karten French.pdf
[2011/07/20 11:56:51 | 000,228,967 | ---- | M] () -- C:\Users\WIENERBLUT\6 Karten French.pdf
[2011/08/01 14:33:37 | 000,229,079 | ---- | M] () -- C:\Users\WIENERBLUT\Alexander Schuller 4_10.pdf
[2012/02/25 02:54:27 | 086,405,736 | ---- | M] (K2 Network, Inc.) -- C:\Users\WIENERBLUT\APB_Reloaded_Installer.exe
[2011/08/01 14:35:39 | 000,229,674 | ---- | M] () -- C:\Users\WIENERBLUT\Axl Anderle 6_10.pdf
[2011/08/01 14:36:42 | 000,229,269 | ---- | M] () -- C:\Users\WIENERBLUT\Bernd Hinterschuster 7_10.pdf
[2011/07/24 20:49:52 | 000,229,115 | ---- | M] () -- C:\Users\WIENERBLUT\Boris Futschek 1_10.pdf
[2011/08/01 14:34:58 | 000,229,186 | ---- | M] () -- C:\Users\WIENERBLUT\Christian Pachta 5_10.pdf
[2012/02/25 02:54:43 | 3830,088,838 | ---- | M] () -- C:\Users\WIENERBLUT\Client1.5.3.569583.7z
[2011/07/20 13:23:54 | 000,229,599 | ---- | M] () -- C:\Users\WIENERBLUT\Eine Karte French 2_10.pdf
[2011/07/24 19:20:55 | 000,229,467 | ---- | M] () -- C:\Users\WIENERBLUT\Erik Blume 4_10 .pdf
[2011/07/24 20:50:43 | 000,229,112 | ---- | M] () -- C:\Users\WIENERBLUT\Florian Handle 2_10.pdf
[2011/08/01 21:40:41 | 000,229,146 | ---- | M] () -- C:\Users\WIENERBLUT\frei ticket 10_10.pdf
[2011/08/01 21:38:49 | 000,229,858 | ---- | M] () -- C:\Users\WIENERBLUT\frei ticket 8_10.pdf
[2011/08/01 21:39:41 | 000,229,768 | ---- | M] () -- C:\Users\WIENERBLUT\freiticket 9_10.pdf
[2011/07/24 19:53:04 | 000,229,692 | ---- | M] () -- C:\Users\WIENERBLUT\Helmut SCHMIED 8_10.pdf
[2011/07/24 19:52:14 | 000,229,177 | ---- | M] () -- C:\Users\WIENERBLUT\Ines BÜRGER 7_10.pdf
[2011/07/20 12:23:32 | 000,229,495 | ---- | M] () -- C:\Users\WIENERBLUT\Julia Stockinger 1_10.pdf
[2011/07/24 20:47:53 | 000,229,297 | ---- | M] () -- C:\Users\WIENERBLUT\Karin Hace 10_10.pdf
[2012/02/24 01:25:34 | 510,163,640 | ---- | M] () -- C:\Users\WIENERBLUT\Knight_Online_03072011.exe
[2011/08/22 18:48:55 | 002,773,410 | ---- | M] () -- C:\Users\WIENERBLUT\LARP-L Auszeichnungslied für den Orden der ewigen Schwerter.mp3
[2011/07/24 20:47:19 | 000,229,749 | ---- | M] () -- C:\Users\WIENERBLUT\Manuel Gruber 9_10.pdf
[2011/08/22 18:49:20 | 001,899,392 | ---- | M] () -- C:\Users\WIENERBLUT\Nirgendwo ist es so schön wie im Osten - Lied des Ostens.mp3
[2012/04/11 20:59:33 | 006,815,744 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat
[2012/04/11 20:59:33 | 000,262,144 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat.LOG1
[2010/11/25 16:01:08 | 000,000,000 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat.LOG2
[2011/05/28 02:39:24 | 000,065,536 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{56d69703-8861-11e0-b3d1-6c626d8d3e29}.TM.blf
[2011/05/28 02:39:24 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{56d69703-8861-11e0-b3d1-6c626d8d3e29}.TMContainer00000000000000000001.regtrans-ms
[2011/05/28 02:39:24 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{56d69703-8861-11e0-b3d1-6c626d8d3e29}.TMContainer00000000000000000002.regtrans-ms
[2010/11/25 16:33:21 | 000,065,536 | -HS- | M] () -- C:\Users\WIENERBLUT\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/11/25 16:33:21 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/11/25 16:33:21 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/11/26 07:25:01 | 000,065,536 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{ead73dbb-f8d6-11df-b679-6c626d8d3e29}.TM.blf
[2010/11/26 07:25:01 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{ead73dbb-f8d6-11df-b679-6c626d8d3e29}.TMContainer00000000000000000001.regtrans-ms
[2010/11/26 07:25:01 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{ead73dbb-f8d6-11df-b679-6c626d8d3e29}.TMContainer00000000000000000002.regtrans-ms
[2010/11/25 16:01:09 | 000,000,020 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.ini
[2012/01/29 03:21:56 | 000,846,336 | ---- | M] () -- C:\Users\WIENERBLUT\pbsetup.exe
[2012/01/29 03:22:00 | 002,580,552 | ---- | M] () -- C:\Users\WIENERBLUT\pbsvc.exe
[2011/07/24 20:52:01 | 000,229,903 | ---- | M] () -- C:\Users\WIENERBLUT\Richard Bsteh 3_10.pdf
[2011/07/24 19:18:49 | 000,229,643 | ---- | M] () -- C:\Users\WIENERBLUT\Sandro Vacilotto 3_10.pdf
[2011/07/24 19:51:37 | 000,230,324 | ---- | M] () -- C:\Users\WIENERBLUT\Sebastian SEIBT 6_10.pdf
[2012/02/24 03:29:14 | 039,815,848 | ---- | M] () -- C:\Users\WIENERBLUT\Sword_2_10182011_G1_Xfire.exe
[2012/02/24 03:35:47 | 2103,158,624 | ---- | M] () -- C:\Users\WIENERBLUT\Sword_2_20111018.bin1
[2012/02/24 03:35:43 | 2055,359,392 | ---- | M] () -- C:\Users\WIENERBLUT\Sword_2_20111018.bin2
[2012/02/24 03:35:43 | 1798,227,496 | ---- | M] () -- C:\Users\WIENERBLUT\Sword_2_20111018.bin3
[2012/02/24 03:35:44 | 720,051,672 | ---- | M] () -- C:\Users\WIENERBLUT\Sword_2_20111018.bin4
[2011/07/24 19:22:00 | 000,229,953 | ---- | M] () -- C:\Users\WIENERBLUT\Tobias Joppen 5_10 .pdf
[2012/02/24 01:30:04 | 922,460,208 | ---- | M] () -- C:\Users\WIENERBLUT\War_Rock_10182011_G1_Xfire.exe
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---
__________________

Alt 11.04.2012, 20:24   #4
Laurana
 
Trojan.Win32.Mediyes - Standard

Trojan.Win32.Mediyes



hi

2. OTL.txtOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/11/2012 8:39:20 PM - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\WIENERBLUT\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 53.54% Memory free
5.98 Gb Paging File | 3.85 Gb Available in Paging File | 64.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356.17 Gb Total Space | 1151.13 Gb Free Space | 84.88% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 14.12 Gb Free Space | 35.29% Space Free | Partition Type: NTFS
 
Computer Name: WIENERBLUT-PC | User Name: WIENERBLUT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/04/11 20:35:01 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\WIENERBLUT\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/12 17:53:20 | 000,918,880 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
PRC - [2012/03/12 17:53:19 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/03/07 23:27:25 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/02/15 05:13:20 | 000,405,504 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012/02/15 05:12:48 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012/02/01 11:46:36 | 003,357,584 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
PRC - [2012/01/22 09:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2012/01/17 14:04:40 | 000,162,856 | ---- | M] (Nokia Corporation) -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\NokiaLink.exe
PRC - [2012/01/17 13:16:56 | 001,556,864 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\DpEngine.exe
PRC - [2012/01/03 17:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/12/14 13:23:34 | 001,212,224 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2011/12/14 13:23:32 | 001,514,304 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
PRC - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/04/11 17:17:41 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012/04/11 17:17:41 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012/04/07 17:02:52 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012/04/07 17:02:52 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012/03/12 17:53:19 | 000,982,880 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/02/15 19:42:56 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\af6e0dd358a5edc094dca9e7957f1038\WindowsFormsIntegration.ni.dll
MOD - [2012/02/15 19:41:47 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012/02/15 17:56:41 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/02/15 17:56:34 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012/02/15 17:56:29 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 17:56:21 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012/02/15 17:56:10 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/02/15 17:56:05 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/02/15 17:56:03 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012/02/15 17:55:56 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 17:55:51 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 17:55:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 17:55:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/14 23:13:24 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2012/01/17 14:04:56 | 000,315,944 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\plugins\imageformats\qtiff4.dll
MOD - [2012/01/17 14:04:54 | 000,268,840 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\plugins\imageformats\qmng4.dll
MOD - [2012/01/17 14:04:52 | 000,216,104 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\plugins\imageformats\qjpeg4.dll
MOD - [2012/01/17 14:04:52 | 000,036,392 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\plugins\imageformats\qico4.dll
MOD - [2012/01/17 14:04:50 | 000,298,536 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtXml4.dll
MOD - [2012/01/17 14:04:50 | 000,032,808 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\plugins\imageformats\qgif4.dll
MOD - [2012/01/17 14:04:48 | 001,250,856 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtScript4.dll
MOD - [2012/01/17 14:04:48 | 000,169,512 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtSql4.dll
MOD - [2012/01/17 14:04:46 | 006,768,168 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtGui4.dll
MOD - [2012/01/17 14:04:46 | 000,855,080 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtNetwork4.dll
MOD - [2012/01/17 14:04:44 | 002,096,680 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtDeclarative4.dll
MOD - [2012/01/17 14:04:44 | 002,012,712 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\QtCore4.dll
MOD - [2012/01/17 13:17:12 | 000,609,664 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpiTunes.dll
MOD - [2012/01/17 13:17:10 | 001,167,232 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpWpdPlugin.dll
MOD - [2012/01/17 13:17:08 | 000,621,952 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpWMP.dll
MOD - [2012/01/17 13:17:00 | 000,593,280 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpMSLPG.dll
MOD - [2012/01/17 13:17:00 | 000,519,040 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpImageParser.dll
MOD - [2012/01/17 13:16:56 | 001,556,864 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\DpEngine.exe
MOD - [2012/01/17 13:16:56 | 000,921,472 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpFileSystem.dll
MOD - [2012/01/17 13:16:52 | 000,722,816 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\Plugins\DpAVParser.dll
MOD - [2012/01/17 13:16:50 | 000,470,912 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\1.2.408.3448\DpAPI.dll
MOD - [2011/10/13 18:43:34 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2011/10/13 18:42:35 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/04/25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
MOD - [2011/04/25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
MOD - [2011/04/25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
MOD - [2011/04/25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
MOD - [2011/04/25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
MOD - [2011/04/25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
MOD - [2011/04/20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2011/03/02 13:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/13 01:19:05 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010/11/05 03:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010/05/12 15:13:05 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010/02/28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/30 17:01:10 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/23 02:44:58 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/12 17:53:20 | 000,918,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe -- (vToolbarUpdater10.2.0)
SRV - [2012/02/15 05:12:48 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012/01/22 09:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012/01/04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/12/14 13:23:32 | 001,514,304 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/14 13:23:22 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/12/14 05:57:44 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service)
SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/19 19:56:16 | 004,122,968 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2011/04/25 00:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010/11/25 23:07:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/07/24 12:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva351.sys -- (XDva351)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/02/15 05:47:12 | 009,182,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/02/15 04:12:48 | 000,264,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/12/05 21:47:16 | 000,086,032 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/11/02 11:13:28 | 000,034,768 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2011/11/02 11:13:12 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys -- (a2acc)
DRV - [2011/11/01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 11:07:24 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/11/01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/10/20 12:48:16 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/07/22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2011/04/20 15:50:14 | 000,570,160 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011/03/10 19:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2011/03/04 14:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 14:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/11/25 06:59:16 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010/05/06 11:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/05/05 09:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2010/04/27 18:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/04/27 18:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010/04/12 08:24:12 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/11/26 01:06:34 | 000,034,384 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/11/02 21:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{13B6DECC-2E07-47FC-94F2-9B0929F674E3}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=de_US&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^AT&apn_uid=4506ca31-8013-473f-9b1b-71a0614bd86a&apn_sauid=41894784-7CDF-4CB5-BF8D-CDF6CD06F353
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a06ed3ee000000000000485d60194296&tlver=1.4.19.19&ss=1&affID=17395
IE - HKCU\..\SearchScopes\{338D09FC-E690-4F6A-96D7-E772C3A749B7}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={7FF1ABD6-5043-4AFA-9773-61460CF44C12}&mid=66dc38181af047d18338bd2b2b69d7da-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=de&ds=tt014&pr=sa&d=2011-12-12 19:50:50&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.linkury.com"
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.8.0.8
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.5
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.0.8
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.100009
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.22
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_US&apn_uid=4506ca31-8013-473f-9b1b-71a0614bd86a&apn_ptnrs=^AAA&apn_sauid=41894784-7CDF-4CB5-BF8D-CDF6CD06F353&apn_dtid=^YYYYYY^YY^AT&&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/02/21 18:09:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/02/21 18:09:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/02/21 18:09:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/11 14:42:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/16 18:11:01 | 000,000,000 | ---D | M]
 
[2011/10/01 01:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Extensions
[2011/10/01 01:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2012/02/25 14:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions
[2012/02/25 01:39:56 | 000,000,000 | ---D | M] (XfireXO Community Toolbar) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2012/02/15 22:49:22 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012/02/14 21:42:25 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011/12/21 14:02:49 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions\ffxtlbr@babylon.com
[2012/02/01 17:52:05 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\WIENERBLUT\AppData\Roaming\mozilla\Firefox\Profiles\polpnupy.default\extensions\toolbar@ask.com
[2012/04/11 20:20:08 | 000,002,404 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Roaming\Mozilla\Firefox\Profiles\polpnupy.default\searchplugins\askcom.xml
[2011/07/24 15:30:04 | 000,000,931 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Roaming\Mozilla\Firefox\Profiles\polpnupy.default\searchplugins\conduit.xml
[2012/02/25 01:25:49 | 000,002,412 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Roaming\Mozilla\Firefox\Profiles\polpnupy.default\searchplugins\Linkury Smartbar Search.xml
[2012/01/04 18:39:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/10/18 19:53:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/12 02:52:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
() (No name found) -- C:\USERS\WIENERBLUT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\POLPNUPY.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/02/11 14:42:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/12 17:53:18 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/03/24 02:11:26 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/12/21 06:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/08/02 00:48:02 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/12/21 06:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = hxxp://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT2304157
CHR - default_search_provider: suggest_url = Conduit Search
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.152\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\WIENERBLUT\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.462_0\
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Nokia Link] C:\Users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\NokiaLink.exe (Nokia Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/04/11 20:34:54 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\WIENERBLUT\Desktop\OTL.exe
[2012/04/10 12:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012/04/10 12:26:00 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012/04/10 12:26:00 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\Documents\Anti-Malware
[2012/04/09 22:53:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/04/09 15:47:22 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Local\GameSpy
[2012/04/09 06:37:52 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Roaming\UnknownApplicationVendor
[2012/04/09 06:11:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
[2012/04/09 02:32:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
[2012/04/09 01:34:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Desura
[2012/04/09 01:02:36 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2012/04/09 01:02:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2012/04/09 00:57:16 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Local\Downloaded Installations
[2012/04/09 00:21:54 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Local\Origin
[2012/04/09 00:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/04/09 00:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2012/04/07 17:15:59 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Roaming\Malwarebytes
[2012/04/07 17:15:55 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/07 17:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/07 17:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/07 17:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/07 17:02:47 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/07 17:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/07 17:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/04/07 17:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/03/28 22:46:19 | 000,000,000 | ---D | C] -- C:\Users\WIENERBLUT\Documents\Spartan
[2012/03/26 18:11:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/03/17 14:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/03/17 14:05:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/03/17 14:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT
[2012/03/17 14:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP
[2012/03/17 14:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/03/15 23:30:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[89 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/04/11 20:35:01 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\WIENERBLUT\Desktop\OTL.exe
[2012/04/11 20:01:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/11 19:48:20 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/11 19:48:10 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/11 17:21:53 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 17:21:53 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/11 17:14:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/11 17:14:10 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/11 00:34:20 | 000,139,224 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/04/10 23:45:38 | 000,183,152 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012/04/10 14:09:57 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/04/10 12:26:13 | 000,001,057 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/04/10 06:49:22 | 000,002,294 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/09 23:30:04 | 000,411,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/04/09 16:00:09 | 000,707,540 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/04/09 16:00:09 | 000,661,158 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/09 16:00:09 | 000,152,874 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/04/09 16:00:09 | 000,125,090 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/09 15:45:22 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\Crysis Wars(R) Updates.job
[2012/04/09 02:41:02 | 000,001,512 | ---- | M] () -- C:\Users\WIENERBLUT\Desktop\MWLL Launcher.lnk
[2012/04/09 02:33:11 | 000,022,328 | ---- | M] () -- C:\Users\WIENERBLUT\AppData\Roaming\PnkBstrK.sys
[2012/04/09 02:32:42 | 000,669,184 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2012/04/09 02:32:10 | 000,001,191 | ---- | M] () -- C:\Users\Public\Desktop\Crysis Wars.lnk
[2012/04/09 02:27:20 | 000,002,346 | ---- | M] () -- C:\Windows\System32\ealregsnapshot1.reg
[2012/04/09 01:03:15 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2012/04/09 00:21:45 | 000,000,669 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/04/09 00:09:00 | 000,001,260 | ---- | M] () -- C:\Users\Public\Desktop\Crysis.lnk
[2012/04/07 17:02:25 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/30 23:34:58 | 000,042,088 | ---- | M] () -- C:\Users\WIENERBLUT\Documents\11.04.08 Tanzaufführung.jpg
[2012/03/30 23:32:23 | 000,629,190 | ---- | M] () -- C:\Users\WIENERBLUT\Documents\PIC_0609 (2).JPG
[2012/03/27 23:05:21 | 004,210,865 | ---- | M] () -- C:\Users\WIENERBLUT\Documents\DSCF1501.JPG
[2012/03/26 18:11:34 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/03/19 00:35:31 | 000,066,342 | ---- | M] () -- C:\Users\WIENERBLUT\Desktop\ultimate-untot.htm
[2012/03/17 14:05:21 | 000,002,009 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[89 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/04/10 12:26:13 | 000,001,057 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/04/09 02:41:02 | 000,001,512 | ---- | C] () -- C:\Users\WIENERBLUT\Desktop\MWLL Launcher.lnk
[2012/04/09 02:34:58 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\Crysis Wars(R) Updates.job
[2012/04/09 02:32:10 | 000,001,191 | ---- | C] () -- C:\Users\Public\Desktop\Crysis Wars.lnk
[2012/04/09 00:57:42 | 000,002,346 | ---- | C] () -- C:\Windows\System32\ealregsnapshot1.reg
[2012/04/09 00:21:45 | 000,000,669 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/04/09 00:09:00 | 000,001,260 | ---- | C] () -- C:\Users\Public\Desktop\Crysis.lnk
[2012/04/07 17:15:55 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/04/07 17:02:25 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/03/30 23:34:46 | 000,042,088 | ---- | C] () -- C:\Users\WIENERBLUT\Documents\11.04.08 Tanzaufführung.jpg
[2012/03/30 23:30:54 | 000,629,190 | ---- | C] () -- C:\Users\WIENERBLUT\Documents\PIC_0609 (2).JPG
[2012/03/30 16:11:48 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/27 22:58:41 | 004,210,865 | ---- | C] () -- C:\Users\WIENERBLUT\Documents\DSCF1501.JPG
[2012/03/26 18:11:34 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/03/26 18:11:03 | 000,002,294 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/03/19 00:34:58 | 000,066,342 | ---- | C] () -- C:\Users\WIENERBLUT\Desktop\ultimate-untot.htm
[2012/03/17 14:05:21 | 000,002,009 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/02/23 21:22:01 | 000,036,292 | ---- | C] () -- C:\Users\WIENERBLUT\AppData\Roaming\icarus-dxdiag.xml
[2012/02/15 04:28:34 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/02/15 04:28:32 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/02/14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012/01/29 03:25:02 | 000,139,224 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/01/29 03:24:40 | 000,183,152 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/01/29 03:24:39 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012/01/29 03:24:38 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2012/01/10 23:10:08 | 000,601,728 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/12/23 19:07:02 | 000,017,408 | ---- | C] () -- C:\Users\WIENERBLUT\AppData\Local\WebpageIcons.db
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll
[2011/10/14 16:32:35 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/07/29 02:09:53 | 000,007,605 | ---- | C] () -- C:\Users\WIENERBLUT\AppData\Local\Resmon.ResmonCfg
[2011/03/11 13:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011/02/28 19:40:33 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/12/25 20:07:40 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010/12/25 20:07:40 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010/12/07 18:20:12 | 000,022,328 | ---- | C] () -- C:\Users\WIENERBLUT\AppData\Roaming\PnkBstrK.sys
[2010/12/07 18:19:55 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010/11/27 02:55:50 | 000,000,098 | ---- | C] () -- C:\Users\WIENERBLUT\AppData\Local\fusioncache.dat
[2010/11/26 18:41:03 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/30 20:41:04 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/08/30 20:33:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/08/30 20:11:24 | 000,000,018 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2010/08/30 11:46:44 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010/05/12 15:13:56 | 000,707,540 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010/05/12 15:13:56 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010/05/12 15:13:56 | 000,152,874 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010/05/12 15:13:56 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== LOP Check ==========
 
[2011/07/01 17:11:01 | 000,000,000 | -HSD | M] -- C:\Users\WIENERBLUT\AppData\Roaming\.#
[2011/04/30 02:00:39 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\BabylonToolbar
[2012/04/11 17:19:56 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\DesktopPlatform
[2012/04/07 15:33:11 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\DVDVideoSoft
[2012/04/07 15:30:43 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/02/29 22:41:15 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Firefly Studios
[2012/01/14 01:05:44 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\FOG Downloader
[2011/10/08 20:21:37 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\go
[2011/06/19 12:40:28 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Hi-Rez Studios
[2011/06/20 03:15:19 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\ijjigame
[2010/11/25 23:41:45 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\LolClient
[2012/01/17 22:52:34 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Might & Magic Heroes VI
[2011/08/21 05:24:23 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Might & Magic Heroes VI - Public Closed Beta
[2011/06/16 00:30:34 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Mount&Blade
[2011/06/15 18:20:32 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Mount&Blade Warband
[2011/05/08 02:25:12 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Mount&Blade With Fire and Sword
[2012/01/02 14:43:45 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Mumble
[2012/02/04 16:15:20 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Nokia
[2012/02/25 13:49:05 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\OpenCandy
[2011/12/21 13:21:01 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Origin
[2012/01/20 20:48:55 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\PC Suite
[2011/07/20 11:56:38 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\PDF Writer
[2011/06/24 23:30:25 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\PriceGong
[2011/10/01 01:29:53 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Prism
[2011/03/09 22:03:00 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Rift
[2011/07/29 22:55:43 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Screaming Bee
[2012/04/09 07:02:09 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\SoftGrid Client
[2011/12/23 18:54:32 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\The Creative Assembly
[2010/12/01 20:33:53 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\TP
[2011/11/22 20:35:58 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\TS3Client
[2011/09/02 23:46:11 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\ts3overlay
[2011/10/30 22:28:01 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\TuneUp Software
[2010/11/27 04:32:24 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Turbine
[2011/07/30 14:00:30 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\Ubisoft
[2012/04/09 06:37:52 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\UnknownApplicationVendor
[2011/08/21 22:33:27 | 000,000,000 | ---D | M] -- C:\Users\WIENERBLUT\AppData\Roaming\wargaming.net
[2012/04/09 15:45:22 | 000,000,304 | ---- | M] () -- C:\Windows\Tasks\Crysis Wars(R) Updates.job
[2012/03/16 17:01:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011/08/02 00:43:54 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/05/13 16:04:54 | 000,000,000 | ---D | M] -- C:\5bdff36955a43bb53c21dd30
[2012/02/04 16:15:51 | 000,000,000 | ---D | M] -- C:\AMD
[2011/10/29 03:41:26 | 000,000,000 | ---D | M] -- C:\ATI
[2012/04/09 23:27:37 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2010/11/25 15:53:16 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010/12/02 02:01:54 | 000,000,000 | -HSD | M] -- C:\found.000
[2011/08/21 22:13:30 | 000,000,000 | ---D | M] -- C:\Games
[2011/07/30 17:22:46 | 000,000,000 | ---D | M] -- C:\Heatwave Interactive
[2010/11/25 16:00:50 | 000,000,000 | ---D | M] -- C:\Internet Explorer
[2011/04/29 20:48:52 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/09/15 17:57:01 | 000,000,000 | ---D | M] -- C:\Netgear
[2012/02/20 23:18:17 | 000,000,000 | ---D | M] -- C:\Perfect World Entertainment
[2012/04/10 12:26:00 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/04/09 22:53:52 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011/06/07 17:44:45 | 000,000,000 | ---D | M] -- C:\rads
[2010/11/25 15:53:16 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012/04/11 20:42:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/11/25 16:01:07 | 000,000,000 | R--D | M] -- C:\Users
[2012/04/11 17:14:10 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2007/11/14 19:44:42 | 000,129,552 | ---- | M] (Promise Technology, Inc.) MD5=58CB1FA96B24DFE2196548E959B1996B -- C:\ATI\Win7_Vista\8_741\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2009/10/26 19:41:10 | 000,189,496 | ---- | M] (Advanced Micro Devices, Inc) MD5=6C27F0A964EA98F457CAAB9A47030538 -- C:\ATI\Win7_Vista\8_741\Packages\Drivers\SBDrv\SB6xx\RAID\W7\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010/03/04 04:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys
[2010/03/04 04:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011/03/04 14:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys
[2011/03/04 14:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys
[2011/04/20 15:50:14 | 000,570,160 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys
[2011/03/10 19:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys
[2009/11/02 21:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012/02/15 05:13:56 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll
[2011/04/25 00:13:10 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll
[89 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2011/07/20 12:06:14 | 000,298,155 | ---- | M] () -- C:\Users\WIENERBLUT\10 Karten French.pdf
[2011/07/20 11:56:51 | 000,228,967 | ---- | M] () -- C:\Users\WIENERBLUT\6 Karten French.pdf
[2011/08/01 14:33:37 | 000,229,079 | ---- | M] () -- C:\Users\WIENERBLUT\Alexander Schuller 4_10.pdf
[2012/02/25 02:54:27 | 086,405,736 | ---- | M] (K2 Network, Inc.) -- C:\Users\WIENERBLUT\APB_Reloaded_Installer.exe
[2011/08/01 14:35:39 | 000,229,674 | ---- | M] () -- C:\Users\WIENERBLUT\Axl Anderle 6_10.pdf
[2011/08/01 14:36:42 | 000,229,269 | ---- | M] () -- C:\Users\WIENERBLUT\Bernd Hinterschuster 7_10.pdf
[2011/07/24 20:49:52 | 000,229,115 | ---- | M] () -- C:\Users\WIENERBLUT\Boris Futschek 1_10.pdf
[2011/08/01 14:34:58 | 000,229,186 | ---- | M] () -- C:\Users\WIENERBLUT\Christian Pachta 5_10.pdf
[2012/02/25 02:54:43 | 3830,088,838 | ---- | M] () -- C:\Users\WIENERBLUT\Client1.5.3.569583.7z
[2011/07/20 13:23:54 | 000,229,599 | ---- | M] () -- C:\Users\WIENERBLUT\Eine Karte French 2_10.pdf
[2011/07/24 19:20:55 | 000,229,467 | ---- | M] () -- C:\Users\WIENERBLUT\Erik Blume 4_10 .pdf
[2011/07/24 20:50:43 | 000,229,112 | ---- | M] () -- C:\Users\WIENERBLUT\Florian Handle 2_10.pdf
[2011/08/01 21:40:41 | 000,229,146 | ---- | M] () -- C:\Users\WIENERBLUT\frei ticket 10_10.pdf
[2011/08/01 21:38:49 | 000,229,858 | ---- | M] () -- C:\Users\WIENERBLUT\frei ticket 8_10.pdf
[2011/08/01 21:39:41 | 000,229,768 | ---- | M] () -- C:\Users\WIENERBLUT\freiticket 9_10.pdf
[2011/07/24 19:53:04 | 000,229,692 | ---- | M] () -- C:\Users\WIENERBLUT\Helmut SCHMIED 8_10.pdf
[2011/07/24 19:52:14 | 000,229,177 | ---- | M] () -- C:\Users\WIENERBLUT\Ines BÜRGER 7_10.pdf
[2011/07/20 12:23:32 | 000,229,495 | ---- | M] () -- C:\Users\WIENERBLUT\Julia Stockinger 1_10.pdf
[2011/07/24 20:47:53 | 000,229,297 | ---- | M] () -- C:\Users\WIENERBLUT\Karin Hace 10_10.pdf
[2012/02/24 01:25:34 | 510,163,640 | ---- | M] () -- C:\Users\WIENERBLUT\Knight_Online_03072011.exe
[2011/08/22 18:48:55 | 002,773,410 | ---- | M] () -- C:\Users\WIENERBLUT\LARP-L Auszeichnungslied für den Orden der ewigen Schwerter.mp3
[2011/07/24 20:47:19 | 000,229,749 | ---- | M] () -- C:\Users\WIENERBLUT\Manuel Gruber 9_10.pdf
[2011/08/22 18:49:20 | 001,899,392 | ---- | M] () -- C:\Users\WIENERBLUT\Nirgendwo ist es so schön wie im Osten - Lied des Ostens.mp3
[2012/04/11 20:59:33 | 006,815,744 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat
[2012/04/11 20:59:33 | 000,262,144 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat.LOG1
[2010/11/25 16:01:08 | 000,000,000 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat.LOG2
[2011/05/28 02:39:24 | 000,065,536 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{56d69703-8861-11e0-b3d1-6c626d8d3e29}.TM.blf
[2011/05/28 02:39:24 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{56d69703-8861-11e0-b3d1-6c626d8d3e29}.TMContainer00000000000000000001.regtrans-ms
[2011/05/28 02:39:24 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{56d69703-8861-11e0-b3d1-6c626d8d3e29}.TMContainer00000000000000000002.regtrans-ms
[2010/11/25 16:33:21 | 000,065,536 | -HS- | M] () -- C:\Users\WIENERBLUT\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/11/25 16:33:21 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/11/25 16:33:21 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/11/26 07:25:01 | 000,065,536 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{ead73dbb-f8d6-11df-b679-6c626d8d3e29}.TM.blf
[2010/11/26 07:25:01 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{ead73dbb-f8d6-11df-b679-6c626d8d3e29}.TMContainer00000000000000000001.regtrans-ms
[2010/11/26 07:25:01 | 000,524,288 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.dat{ead73dbb-f8d6-11df-b679-6c626d8d3e29}.TMContainer00000000000000000002.regtrans-ms
[2010/11/25 16:01:09 | 000,000,020 | -HS- | M] () -- C:\Users\WIENERBLUT\ntuser.ini
[2012/01/29 03:21:56 | 000,846,336 | ---- | M] () -- C:\Users\WIENERBLUT\pbsetup.exe
[2012/01/29 03:22:00 | 002,580,552 | ---- | M] () -- C:\Users\WIENERBLUT\pbsvc.exe
[2011/07/24 20:52:01 | 000,229,903 | ---- | M] () -- C:\Users\WIENERBLUT\Richard Bsteh 3_10.pdf
[2011/07/24 19:18:49 | 000,229,643 | ---- | M] () -- C:\Users\WIENERBLUT\Sandro Vacilotto 3_10.pdf
[2011/07/24 19:51:37 | 000,230,324 | ---- | M] () -- C:\Users\WIENERBLUT\Sebastian SEIBT 6_10.pdf
[2012/02/24 03:29:14 | 039,815,848 | ---- | M] () -- C:\Users\WIENERBLUT\Sword_2_10182011_G1_Xfire.exe
[2012/02/24 03:35:47 | 2103,158,624 | ---- | M] () -- C:\Users\WIENERBLUT\Sword_2_20111018.bin1
[2012/02/24 03:35:43 | 2055,359,392 | ---- | M] () -- C:\Users\WIENERBLUT\Sword_2_20111018.bin2
[2012/02/24 03:35:43 | 1798,227,496 | ---- | M] () -- C:\Users\WIENERBLUT\Sword_2_20111018.bin3
[2012/02/24 03:35:44 | 720,051,672 | ---- | M] () -- C:\Users\WIENERBLUT\Sword_2_20111018.bin4
[2011/07/24 19:22:00 | 000,229,953 | ---- | M] () -- C:\Users\WIENERBLUT\Tobias Joppen 5_10 .pdf
[2012/02/24 01:30:04 | 922,460,208 | ---- | M] () -- C:\Users\WIENERBLUT\War_Rock_10182011_G1_Xfire.exe
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
         
--- --- ---

Alt 11.04.2012, 20:26   #5
Laurana
 
Trojan.Win32.Mediyes - Standard

Trojan.Win32.Mediyes



2. extras.txtOTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 4/11/2012 8:39:20 PM - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\WIENERBLUT\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 53.54% Memory free
5.98 Gb Paging File | 3.85 Gb Available in Paging File | 64.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356.17 Gb Total Space | 1151.13 Gb Free Space | 84.88% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 14.12 Gb Free Space | 35.29% Space Free | Partition Type: NTFS
 
Computer Name: WIENERBLUT-PC | User Name: WIENERBLUT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D46A43D-E720-43AD-80AC-9F434C45FD26}" = MorphVOX Pro
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F425F12-3A1B-4511-97B2-E2BB4701B745}" = Crysis Wars(R)
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{43E506CC-6633-4F2A-8D8E-4A95D2384393}" = Crysis Wars(R) Patch
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian
"{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{7B6C9592-EF3B-B71E-F9B6-44FB797C205E}" = AMD Drag and Drop Transcoding
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943B2619-0E00-E9F1-73E3-03090965484E}" = AMD Media Foundation Decoders
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB7A055-0C66-C319-9613-CACDC50DDB38}" = ccc-utility
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A994E9F7-A748-FFB1-01C2-9D64ADE870B4}" = AMD Accelerated Video Transcoding
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian
"{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = Catalyst Control Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian
"{C4100721-2D71-CC80-8877-0A7855B6EEFB}" = AMD Catalyst Install Manager
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All
"{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English
"{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common
"{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Conan_is1" = Age of Conan: Unchained
"APB Reloaded" = APB Reloaded
"AVG Secure Search" = AVG Security Toolbar
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1304
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Crysis Wars(R)" = Crysis Wars(R)
"Crysis Wars(R) Patch" = Crysis Wars(R) Patch
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESN Sonar-0.70.4" = ESN Sonar
"GamersFirst LIVE!" = GamersFirst LIVE!
"Google Chrome" = Google Chrome
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"RiseOfImmortals" = Rise of Immortals
"Simple Port Forwarding" = Simple Port Forwarding
"Steam App 113420" = Fallen Earth
"Steam App 201190" = Magic: The Gathering – Tactics
"Steam App 22818" = Bulletstorm - Prima Official Strategy Guide
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steam App 8980" = Borderlands
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Nokia Link" = Nokia Link
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 1/13/2012 11:24:09 PM | Computer Name = WIENERBLUT-PC | Source = VSS | ID = 13
Description = 
 
Error - 1/13/2012 11:24:09 PM | Computer Name = WIENERBLUT-PC | Source = VSS | ID = 8193
Description = 
 
Error - 1/13/2012 11:24:09 PM | Computer Name = WIENERBLUT-PC | Source = VSS | ID = 13
Description = 
 
Error - 1/13/2012 11:24:09 PM | Computer Name = WIENERBLUT-PC | Source = VSS | ID = 8193
Description = 
 
Error - 1/14/2012 12:57:28 PM | Computer Name = WIENERBLUT-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Skype\Toolbars\Internet
 Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" in Zeile 2.  Mehrere
 requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 1/14/2012 4:04:09 PM | Computer Name = WIENERBLUT-PC | Source = Windows Installer 3.1 | ID = 921877
Description = 
 
Error - 1/14/2012 4:07:40 PM | Computer Name = WIENERBLUT-PC | Source = Windows Installer 3.1 | ID = 921877
Description = 
 
Error - 1/14/2012 4:10:17 PM | Computer Name = WIENERBLUT-PC | Source = Windows Installer 3.1 | ID = 921877
Description = 
 
Error - 1/14/2012 7:21:10 PM | Computer Name = WIENERBLUT-PC | Source = BugSplat | ID = 1
Description = 
 
Error - 1/14/2012 9:19:08 PM | Computer Name = WIENERBLUT-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ShippingPC-StormGame.exe, Version:
 1.0.7147.0, Zeitstempel: 0x4dde3f6b  Name des fehlerhaften Moduls: ShippingPC-StormGame.exe,
 Version: 1.0.7147.0, Zeitstempel: 0x4dde3f6b  Ausnahmecode: 0xc0000005  Fehleroffset:
 0x00a16d13  ID des fehlerhaften Prozesses: 0xa90  Startzeit der fehlerhaften Anwendung:
 0x01ccd32147b440f8  Pfad der fehlerhaften Anwendung: c:\program files\steam\steamapps\common\bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe
Pfad
 des fehlerhaften Moduls: c:\program files\steam\steamapps\common\bulletstorm\Binaries\Win32\ShippingPC-StormGame.exe
Berichtskennung:
 ebf17f4b-3f16-11e1-b076-6c626d8d3e29
 
[ OSession Events ]
Error - 7/20/2011 6:01:20 AM | Computer Name = WIENERBLUT-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 831
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 12/17/2011 11:38:55 AM | Computer Name = WIENERBLUT-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12/17/2011 1:39:14 PM | Computer Name = WIENERBLUT-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 2/26/2012 12:41:33 PM | Computer Name = WIENERBLUT-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 659
 seconds with 300 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 4/11/2012 11:14:49 AM | Computer Name = WIENERBLUT-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2
 
Error - 4/11/2012 11:14:49 AM | Computer Name = WIENERBLUT-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
   %%2
 
Error - 4/11/2012 11:14:49 AM | Computer Name = WIENERBLUT-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2
 
Error - 4/11/2012 11:17:39 AM | Computer Name = WIENERBLUT-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2
 
Error - 4/11/2012 11:17:39 AM | Computer Name = WIENERBLUT-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
   %%2
 
Error - 4/11/2012 11:17:39 AM | Computer Name = WIENERBLUT-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2
 
Error - 4/11/2012 11:17:39 AM | Computer Name = WIENERBLUT-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
   %%2
 
Error - 4/11/2012 11:17:39 AM | Computer Name = WIENERBLUT-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%2
 
Error - 4/11/2012 11:17:39 AM | Computer Name = WIENERBLUT-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
   %%2
 
Error - 4/11/2012 2:45:42 PM | Computer Name = WIENERBLUT-PC | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
 auf Volume "C:" abgebrochen.
 
 
< End of report >
         
--- --- ---


sry, das mit dem posten hat nicht gleich funktioniert.

Nun zu der Kasperskymeldung: wo ich die txt-datei finde weis ich leider nicht. der bericht vom 10.4.2012 sagt 6 trojanische Programme gefunden, der detaillierte Bericht sagt Trojan.Win32.Mediyes.ua, C:\Windows\System32\aptw78cgn.dll

danke fürs helfen
laurana


Alt 12.04.2012, 09:45   #6
markusg
/// Malware-holic
 
Trojan.Win32.Mediyes - Standard

Trojan.Win32.Mediyes



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Trojan.Win32.Mediyes

Alt 12.04.2012, 11:12   #7
Laurana
 
Trojan.Win32.Mediyes - Standard

Trojan.Win32.Mediyes



hier das ergebnis:
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-04-12.01 - WIENERBLUT 12.04.2012  11:33:49.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.3063.1911 [GMT 2:00]
ausgeführt von:: c:\users\WIENERBLUT\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Emsisoft Anti-Malware *Disabled/Updated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\Internet Explorer
c:\internet explorer\Custom\eBay.ico
c:\users\WIENERBLUT\APB_Reloaded_Installer.exe
c:\users\WIENERBLUT\AppData\Roaming\.#
c:\users\WIENERBLUT\AppData\Roaming\.#\MBX@E9C@1B42938.###
c:\users\WIENERBLUT\AppData\Roaming\.#\MBX@E9C@1B42968.###
c:\users\WIENERBLUT\AppData\Roaming\.#\MBX@E9C@1B42998.###
c:\users\WIENERBLUT\AppData\Roaming\PriceGong
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\1.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\a.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\b.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\c.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\d.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\e.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\f.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\g.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\h.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\i.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\J.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\k.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\l.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\m.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\mru.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\n.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\o.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\p.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\q.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\r.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\s.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\t.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\u.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\v.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\w.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\x.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\y.xml
c:\users\WIENERBLUT\AppData\Roaming\PriceGong\Data\z.xml
c:\users\WIENERBLUT\Erik Blume 4_10 .pdf
c:\users\WIENERBLUT\Tobias Joppen 5_10 .pdf
c:\windows\PFRO.log
c:\windows\system32\tmpB4BF.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-12 bis 2012-04-12  ))))))))))))))))))))))))))))))
.
.
2012-04-11 21:06 . 2012-03-01 05:46	19824	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-04-11 21:06 . 2012-03-01 05:29	5120	----a-w-	c:\windows\system32\wmi.dll
2012-04-11 21:06 . 2012-03-01 05:37	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-04-11 21:06 . 2012-03-01 05:33	159232	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-11 21:05 . 2012-03-06 05:59	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 21:05 . 2012-03-06 05:59	3913072	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-11 04:01 . 2012-04-12 09:34	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EBCFDD5-DB36-464C-B4E9-344C3C85F96E}\offreg.dll
2012-04-10 11:14 . 2012-03-14 02:15	6582328	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8EBCFDD5-DB36-464C-B4E9-344C3C85F96E}\mpengine.dll
2012-04-10 10:26 . 2012-04-12 09:29	--------	d-----w-	c:\program files\Emsisoft Anti-Malware
2012-04-09 13:47 . 2012-04-09 14:06	--------	d-----w-	c:\users\WIENERBLUT\AppData\Local\GameSpy
2012-04-09 04:37 . 2012-04-09 04:37	--------	d-----w-	c:\users\WIENERBLUT\AppData\Roaming\UnknownApplicationVendor
2012-04-09 04:11 . 2012-04-09 04:11	--------	dc-h--w-	c:\programdata\{5794CDCB-FAB7-4C15-9069-4D8AC02592DE}
2012-04-09 00:32 . 2012-04-09 04:11	--------	dc-h--w-	c:\programdata\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
2012-04-08 23:34 . 2012-04-09 14:01	--------	d-----w-	c:\programdata\Desura
2012-04-08 23:02 . 2012-04-08 23:03	107888	----a-w-	c:\windows\system32\CmdLineExt.dll
2012-04-08 23:02 . 2012-04-08 23:02	--------	dc-h--w-	c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2012-04-08 22:21 . 2012-04-08 22:21	--------	d-----w-	c:\users\WIENERBLUT\AppData\Local\Origin
2012-04-08 03:01 . 2012-04-08 03:01	0	----a-w-	c:\windows\system32\sho4204.tmp
2012-04-07 15:15 . 2012-04-07 15:15	--------	d-----w-	c:\users\WIENERBLUT\AppData\Roaming\Malwarebytes
2012-04-07 15:15 . 2012-04-07 15:15	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-07 15:15 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-07 15:15 . 2012-04-10 12:11	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-04-07 15:02 . 2012-04-07 15:02	--------	d-----w-	c:\users\WIENERBLUT\AppData\Roaming\SUPERAntiSpyware.com
2012-04-07 15:02 . 2012-04-07 15:02	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-04-07 15:02 . 2012-04-07 15:02	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-04-02 03:25 . 2012-04-02 03:25	0	----a-w-	c:\windows\system32\sho1D13.tmp
2012-03-30 14:11 . 2012-03-30 15:01	418464	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-03-26 16:54 . 2012-03-26 16:54	0	----a-w-	c:\windows\system32\sho8D80.tmp
2012-03-26 15:41 . 2012-03-26 15:41	103864	----a-w-	c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-03-19 18:53 . 2012-03-19 18:53	0	----a-w-	c:\windows\system32\sho9C41.tmp
2012-03-17 12:10 . 2012-03-17 12:10	--------	d-----w-	c:\programdata\ATI
2012-03-17 12:05 . 2012-03-17 12:05	--------	d-----w-	c:\programdata\AMD
2012-03-17 12:05 . 2012-03-17 12:05	--------	d-----w-	c:\program files\AMD AVT
2012-03-17 12:05 . 2012-03-17 12:05	--------	d-----w-	c:\program files\AMD APP
2012-03-15 21:30 . 2012-03-15 21:30	--------	d-sh--w-	c:\programdata\SecuROM
2012-03-14 16:15 . 2012-02-03 03:54	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 16:15 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 16:15 . 2012-02-17 05:34	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 16:15 . 2012-02-17 04:14	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-14 16:15 . 2012-02-17 04:13	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-14 16:15 . 2012-01-25 05:32	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 16:15 . 2012-01-25 05:32	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 16:15 . 2012-01-25 05:27	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 21:33 . 2012-01-29 01:25	139224	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2012-04-11 21:33 . 2012-01-29 01:24	183152	----a-w-	c:\windows\system32\PnkBstrB.exe
2012-04-10 22:33 . 2010-11-26 21:45	183152	----a-w-	c:\windows\system32\PnkBstrB.ex0
2012-04-09 00:33 . 2010-12-07 16:20	22328	----a-w-	c:\users\WIENERBLUT\AppData\Roaming\PnkBstrK.sys
2012-04-09 00:32 . 2012-01-29 01:24	669184	----a-w-	c:\windows\system32\pbsvc.exe
2012-03-30 15:01 . 2011-05-18 18:19	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 11:33 . 2012-03-07 11:33	0	----a-w-	c:\windows\system32\sho7E34.tmp
2012-02-24 01:29 . 2012-02-23 21:10	39815848	----a-w-	c:\users\WIENERBLUT\Sword_2_10182011_G1_Xfire.exe
2012-02-23 23:30 . 2012-02-23 23:19	922460208	----a-w-	c:\users\WIENERBLUT\War_Rock_10182011_G1_Xfire.exe
2012-02-23 23:25 . 2012-02-23 23:20	510163640	----a-w-	c:\users\WIENERBLUT\Knight_Online_03072011.exe
2012-02-23 08:18 . 2010-08-30 16:46	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-02-21 20:16 . 2012-01-29 01:24	76888	----a-w-	c:\windows\system32\PnkBstrA.exe
2012-02-21 20:16 . 2010-11-26 21:45	282864	----a-w-	c:\windows\system32\PnkBstrB.xtr
2012-02-15 03:47 . 2012-02-15 03:47	9182208	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:18 . 2012-02-15 03:18	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2011-09-08 17:34	791040	----a-w-	c:\windows\system32\aticfx32.dll
2012-02-15 03:13 . 2012-02-15 03:13	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13	405504	----a-w-	c:\windows\system32\atieclxx.exe
2012-02-15 03:12 . 2012-02-15 03:12	163328	----a-w-	c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11	159744	----a-w-	c:\windows\system32\atitmmxx.dll
2012-02-15 03:10 . 2012-02-15 03:10	20992	----a-w-	c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10	43520	----a-w-	c:\windows\system32\ati2edxx.dll
2012-02-15 03:07 . 2011-09-08 17:24	6200320	----a-w-	c:\windows\system32\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58	19392000	----a-w-	c:\windows\system32\atioglxx.dll
2012-02-15 02:40 . 2012-02-15 02:40	1828864	----a-w-	c:\windows\system32\atiumdmv.dll
2012-02-15 02:34 . 2012-02-15 02:34	46080	----a-w-	c:\windows\system32\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34	44032	----a-w-	c:\windows\system32\aticalcl.dll
2012-02-15 02:34 . 2012-02-15 02:34	5954048	----a-w-	c:\windows\system32\atiumdag.dll
2012-02-15 02:29 . 2012-02-15 02:29	5062656	----a-w-	c:\windows\system32\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29	11561984	----a-w-	c:\windows\system32\aticaldd.dll
2012-02-15 02:16 . 2010-05-27 16:35	51200	----a-w-	c:\windows\system32\coinst.dll
2012-02-15 02:13 . 2012-02-15 02:13	356352	----a-w-	c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13	14336	----a-w-	c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13	33280	----a-w-	c:\windows\system32\atigktxx.dll
2012-02-15 02:12 . 2012-02-15 02:12	264704	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2011-09-08 16:51	33280	----a-w-	c:\windows\system32\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12	30208	----a-w-	c:\windows\system32\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11	53760	----a-w-	c:\windows\system32\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11	53760	----a-w-	c:\windows\system32\amdpcom32.dll
2012-02-14 21:05 . 2012-02-14 21:05	59904	----a-w-	c:\windows\system32\OpenVideo.dll
2012-02-14 21:05 . 2012-02-14 21:05	54784	----a-w-	c:\windows\system32\OVDecode.dll
2012-02-14 21:04 . 2012-02-14 21:04	13238272	----a-w-	c:\windows\system32\amdocl.dll
2012-02-14 21:03 . 2012-02-14 21:03	48128	----a-w-	c:\windows\system32\OpenCL.dll
2012-02-07 09:02 . 2012-02-07 09:02	1070352	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2012-02-02 22:50 . 2011-06-20 01:12	5265	----a-w-	c:\windows\system32\nppt9x.vxd
2012-02-02 22:50 . 2011-06-20 01:12	4774	----a-w-	c:\windows\system32\npptNT2.sys
2012-01-31 05:00 . 2012-01-31 05:00	16896	----a-w-	c:\windows\system32\kdbsdk32.dll
2012-01-29 01:22 . 2012-01-29 01:21	2580552	----a-w-	c:\users\WIENERBLUT\pbsvc.exe
2012-01-29 01:21 . 2012-01-29 01:21	846336	----a-w-	c:\users\WIENERBLUT\pbsetup.exe
2012-02-11 12:42 . 2012-01-04 16:39	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 15:53	1869152	----a-w-	c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31	1514152	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nokia Link"="c:\users\WIENERBLUT\AppData\Local\Nokia\Nokia Link\NokiaLink.exe" [2012-01-17 162856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-03-07 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-06-14 9288296]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-16 928096]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
GamersFirst LIVE!.lnk - c:\program files\GamersFirst\LIVE!\Live.exe [2011-8-16 2589808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe"
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"IAStorIcon"=c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"NUSB3MON"="c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 136176]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 20992]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-11-02 51632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 136176]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2011-11-01 137600]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-06-19 4122968]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 603240]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-25 1343400]
R3 XDva351;XDva351;c:\windows\system32\XDva351.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2011-11-02 34768]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2012-01-22 3025112]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-15 163328]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2011-12-14 1514304]
S2 Update-Service;Update-Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-12 918880]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-02-15 9182208]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-02-15 264704]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-12-05 86032]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 64904]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 146568]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-05-31 267880]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-11-25 34384]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2011-10-20 10064]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
Update-Service	REG_MULTI_SZ   	Update-Service
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 15:01]
.
2012-04-09 c:\windows\Tasks\Crysis Wars(R) Updates.job
- c:\windows\Installer\Crysis Wars(R) Updates for All Users.lnk [2012-04-09 00:32]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 13:58]
.
2012-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 13:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten österreichischen Shopping-Websites
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\WIENERBLUT\AppData\Roaming\Mozilla\Firefox\Profiles\polpnupy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://search.linkury.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_US&apn_uid=4506ca31-8013-473f-9b1b-71a0614bd86a&apn_ptnrs=^AAA&apn_sauid=41894784-7CDF-4CB5-BF8D-CDF6CD06F353&apn_dtid=^YYYYYY^YY^AT&&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
SafeBoot-BsScanner
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2517004976-3295302337-4199221813-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b1,4d,7b,66,20,08,25,53,6a,fe,e9,35,d8,7e,0a,30,b6,3c,0a,0e,f9,7f,3a,
   79,29,36,2d,f2,03,ff,59,da,ad,66,a7,28,dd,1c,58,76,38,bf,94,e2,d0,1c,fa,36,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-2517004976-3295302337-4199221813-1000\Software\SecuROM\License information*]
"datasecu"=hex:60,3c,ca,ab,87,f9,b2,0e,42,59,94,7a,63,8d,3b,57,5a,63,3d,60,31,
   4c,6b,4c,79,25,1f,07,23,c3,01,82,0d,4b,7e,1c,f1,43,09,88,2d,c0,21,ca,21,aa,\
"rkeysecu"=hex:fe,41,82,14,0e,02,b3,67,a5,ca,ea,50,7e,c1,c2,d0
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-12  11:53:56
ComboFix-quarantined-files.txt  2012-04-12 09:53
.
Vor Suchlauf: 13 Verzeichnis(se), 1.235.040.960.512 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 1.236.111.765.504 Bytes frei
.
- - End Of File - - 9D731696B3C41425F0CD02235C074CB9
         
--- --- ---

Alt 12.04.2012, 16:09   #8
markusg
/// Malware-holic
 
Trojan.Win32.Mediyes - Standard

Trojan.Win32.Mediyes



findet kaspersky im moment noch etwas?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.04.2012, 16:44   #9
Laurana
 
Trojan.Win32.Mediyes - Standard

Trojan.Win32.Mediyes



nein, beim hochfahren zumindest nicht wie es bei mediyes der fall war, der complett scan gestern mit emsisoft hat auch nichts angezeigt

Alt 12.04.2012, 20:06   #10
markusg
/// Malware-holic
 
Trojan.Win32.Mediyes - Standard

Trojan.Win32.Mediyes



download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.04.2012, 21:21   #11
Laurana
 
Trojan.Win32.Mediyes - Standard

Trojan.Win32.Mediyes



22:16:46.0725 7304 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
22:16:48.0420 7304 ============================================================
22:16:48.0420 7304 Current date / time: 2012/04/12 22:16:48.0420
22:16:48.0420 7304 SystemInfo:
22:16:48.0420 7304
22:16:48.0420 7304 OS Version: 6.1.7601 ServicePack: 1.0
22:16:48.0420 7304 Product type: Workstation
22:16:48.0420 7304 ComputerName: WIENERBLUT-PC
22:16:48.0420 7304 UserName: WIENERBLUT
22:16:48.0420 7304 Windows directory: C:\Windows
22:16:48.0420 7304 System windows directory: C:\Windows
22:16:48.0420 7304 Processor architecture: Intel x86
22:16:48.0420 7304 Number of processors: 4
22:16:48.0420 7304 Page size: 0x1000
22:16:48.0420 7304 Boot type: Normal boot
22:16:48.0420 7304 ============================================================
22:16:55.0113 7304 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:16:55.0125 7304 \Device\Harddisk0\DR0:
22:16:55.0126 7304 MBR used
22:16:55.0126 7304 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:16:55.0126 7304 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xA9854800
22:16:55.0126 7304 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA9887000, BlocksNum 0x5000000
22:16:55.0195 7304 Initialize success
22:16:55.0195 7304 ============================================================
22:17:49.0963 10212 ============================================================
22:17:49.0963 10212 Scan started
22:17:49.0963 10212 Mode: Manual; SigCheck; TDLFS;
22:17:49.0963 10212 ============================================================
22:17:52.0606 10212 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:17:52.0667 10212 !SASCORE - ok
22:17:52.0781 10212 1394hub - ok
22:17:52.0834 10212 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
22:17:52.0902 10212 1394ohci - ok
22:17:52.0998 10212 a2acc (05dac43a484272de87eac038814a7840) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
22:17:53.0027 10212 a2acc - ok
22:17:53.0117 10212 a2AntiMalware (5a65a77f7a4a091e896c21db4ef18e1f) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
22:17:53.0191 10212 a2AntiMalware - ok
22:17:53.0253 10212 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys
22:17:53.0264 10212 A2DDA - ok
22:17:53.0288 10212 a2injectiondriver (23aac49133765eeaa86a65452d21ef1c) C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
22:17:53.0298 10212 a2injectiondriver - ok
22:17:53.0319 10212 a2util (2da26eb05b5495d3b2ee36456c239fb7) C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
22:17:53.0330 10212 a2util - ok
22:17:53.0405 10212 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
22:17:53.0420 10212 ACPI - ok
22:17:53.0466 10212 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
22:17:53.0531 10212 AcpiPmi - ok
22:17:53.0605 10212 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:17:53.0616 10212 AdobeFlashPlayerUpdateSvc - ok
22:17:53.0652 10212 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
22:17:53.0671 10212 adp94xx - ok
22:17:53.0711 10212 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
22:17:53.0727 10212 adpahci - ok
22:17:53.0769 10212 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
22:17:53.0783 10212 adpu320 - ok
22:17:53.0815 10212 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
22:17:53.0858 10212 AeLookupSvc - ok
22:17:53.0908 10212 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
22:17:53.0966 10212 AFD - ok
22:17:53.0997 10212 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
22:17:54.0010 10212 agp440 - ok
22:17:54.0018 10212 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
22:17:54.0031 10212 aic78xx - ok
22:17:54.0062 10212 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
22:17:54.0106 10212 ALG - ok
22:17:54.0121 10212 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
22:17:54.0133 10212 aliide - ok
22:17:54.0180 10212 AMD External Events Utility (cde41d99db840ff9454fc981ebd0ec50) C:\Windows\system32\atiesrxx.exe
22:17:54.0217 10212 AMD External Events Utility - ok
22:17:54.0237 10212 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
22:17:54.0249 10212 amdagp - ok
22:17:54.0264 10212 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
22:17:54.0276 10212 amdide - ok
22:17:54.0289 10212 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
22:17:54.0335 10212 AmdK8 - ok
22:17:54.0490 10212 amdkmdag (ffd082f1f1d4ff5c87f66df62486bcfa) C:\Windows\system32\DRIVERS\atikmdag.sys
22:17:54.0705 10212 amdkmdag - ok
22:17:54.0746 10212 amdkmdap (c541da5b72fa638469e8dc1e66079330) C:\Windows\system32\DRIVERS\atikmpag.sys
22:17:54.0802 10212 amdkmdap - ok
22:17:54.0811 10212 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
22:17:54.0861 10212 AmdPPM - ok
22:17:54.0895 10212 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
22:17:54.0908 10212 amdsata - ok
22:17:54.0918 10212 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
22:17:54.0931 10212 amdsbs - ok
22:17:54.0964 10212 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
22:17:54.0975 10212 amdxata - ok
22:17:55.0005 10212 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
22:17:55.0092 10212 AppID - ok
22:17:55.0124 10212 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
22:17:55.0149 10212 AppIDSvc - ok
22:17:55.0177 10212 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
22:17:55.0207 10212 Appinfo - ok
22:17:55.0244 10212 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
22:17:55.0257 10212 arc - ok
22:17:55.0276 10212 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
22:17:55.0289 10212 arcsas - ok
22:17:55.0360 10212 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:17:55.0387 10212 aspnet_state - ok
22:17:55.0410 10212 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
22:17:55.0501 10212 AsyncMac - ok
22:17:55.0557 10212 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
22:17:55.0569 10212 atapi - ok
22:17:55.0596 10212 AtiHDAudioService (4d201d8b576be4473405b2a86a2d28b3) C:\Windows\system32\drivers\AtihdW73.sys
22:17:55.0608 10212 AtiHDAudioService - ok
22:17:55.0640 10212 AtiHdmiService (8df873d0587596c1d35a9cececc61da1) C:\Windows\system32\drivers\AtiHdmi.sys
22:17:55.0653 10212 AtiHdmiService - ok
22:17:55.0707 10212 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:17:55.0735 10212 AudioEndpointBuilder - ok
22:17:55.0756 10212 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
22:17:55.0783 10212 Audiosrv - ok
22:17:55.0847 10212 AVP - ok
22:17:55.0905 10212 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
22:17:55.0987 10212 AxInstSV - ok
22:17:56.0029 10212 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
22:17:56.0119 10212 b06bdrv - ok
22:17:56.0156 10212 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
22:17:56.0189 10212 b57nd60x - ok
22:17:56.0220 10212 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
22:17:56.0291 10212 BDESVC - ok
22:17:56.0396 10212 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
22:17:56.0440 10212 Beep - ok
22:17:56.0497 10212 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
22:17:56.0571 10212 BFE - ok
22:17:56.0608 10212 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
22:17:56.0692 10212 BITS - ok
22:17:56.0709 10212 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
22:17:56.0723 10212 blbdrive - ok
22:17:56.0753 10212 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
22:17:56.0792 10212 bowser - ok
22:17:56.0806 10212 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:17:56.0856 10212 BrFiltLo - ok
22:17:56.0865 10212 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:17:56.0901 10212 BrFiltUp - ok
22:17:56.0968 10212 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
22:17:57.0003 10212 BridgeMP - ok
22:17:57.0055 10212 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
22:17:57.0081 10212 Browser - ok
22:17:57.0113 10212 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
22:17:57.0181 10212 Brserid - ok
22:17:57.0200 10212 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
22:17:57.0226 10212 BrSerWdm - ok
22:17:57.0255 10212 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:17:57.0290 10212 BrUsbMdm - ok
22:17:57.0329 10212 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
22:17:57.0372 10212 BrUsbSer - ok
22:17:57.0498 10212 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
22:17:57.0514 10212 BTHMODEM - ok
22:17:57.0560 10212 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
22:17:57.0587 10212 bthserv - ok
22:17:57.0672 10212 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\Windows\system32\drivers\BVRPMPR5.SYS
22:17:57.0695 10212 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
22:17:57.0695 10212 BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
22:17:57.0800 10212 catchme - ok
22:17:57.0826 10212 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
22:17:57.0861 10212 cdfs - ok
22:17:57.0946 10212 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
22:17:57.0987 10212 cdrom - ok
22:17:58.0029 10212 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:17:58.0068 10212 CertPropSvc - ok
22:17:58.0107 10212 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
22:17:58.0149 10212 circlass - ok
22:17:58.0168 10212 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
22:17:58.0182 10212 CLFS - ok
22:17:58.0272 10212 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:17:58.0282 10212 clr_optimization_v2.0.50727_32 - ok
22:17:58.0318 10212 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:17:58.0373 10212 clr_optimization_v4.0.30319_32 - ok
22:17:58.0395 10212 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
22:17:58.0436 10212 CmBatt - ok
22:17:58.0483 10212 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
22:17:58.0495 10212 cmdide - ok
22:17:58.0534 10212 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
22:17:58.0554 10212 CNG - ok
22:17:58.0589 10212 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
22:17:58.0601 10212 Compbatt - ok
22:17:58.0661 10212 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
22:17:58.0678 10212 CompositeBus - ok
22:17:58.0685 10212 COMSysApp - ok
22:17:58.0702 10212 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
22:17:58.0714 10212 crcdisk - ok
22:17:58.0755 10212 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
22:17:58.0781 10212 CryptSvc - ok
22:17:58.0882 10212 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:17:58.0908 10212 cvhsvc - ok
22:17:58.0936 10212 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:17:58.0976 10212 DcomLaunch - ok
22:17:59.0018 10212 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
22:17:59.0060 10212 defragsvc - ok
22:17:59.0078 10212 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
22:17:59.0118 10212 DfsC - ok
22:17:59.0151 10212 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
22:17:59.0178 10212 Dhcp - ok
22:17:59.0193 10212 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
22:17:59.0232 10212 discache - ok
22:17:59.0268 10212 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
22:17:59.0279 10212 Disk - ok
22:17:59.0313 10212 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
22:17:59.0391 10212 Dnscache - ok
22:17:59.0432 10212 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
22:17:59.0476 10212 dot3svc - ok
22:17:59.0511 10212 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
22:17:59.0565 10212 DPS - ok
22:17:59.0606 10212 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
22:17:59.0630 10212 drmkaud - ok
22:17:59.0669 10212 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
22:17:59.0691 10212 DXGKrnl - ok
22:17:59.0714 10212 EagleXNt - ok
22:17:59.0735 10212 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
22:17:59.0773 10212 EapHost - ok
22:17:59.0843 10212 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
22:17:59.0942 10212 ebdrv - ok
22:17:59.0977 10212 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
22:18:00.0002 10212 EFS - ok
22:18:00.0040 10212 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
22:18:00.0090 10212 ehRecvr - ok
22:18:00.0125 10212 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
22:18:00.0171 10212 ehSched - ok
22:18:00.0213 10212 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
22:18:00.0234 10212 elxstor - ok
22:18:00.0259 10212 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
22:18:00.0272 10212 ErrDev - ok
22:18:00.0313 10212 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
22:18:00.0343 10212 EventSystem - ok
22:18:00.0455 10212 EverestDriver - ok
22:18:00.0726 10212 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
22:18:00.0754 10212 exfat - ok
22:18:00.0806 10212 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
22:18:00.0846 10212 fastfat - ok
22:18:00.0916 10212 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
22:18:01.0001 10212 Fax - ok
22:18:01.0031 10212 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
22:18:01.0045 10212 fdc - ok
22:18:01.0072 10212 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
22:18:01.0114 10212 fdPHost - ok
22:18:01.0141 10212 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
22:18:01.0182 10212 FDResPub - ok
22:18:01.0202 10212 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
22:18:01.0212 10212 FileInfo - ok
22:18:01.0225 10212 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
22:18:01.0259 10212 Filetrace - ok
22:18:01.0357 10212 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
22:18:01.0384 10212 flpydisk - ok
22:18:01.0393 10212 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
22:18:01.0405 10212 FltMgr - ok
22:18:01.0452 10212 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
22:18:01.0551 10212 FontCache - ok
22:18:01.0620 10212 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:18:01.0739 10212 FontCache3.0.0.0 - ok
22:18:01.0759 10212 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
22:18:01.0771 10212 FsDepends - ok
22:18:01.0807 10212 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys
22:18:01.0817 10212 fssfltr - ok
22:18:01.0951 10212 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
22:18:01.0984 10212 fsssvc - ok
22:18:02.0023 10212 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
22:18:02.0114 10212 Fs_Rec - ok
22:18:02.0151 10212 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
22:18:02.0166 10212 fvevol - ok
22:18:02.0208 10212 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:18:02.0221 10212 gagp30kx - ok
22:18:02.0243 10212 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
22:18:02.0286 10212 gpsvc - ok
22:18:02.0321 10212 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:18:02.0332 10212 gupdate - ok
22:18:02.0338 10212 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
22:18:02.0347 10212 gupdatem - ok
22:18:02.0428 10212 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
22:18:02.0473 10212 hcw85cir - ok
22:18:02.0513 10212 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
22:18:02.0560 10212 HdAudAddService - ok
22:18:02.0625 10212 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
22:18:02.0657 10212 HDAudBus - ok
22:18:02.0665 10212 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
22:18:02.0702 10212 HidBatt - ok
22:18:02.0736 10212 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
22:18:02.0795 10212 HidBth - ok
22:18:02.0849 10212 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
22:18:02.0876 10212 HidIr - ok
22:18:02.0932 10212 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
22:18:02.0971 10212 hidserv - ok
22:18:02.0994 10212 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
22:18:03.0022 10212 HidUsb - ok
22:18:03.0061 10212 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
22:18:03.0099 10212 hkmsvc - ok
22:18:03.0148 10212 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
22:18:03.0345 10212 HomeGroupListener - ok
22:18:03.0377 10212 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
22:18:03.0413 10212 HomeGroupProvider - ok
22:18:03.0454 10212 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
22:18:03.0466 10212 HpSAMD - ok
22:18:03.0515 10212 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
22:18:03.0545 10212 HTTP - ok
22:18:03.0580 10212 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
22:18:03.0590 10212 hwpolicy - ok
22:18:03.0633 10212 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
22:18:03.0664 10212 i8042prt - ok
22:18:03.0689 10212 iaStor (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys
22:18:03.0705 10212 iaStor - ok
22:18:03.0762 10212 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:18:03.0773 10212 IAStorDataMgrSvc - ok
22:18:03.0799 10212 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
22:18:03.0817 10212 iaStorV - ok
22:18:03.0997 10212 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:18:04.0023 10212 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:18:04.0023 10212 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:18:04.0073 10212 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:18:04.0097 10212 idsvc - ok
22:18:04.0130 10212 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
22:18:04.0142 10212 iirsp - ok
22:18:04.0199 10212 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
22:18:04.0245 10212 IKEEXT - ok
22:18:04.0343 10212 IntcAzAudAddService (4be85cf5831a41104c2dded55fbc3565) C:\Windows\system32\drivers\RTKVHDA.sys
22:18:04.0428 10212 IntcAzAudAddService - ok
22:18:04.0476 10212 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
22:18:04.0487 10212 intelide - ok
22:18:04.0534 10212 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
22:18:04.0562 10212 intelppm - ok
22:18:04.0592 10212 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
22:18:04.0640 10212 IPBusEnum - ok
22:18:04.0667 10212 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:18:04.0693 10212 IpFilterDriver - ok
22:18:04.0736 10212 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
22:18:04.0773 10212 iphlpsvc - ok
22:18:04.0812 10212 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
22:18:04.0828 10212 IPMIDRV - ok
22:18:04.0836 10212 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
22:18:04.0874 10212 IPNAT - ok
22:18:04.0900 10212 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
22:18:04.0929 10212 IRENUM - ok
22:18:04.0988 10212 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
22:18:05.0000 10212 isapnp - ok
22:18:05.0040 10212 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
22:18:05.0055 10212 iScsiPrt - ok
22:18:05.0080 10212 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
22:18:05.0093 10212 kbdclass - ok
22:18:05.0104 10212 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
22:18:05.0130 10212 kbdhid - ok
22:18:05.0160 10212 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:18:05.0173 10212 KeyIso - ok
22:18:05.0217 10212 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
22:18:05.0229 10212 KL1 - ok
22:18:05.0254 10212 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
22:18:05.0265 10212 kl2 - ok
22:18:05.0318 10212 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
22:18:05.0339 10212 KLIF - ok
22:18:05.0376 10212 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
22:18:05.0387 10212 KLIM6 - ok
22:18:05.0444 10212 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
22:18:05.0455 10212 klmouflt - ok
22:18:05.0470 10212 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
22:18:05.0482 10212 KSecDD - ok
22:18:05.0493 10212 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
22:18:05.0505 10212 KSecPkg - ok
22:18:05.0544 10212 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
22:18:05.0619 10212 KtmRm - ok
22:18:05.0673 10212 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
22:18:05.0699 10212 LanmanServer - ok
22:18:05.0731 10212 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
22:18:05.0776 10212 lltdio - ok
22:18:05.0810 10212 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
22:18:05.0839 10212 lltdsvc - ok
22:18:05.0860 10212 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
22:18:05.0934 10212 lmhosts - ok
22:18:05.0976 10212 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:18:05.0989 10212 LSI_FC - ok
22:18:06.0024 10212 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:18:06.0036 10212 LSI_SAS - ok
22:18:06.0069 10212 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:18:06.0081 10212 LSI_SAS2 - ok
22:18:06.0116 10212 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:18:06.0129 10212 LSI_SCSI - ok
22:18:06.0147 10212 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
22:18:06.0173 10212 luafv - ok
22:18:06.0242 10212 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
22:18:06.0251 10212 MBAMProtector - ok
22:18:06.0316 10212 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
22:18:06.0334 10212 MBAMService - ok
22:18:06.0484 10212 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
22:18:06.0500 10212 Mcx2Svc - ok
22:18:06.0513 10212 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
22:18:06.0525 10212 megasas - ok
22:18:06.0540 10212 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
22:18:06.0556 10212 MegaSR - ok
22:18:06.0718 10212 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
22:18:06.0729 10212 Microsoft Office Groove Audit Service - ok
22:18:06.0762 10212 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:18:06.0797 10212 MMCSS - ok
22:18:06.0816 10212 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
22:18:06.0853 10212 Modem - ok
22:18:06.0905 10212 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
22:18:06.0935 10212 monitor - ok
22:18:06.0986 10212 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
22:18:06.0997 10212 mouclass - ok
22:18:07.0058 10212 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
22:18:07.0089 10212 mouhid - ok
22:18:07.0129 10212 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
22:18:07.0140 10212 mountmgr - ok
22:18:07.0172 10212 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
22:18:07.0185 10212 mpio - ok
22:18:07.0197 10212 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
22:18:07.0239 10212 mpsdrv - ok
22:18:07.0285 10212 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
22:18:07.0343 10212 MpsSvc - ok
22:18:07.0406 10212 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
22:18:07.0442 10212 MRxDAV - ok
22:18:07.0469 10212 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:18:07.0501 10212 mrxsmb - ok
22:18:07.0520 10212 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:18:07.0535 10212 mrxsmb10 - ok
22:18:07.0544 10212 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:18:07.0574 10212 mrxsmb20 - ok
22:18:07.0608 10212 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
22:18:07.0620 10212 msahci - ok
22:18:07.0648 10212 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
22:18:07.0661 10212 msdsm - ok
22:18:07.0705 10212 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
22:18:07.0721 10212 MSDTC - ok
22:18:07.0734 10212 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
22:18:07.0760 10212 Msfs - ok
22:18:07.0818 10212 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
22:18:07.0856 10212 mshidkmdf - ok
22:18:07.0880 10212 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
22:18:07.0890 10212 msisadrv - ok
22:18:07.0911 10212 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
22:18:07.0955 10212 MSiSCSI - ok
22:18:07.0962 10212 msiserver - ok
22:18:07.0988 10212 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
22:18:08.0028 10212 MSKSSRV - ok
22:18:08.0056 10212 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
22:18:08.0083 10212 MSPCLOCK - ok
22:18:08.0095 10212 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
22:18:08.0121 10212 MSPQM - ok
22:18:08.0136 10212 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
22:18:08.0149 10212 MsRPC - ok
22:18:08.0168 10212 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
22:18:08.0180 10212 mssmbios - ok
22:18:08.0200 10212 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
22:18:08.0225 10212 MSTEE - ok
22:18:08.0256 10212 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
22:18:08.0288 10212 MTConfig - ok
22:18:08.0314 10212 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
22:18:08.0325 10212 Mup - ok
22:18:08.0361 10212 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
22:18:08.0407 10212 napagent - ok
22:18:08.0443 10212 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
22:18:08.0462 10212 NativeWifiP - ok
22:18:08.0484 10212 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
22:18:08.0506 10212 NDIS - ok
22:18:08.0534 10212 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
22:18:08.0561 10212 NdisCap - ok
22:18:08.0590 10212 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
22:18:08.0630 10212 NdisTapi - ok
22:18:08.0680 10212 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
22:18:08.0716 10212 Ndisuio - ok
22:18:08.0738 10212 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
22:18:08.0765 10212 NdisWan - ok
22:18:08.0790 10212 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
22:18:08.0829 10212 NDProxy - ok
22:18:08.0838 10212 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
22:18:08.0862 10212 NetBIOS - ok
22:18:08.0897 10212 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
22:18:08.0936 10212 NetBT - ok
22:18:08.0965 10212 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:18:08.0979 10212 Netlogon - ok
22:18:09.0032 10212 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
22:18:09.0079 10212 Netman - ok
22:18:09.0132 10212 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:18:09.0144 10212 NetMsmqActivator - ok
22:18:09.0157 10212 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:18:09.0167 10212 NetPipeActivator - ok
22:18:09.0185 10212 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
22:18:09.0230 10212 netprofm - ok
22:18:09.0246 10212 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:18:09.0256 10212 NetTcpActivator - ok
22:18:09.0259 10212 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:18:09.0269 10212 NetTcpPortSharing - ok
22:18:09.0298 10212 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
22:18:09.0310 10212 nfrd960 - ok
22:18:09.0325 10212 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
22:18:09.0352 10212 NlaSvc - ok
22:18:09.0400 10212 nmwcd (f6c40e0a565ee3ce5aeeb325e10054f2) C:\Windows\system32\drivers\ccdcmb.sys
22:18:09.0458 10212 nmwcd - ok
22:18:09.0467 10212 nmwcdc (2a394e9e1fa3565e4b2fea470ffe4d6b) C:\Windows\system32\drivers\ccdcmbo.sys
22:18:09.0494 10212 nmwcdc - ok
22:18:09.0525 10212 nmwcdnsu (99b224f8026cb534724aa3c408561e45) C:\Windows\system32\drivers\nmwcdnsu.sys
22:18:09.0574 10212 nmwcdnsu - ok
22:18:09.0583 10212 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
22:18:09.0608 10212 Npfs - ok
22:18:09.0638 10212 npggsvc - ok
22:18:09.0670 10212 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
22:18:09.0697 10212 nsi - ok
22:18:09.0717 10212 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
22:18:09.0744 10212 nsiproxy - ok
22:18:09.0776 10212 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
22:18:09.0806 10212 Ntfs - ok
22:18:09.0825 10212 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
22:18:09.0868 10212 Null - ok
22:18:09.0892 10212 nusb3hub (03ad379554b50fa1802be4ec2e291e92) C:\Windows\system32\DRIVERS\nusb3hub.sys
22:18:09.0903 10212 nusb3hub - ok
22:18:09.0949 10212 nusb3xhc (06fe87c9d181af5f04d192e604e10e6c) C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:18:09.0961 10212 nusb3xhc - ok
22:18:10.0003 10212 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
22:18:10.0017 10212 nvraid - ok
22:18:10.0049 10212 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
22:18:10.0062 10212 nvstor - ok
22:18:10.0091 10212 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
22:18:10.0104 10212 nv_agp - ok
22:18:10.0265 10212 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:18:10.0281 10212 odserv - ok
22:18:10.0318 10212 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
22:18:10.0356 10212 ohci1394 - ok
22:18:10.0392 10212 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:18:10.0404 10212 ose - ok
22:18:10.0517 10212 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:18:10.0587 10212 osppsvc - ok
22:18:10.0628 10212 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:18:10.0743 10212 p2pimsvc - ok
22:18:10.0785 10212 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
22:18:10.0801 10212 p2psvc - ok
22:18:10.0839 10212 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
22:18:10.0867 10212 Parport - ok
22:18:10.0890 10212 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
22:18:10.0901 10212 partmgr - ok
22:18:10.0921 10212 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
22:18:10.0951 10212 Parvdm - ok
22:18:10.0977 10212 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
22:18:11.0020 10212 PcaSvc - ok
22:18:11.0078 10212 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys
22:18:11.0113 10212 pccsmcfd - ok
22:18:11.0134 10212 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
22:18:11.0147 10212 pci - ok
22:18:11.0204 10212 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
22:18:11.0215 10212 pciide - ok
22:18:11.0229 10212 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
22:18:11.0248 10212 pcmcia - ok
22:18:11.0380 10212 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
22:18:11.0390 10212 pcw - ok
22:18:11.0424 10212 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
22:18:11.0476 10212 PEAUTH - ok
22:18:11.0560 10212 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
22:18:11.0615 10212 pla - ok
22:18:11.0677 10212 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
22:18:11.0706 10212 PlugPlay - ok
22:18:11.0774 10212 PnkBstrA (205e1b699fd3f2f9b036eea2ec30c620) C:\Windows\system32\PnkBstrA.exe
22:18:11.0866 10212 PnkBstrA - ok
22:18:11.0882 10212 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
22:18:11.0918 10212 PNRPAutoReg - ok
22:18:11.0960 10212 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
22:18:11.0975 10212 PNRPsvc - ok
22:18:11.0997 10212 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
22:18:12.0025 10212 PolicyAgent - ok
22:18:12.0056 10212 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
22:18:12.0104 10212 Power - ok
22:18:12.0134 10212 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
22:18:12.0160 10212 PptpMiniport - ok
22:18:12.0183 10212 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
22:18:12.0204 10212 Processor - ok
22:18:12.0228 10212 Profos - ok
22:18:12.0270 10212 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
22:18:12.0296 10212 ProfSvc - ok
22:18:12.0337 10212 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:18:12.0351 10212 ProtectedStorage - ok
22:18:12.0426 10212 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
22:18:12.0466 10212 Psched - ok
22:18:12.0632 10212 PSI_SVC_2 (a6a7ad767bf5141665f5c675f671b3e1) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
22:18:12.0730 10212 PSI_SVC_2 - ok
22:18:12.0772 10212 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
22:18:12.0806 10212 ql2300 - ok
22:18:12.0845 10212 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
22:18:12.0858 10212 ql40xx - ok
22:18:12.0892 10212 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
22:18:12.0927 10212 QWAVE - ok
22:18:12.0953 10212 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
22:18:12.0977 10212 QWAVEdrv - ok
22:18:12.0997 10212 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
22:18:13.0022 10212 RasAcd - ok
22:18:13.0065 10212 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:18:13.0090 10212 RasAgileVpn - ok
22:18:13.0108 10212 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
22:18:13.0135 10212 RasAuto - ok
22:18:13.0144 10212 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:18:13.0170 10212 Rasl2tp - ok
22:18:13.0198 10212 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
22:18:13.0241 10212 RasMan - ok
22:18:13.0259 10212 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
22:18:13.0298 10212 RasPppoe - ok
22:18:13.0306 10212 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
22:18:13.0331 10212 RasSstp - ok
22:18:13.0360 10212 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
22:18:13.0402 10212 rdbss - ok
22:18:13.0429 10212 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
22:18:13.0449 10212 rdpbus - ok
22:18:13.0474 10212 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:18:13.0497 10212 RDPCDD - ok
22:18:13.0515 10212 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
22:18:13.0553 10212 RDPENCDD - ok
22:18:13.0562 10212 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
22:18:13.0584 10212 RDPREFMP - ok
22:18:13.0621 10212 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
22:18:13.0649 10212 RDPWD - ok
22:18:13.0677 10212 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
22:18:13.0690 10212 rdyboost - ok
22:18:13.0730 10212 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
22:18:13.0756 10212 RemoteAccess - ok
22:18:13.0771 10212 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
22:18:13.0812 10212 RemoteRegistry - ok
22:18:13.0841 10212 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
22:18:13.0868 10212 RpcEptMapper - ok
22:18:13.0908 10212 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
22:18:13.0924 10212 RpcLocator - ok
22:18:13.0960 10212 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
22:18:13.0988 10212 RpcSs - ok
22:18:14.0007 10212 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
22:18:14.0034 10212 rspndr - ok
22:18:14.0081 10212 RTL8167 (0516998076ad894ae7e362c3110aa071) C:\Windows\system32\DRIVERS\Rt86win7.sys
22:18:14.0097 10212 RTL8167 - ok
22:18:14.0139 10212 RTL8192su (9ce8deffaffccbf473015d76ae8ee514) C:\Windows\system32\DRIVERS\RTL8192su.sys
22:18:14.0160 10212 RTL8192su - ok
22:18:14.0197 10212 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:18:14.0211 10212 SamSs - ok
22:18:14.0266 10212 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:18:14.0277 10212 SASDIFSV - ok
22:18:14.0307 10212 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:18:14.0319 10212 SASKUTIL - ok
22:18:14.0356 10212 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
22:18:14.0369 10212 sbp2port - ok
22:18:14.0392 10212 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
22:18:14.0432 10212 SCardSvr - ok
22:18:14.0491 10212 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
22:18:14.0516 10212 scfilter - ok
22:18:14.0558 10212 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
22:18:14.0594 10212 Schedule - ok
22:18:14.0638 10212 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
22:18:14.0661 10212 SCPolicySvc - ok
22:18:14.0681 10212 SCREAMINGBDRIVER (a643d6df1b7546256b11fb5d6b5d1375) C:\Windows\system32\drivers\ScreamingBAudio.sys
22:18:14.0692 10212 SCREAMINGBDRIVER - ok
22:18:14.0721 10212 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
22:18:14.0760 10212 SDRSVC - ok
22:18:14.0782 10212 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:18:14.0823 10212 secdrv - ok
22:18:14.0840 10212 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
22:18:14.0876 10212 seclogon - ok
22:18:14.0894 10212 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
22:18:14.0927 10212 SENS - ok
22:18:14.0943 10212 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
22:18:14.0982 10212 SensrSvc - ok
22:18:15.0009 10212 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
22:18:15.0038 10212 Serenum - ok
22:18:15.0068 10212 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
22:18:15.0083 10212 Serial - ok
22:18:15.0121 10212 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
22:18:15.0148 10212 sermouse - ok
22:18:15.0179 10212 ServiceLayer (f31e9531af225ca25350d5e87e999b31) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
22:18:15.0199 10212 ServiceLayer - ok
22:18:15.0233 10212 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
22:18:15.0259 10212 SessionEnv - ok
22:18:15.0293 10212 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
22:18:15.0333 10212 sffdisk - ok
22:18:15.0349 10212 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
22:18:15.0379 10212 sffp_mmc - ok
22:18:15.0387 10212 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
22:18:15.0406 10212 sffp_sd - ok
22:18:15.0422 10212 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
22:18:15.0436 10212 sfloppy - ok
22:18:15.0478 10212 Sftfs (d9b734638dd8dba9d59aad3189cd0fad) C:\Windows\system32\DRIVERS\Sftfslh.sys
22:18:15.0497 10212 Sftfs - ok
22:18:15.0676 10212 sftlist (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
22:18:15.0696 10212 sftlist - ok
22:18:15.0718 10212 Sftplay (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\Windows\system32\DRIVERS\Sftplaylh.sys
22:18:15.0731 10212 Sftplay - ok
22:18:15.0753 10212 Sftredir (518bac0179f94304f422696b47c0ec12) C:\Windows\system32\DRIVERS\Sftredirlh.sys
22:18:15.0762 10212 Sftredir - ok
22:18:15.0781 10212 Sftvol (747325236d88b3f05ffd27ff9ec711c5) C:\Windows\system32\DRIVERS\Sftvollh.sys
22:18:15.0791 10212 Sftvol - ok
22:18:15.0808 10212 sftvsa (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
22:18:15.0821 10212 sftvsa - ok
22:18:15.0874 10212 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
22:18:15.0918 10212 SharedAccess - ok
22:18:15.0954 10212 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
22:18:15.0981 10212 ShellHWDetection - ok
22:18:16.0018 10212 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
22:18:16.0030 10212 sisagp - ok
22:18:16.0055 10212 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:18:16.0068 10212 SiSRaid2 - ok
22:18:16.0079 10212 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
22:18:16.0091 10212 SiSRaid4 - ok
22:18:16.0128 10212 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
22:18:16.0171 10212 Smb - ok
22:18:16.0204 10212 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
22:18:16.0228 10212 SNMPTRAP - ok
22:18:16.0449 10212 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
22:18:16.0458 10212 spldr - ok
22:18:16.0506 10212 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
22:18:16.0582 10212 Spooler - ok
22:18:16.0661 10212 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
22:18:16.0712 10212 sppsvc - ok
22:18:16.0770 10212 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
22:18:16.0810 10212 sppuinotify - ok
22:18:16.0830 10212 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
22:18:16.0864 10212 srv - ok
22:18:16.0875 10212 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
22:18:16.0903 10212 srv2 - ok
22:18:16.0913 10212 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
22:18:16.0933 10212 srvnet - ok
22:18:16.0954 10212 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
22:18:16.0994 10212 SSDPSRV - ok
22:18:17.0010 10212 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
22:18:17.0056 10212 SstpSvc - ok
22:18:17.0212 10212 Steam Client Service - ok
22:18:17.0244 10212 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
22:18:17.0256 10212 stexstor - ok
22:18:17.0304 10212 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
22:18:17.0328 10212 StiSvc - ok
22:18:17.0366 10212 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
22:18:17.0378 10212 swenum - ok
22:18:17.0454 10212 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
22:18:17.0510 10212 swprv - ok
22:18:17.0562 10212 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
22:18:17.0629 10212 SysMain - ok
22:18:17.0668 10212 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
22:18:17.0687 10212 TabletInputService - ok
22:18:17.0739 10212 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
22:18:17.0781 10212 TapiSrv - ok
22:18:17.0813 10212 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
22:18:17.0852 10212 TBS - ok
22:18:17.0897 10212 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
22:18:17.0929 10212 Tcpip - ok
22:18:17.0991 10212 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
22:18:18.0017 10212 TCPIP6 - ok
22:18:18.0046 10212 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
22:18:18.0071 10212 tcpipreg - ok
22:18:18.0128 10212 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
22:18:18.0157 10212 TDPIPE - ok
22:18:18.0192 10212 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
22:18:18.0213 10212 TDTCP - ok
22:18:18.0251 10212 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
22:18:18.0288 10212 tdx - ok
22:18:18.0308 10212 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
22:18:18.0320 10212 TermDD - ok
22:18:18.0359 10212 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
22:18:18.0391 10212 TermService - ok
22:18:18.0407 10212 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
22:18:18.0423 10212 Themes - ok
22:18:18.0451 10212 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
22:18:18.0476 10212 THREADORDER - ok
22:18:18.0506 10212 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
22:18:18.0533 10212 TrkWks - ok
22:18:18.0576 10212 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
22:18:18.0614 10212 TrustedInstaller - ok
22:18:18.0636 10212 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:18:18.0671 10212 tssecsrv - ok
22:18:18.0726 10212 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
22:18:18.0752 10212 TsUsbFlt - ok
22:18:18.0914 10212 TuneUp.UtilitiesSvc (60c6ac47323c81712896c5c8c7974dd1) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
22:18:18.0945 10212 TuneUp.UtilitiesSvc - ok
22:18:18.0995 10212 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
22:18:19.0006 10212 TuneUpUtilitiesDrv - ok
22:18:19.0046 10212 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
22:18:19.0088 10212 tunnel - ok
22:18:19.0108 10212 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
22:18:19.0120 10212 uagp35 - ok
22:18:19.0154 10212 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
22:18:19.0201 10212 udfs - ok
22:18:19.0222 10212 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
22:18:19.0237 10212 UI0Detect - ok
22:18:19.0257 10212 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
22:18:19.0269 10212 uliagpkx - ok
22:18:19.0323 10212 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
22:18:19.0349 10212 umbus - ok
22:18:19.0378 10212 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
22:18:19.0407 10212 UmPass - ok
22:18:19.0435 10212 Update-Service (1cb3bcf37667867a2db0f68c34c25b8f) C:\Windows\System32\UpdSvc.dll
22:18:19.0448 10212 Update-Service - ok
22:18:19.0473 10212 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
22:18:19.0537 10212 upnphost - ok
22:18:19.0592 10212 upperdev (47f5f9d837d80ffd5882a14db9da0a67) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
22:18:19.0628 10212 upperdev - ok
22:18:19.0673 10212 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
22:18:19.0705 10212 usbaudio - ok
22:18:19.0722 10212 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
22:18:19.0749 10212 usbccgp - ok
22:18:19.0778 10212 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
22:18:19.0806 10212 usbcir - ok
22:18:19.0824 10212 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
22:18:19.0837 10212 usbehci - ok
22:18:19.0850 10212 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
22:18:19.0878 10212 usbhub - ok
22:18:19.0897 10212 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
22:18:19.0912 10212 usbohci - ok
22:18:19.0927 10212 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
22:18:19.0942 10212 usbprint - ok
22:18:19.0996 10212 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\DRIVERS\usbser.sys
22:18:20.0023 10212 usbser - ok
22:18:20.0040 10212 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:18:20.0095 10212 USBSTOR - ok
22:18:20.0102 10212 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
22:18:20.0128 10212 usbuhci - ok
22:18:20.0143 10212 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
22:18:20.0167 10212 UxSms - ok
22:18:20.0236 10212 UxTuneUp (28d6e820ec76c3a412d638906b840ca9) C:\Windows\System32\uxtuneup.dll
22:18:20.0373 10212 UxTuneUp - ok
22:18:20.0401 10212 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
22:18:20.0414 10212 VaultSvc - ok
22:18:20.0450 10212 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
22:18:20.0461 10212 vdrvroot - ok
22:18:20.0507 10212 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
22:18:20.0557 10212 vds - ok
22:18:20.0580 10212 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
22:18:20.0596 10212 vga - ok
22:18:20.0637 10212 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
22:18:20.0663 10212 VgaSave - ok
22:18:20.0683 10212 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
22:18:20.0697 10212 vhdmp - ok
22:18:20.0735 10212 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
22:18:20.0747 10212 viaagp - ok
22:18:20.0772 10212 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
22:18:20.0787 10212 ViaC7 - ok
22:18:20.0808 10212 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
22:18:20.0820 10212 viaide - ok
22:18:20.0840 10212 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
22:18:20.0851 10212 volmgr - ok
22:18:20.0862 10212 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
22:18:20.0876 10212 volmgrx - ok
22:18:20.0887 10212 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
22:18:20.0901 10212 volsnap - ok
22:18:20.0927 10212 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
22:18:20.0941 10212 vsmraid - ok
22:18:20.0999 10212 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
22:18:21.0037 10212 VSS - ok
22:18:21.0194 10212 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
22:18:21.0213 10212 vToolbarUpdater10.2.0 - ok
22:18:21.0228 10212 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
22:18:21.0243 10212 vwifibus - ok
22:18:21.0367 10212 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
22:18:21.0438 10212 vwififlt - ok
22:18:21.0482 10212 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
22:18:21.0527 10212 W32Time - ok
22:18:21.0544 10212 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
22:18:21.0558 10212 WacomPen - ok
22:18:21.0588 10212 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:18:21.0613 10212 WANARP - ok
22:18:21.0616 10212 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
22:18:21.0639 10212 Wanarpv6 - ok
22:18:21.0693 10212 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
22:18:21.0727 10212 WatAdminSvc - ok
22:18:21.0757 10212 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
22:18:21.0808 10212 wbengine - ok
22:18:21.0823 10212 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
22:18:21.0858 10212 WbioSrvc - ok
22:18:21.0885 10212 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
22:18:21.0915 10212 wcncsvc - ok
22:18:21.0938 10212 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
22:18:21.0984 10212 WcsPlugInService - ok
22:18:21.0997 10212 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
22:18:22.0009 10212 Wd - ok
22:18:22.0032 10212 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
22:18:22.0049 10212 Wdf01000 - ok
22:18:22.0062 10212 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:18:22.0121 10212 WdiServiceHost - ok
22:18:22.0124 10212 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
22:18:22.0140 10212 WdiSystemHost - ok
22:18:22.0164 10212 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
22:18:22.0201 10212 WebClient - ok
22:18:22.0218 10212 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
22:18:22.0246 10212 Wecsvc - ok
22:18:22.0254 10212 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
22:18:22.0283 10212 wercplsupport - ok
22:18:22.0335 10212 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
22:18:22.0363 10212 WerSvc - ok
22:18:22.0423 10212 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
22:18:22.0461 10212 WfpLwf - ok
22:18:22.0501 10212 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
22:18:22.0513 10212 WIMMount - ok
22:18:22.0574 10212 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
22:18:22.0599 10212 WinDefend - ok
22:18:22.0603 10212 WinHttpAutoProxySvc - ok
22:18:22.0666 10212 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
22:18:22.0729 10212 Winmgmt - ok
22:18:22.0756 10212 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
22:18:22.0807 10212 WinRM - ok
22:18:22.0879 10212 WinUSB (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
22:18:22.0908 10212 WinUSB - ok
22:18:22.0938 10212 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
22:18:22.0987 10212 Wlansvc - ok
22:18:23.0138 10212 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:18:23.0149 10212 wlcrasvc - ok
22:18:23.0211 10212 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:18:23.0253 10212 wlidsvc - ok
22:18:23.0284 10212 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
22:18:23.0296 10212 WmiAcpi - ok
22:18:23.0339 10212 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
22:18:23.0355 10212 wmiApSrv - ok
22:18:23.0413 10212 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
22:18:23.0470 10212 WMPNetworkSvc - ok
22:18:23.0502 10212 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
22:18:23.0533 10212 WPCSvc - ok
22:18:23.0570 10212 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
22:18:23.0645 10212 WPDBusEnum - ok
22:18:23.0677 10212 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
22:18:23.0703 10212 ws2ifsl - ok
22:18:23.0723 10212 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
22:18:23.0740 10212 wscsvc - ok
22:18:23.0747 10212 WSearch - ok
22:18:23.0808 10212 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
22:18:23.0878 10212 wuauserv - ok
22:18:23.0917 10212 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
22:18:23.0959 10212 WudfPf - ok
22:18:23.0983 10212 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:18:24.0026 10212 WUDFRd - ok
22:18:24.0063 10212 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
22:18:24.0112 10212 wudfsvc - ok
22:18:24.0136 10212 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
22:18:24.0193 10212 WwanSvc - ok
22:18:24.0238 10212 XDva351 - ok
22:18:24.0275 10212 MBR (0x1B8) (5d949eea3beec2df38a2d7900ad89a60) \Device\Harddisk0\DR0
22:18:26.0061 10212 \Device\Harddisk0\DR0 - ok
22:18:26.0084 10212 Boot (0x1200) (4ba4fab1ab1bb0938c5ce8ca9a40ec46) \Device\Harddisk0\DR0\Partition0
22:18:26.0085 10212 \Device\Harddisk0\DR0\Partition0 - ok
22:18:26.0092 10212 Boot (0x1200) (6906c902f0e51af117d14bdf3646a777) \Device\Harddisk0\DR0\Partition1
22:18:26.0093 10212 \Device\Harddisk0\DR0\Partition1 - ok
22:18:26.0117 10212 Boot (0x1200) (4a6508facea94b9fcabe01bdc850863e) \Device\Harddisk0\DR0\Partition2
22:18:26.0118 10212 \Device\Harddisk0\DR0\Partition2 - ok
22:18:26.0119 10212 ============================================================
22:18:26.0119 10212 Scan finished
22:18:26.0119 10212 ============================================================
22:18:26.0125 8876 Detected object count: 2
22:18:26.0125 8876 Actual detected object count: 2
22:18:50.0672 8876 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:50.0672 8876 BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:18:50.0672 8876 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:18:50.0672 8876 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 13.04.2012, 16:45   #12
markusg
/// Malware-holic
 
Trojan.Win32.Mediyes - Standard

Trojan.Win32.Mediyes



hi, auf der vorhergehenden seite sagst du auf meine frage, obs meldungen gibt, nein, zumindest beim hochfahren nicht.
ich muss also noch mal blöd nachfragen, gibt es überhaupt meldungen oder nicht mehr
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.04.2012, 18:41   #13
Laurana
 
Trojan.Win32.Mediyes - Standard

Trojan.Win32.Mediyes



nein, momentan gibt es keine meldungen mehr.

Alt 14.04.2012, 17:40   #14
markusg
/// Malware-holic
 
Trojan.Win32.Mediyes - Standard

Trojan.Win32.Mediyes



ok,

lade den CCleaner standard:
CCleaner Download - CCleaner 3.17.1689
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Trojan.Win32.Mediyes
c:\windows, datei, desinfektion, desinfizieren, emsisoft, entdeck, entdeckt, erkenn, erkennt, folge, folgender, hochfahren, hängt, immer wieder, kis, löschen, schlägt, superantispyware, system, system32, trace.registry.seo, troja, trojaner, windows



Ähnliche Themen: Trojan.Win32.Mediyes


  1. 2 Trojaner eingefangen durch E-Mail-Anhänge // Trojan-Banker.Win32.Agent.ubo und Trojan.Win32.Yakes.ghny
    Log-Analyse und Auswertung - 19.07.2015 (28)
  2. ZoneArlarm scan ergab u.a. HEUR:Trojan.Win32.Generic , Trojan.Win32.Agent.aeqtk
    Log-Analyse und Auswertung - 11.02.2014 (9)
  3. Kaspersky findet Backdoor.Win32.Zaccess, Trojan-Ransom.Win32.Gimeno, Trojan.Win32.Inject
    Log-Analyse und Auswertung - 01.02.2014 (17)
  4. Windows 8.1: Trojan:Win32/Meredrop, Trojan:Win32/Malagent, Trojan:Win32/Matsnu.L und Worm:Win32/Ainslot.A
    Log-Analyse und Auswertung - 19.01.2014 (5)
  5. Desinfizierung durch Kaspersky nicht möglich: Trojan.Win32.Bromngr.k, HEUR:Trojan.Win32.Generic, Trojan-Downloader.Win32.MultiDL.I
    Plagegeister aller Art und deren Bekämpfung - 28.11.2013 (1)
  6. trojan: win32/mediyes.E löschen - wie?
    Plagegeister aller Art und deren Bekämpfung - 17.08.2013 (8)
  7. Trojan.Win32.Mediyes Nachwehen
    Plagegeister aller Art und deren Bekämpfung - 06.06.2013 (13)
  8. Verschlüsselungs-Trojaner: Trojan.Win32.Yakes.bshd, Trojan.Win32.Bublik.abyj
    Plagegeister aller Art und deren Bekämpfung - 25.01.2013 (1)
  9. Win32/Kryptik.AOOB trojan / Win32/Ponmocup.AA trojan entfernen ?
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (7)
  10. Virenfund: Trojan.Win32.zapchast.acwq und Trojan.Win32.small.bmrh
    Plagegeister aller Art und deren Bekämpfung - 17.08.2012 (27)
  11. Trojan.Win32.Mediyes.cng
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (1)
  12. Trojan.Win32.Mediyes, Netzlaufwerke (Nas) werden nicht mehr erkannt
    Plagegeister aller Art und deren Bekämpfung - 22.05.2012 (10)
  13. Trojan:Win32/Alureon.FL | PWS:Win32/Fareit.A | Trojan:Win32/Sirefef.P....Auch MBR infiziert?
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (7)
  14. Mehrere Viren u.a. Trojan-Dropper.Win32.FrauDrop.bdq, Trojan.Win32.Generic
    Log-Analyse und Auswertung - 13.09.2010 (5)
  15. Trojan.Win32.Agent.delx ; Trojan-Downloader.Win32.Agent.bvst; HackTool.Win32.Kiser.fb
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (3)
  16. Trojan-Spy.Win32.Pophot.gzv / Trojan.Win32.Buzus.alwl / Virus.Win32.Virut.ce
    Plagegeister aller Art und deren Bekämpfung - 19.02.2009 (1)
  17. brauch hilfe bei: Win32/Oleloa.gen!, Trojan.Win32.Golid.g, Trojan.Win32.Small.ev
    Plagegeister aller Art und deren Bekämpfung - 29.11.2005 (1)

Zum Thema Trojan.Win32.Mediyes - Hallo! Kaspersky hat bei mir einen Trojaner (eigentlich 6 Stk) entdeckt: Trojan.Wind32.Mediyes der an folgender Datei dran hängt: C:\Windows\System32\aptw78cyn.dll. KIS erkennt sie zwar immer wieder mal beim hochfahren und schlägt - Trojan.Win32.Mediyes...
Archiv
Du betrachtest: Trojan.Win32.Mediyes auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.