Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.05.2012, 17:24   #1
Graf Fitsch
 
ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi - Standard

ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi



Hallo!
Wie im Titel beschrieben hatte ich folgenden Fund bei Avira. Habe ihn in Quarantäne verschoben. Danach habe ich noch Malwarebytes laufen lassen. Im Nahang ist das Log davon sowie die DDS und attach Dateien. Hier im Beitrag noch das Avira Log. Ich hoffe es kann jemand helfen bei der Auswertung.
Danke und Gruß
Graf Fitsch

Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 3. Mai 2012  15:44
 
Es wird nach 3731602 Virenstämmen gesucht.
 
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
 
Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : MACHINE
 
Versionsinformationen:
BUILD.DAT      : 12.0.0.898     41963 Bytes  31.01.2012 13:51:00
AVSCAN.EXE     : 12.1.0.20     492496 Bytes  15.02.2012 20:04:06
AVSCAN.DLL     : 12.1.0.18      65744 Bytes  15.02.2012 20:04:05
LUKE.DLL       : 12.1.0.19      68304 Bytes  15.02.2012 20:04:06
AVSCPLR.DLL    : 12.1.0.22     100048 Bytes  15.02.2012 20:04:07
AVREG.DLL      : 12.1.0.36     229128 Bytes  05.04.2012 17:19:17
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 19:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 10:07:39
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 18:33:28
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 16:24:40
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 13:22:23
VBASE005.VDF   : 7.11.26.45      2048 Bytes  28.03.2012 13:22:23
VBASE006.VDF   : 7.11.26.46      2048 Bytes  28.03.2012 13:22:23
VBASE007.VDF   : 7.11.26.47      2048 Bytes  28.03.2012 13:22:23
VBASE008.VDF   : 7.11.26.48      2048 Bytes  28.03.2012 13:22:23
VBASE009.VDF   : 7.11.26.49      2048 Bytes  28.03.2012 13:22:24
VBASE010.VDF   : 7.11.26.50      2048 Bytes  28.03.2012 13:22:24
VBASE011.VDF   : 7.11.26.51      2048 Bytes  28.03.2012 13:22:24
VBASE012.VDF   : 7.11.26.52      2048 Bytes  28.03.2012 13:22:24
VBASE013.VDF   : 7.11.26.53      2048 Bytes  28.03.2012 13:22:24
VBASE014.VDF   : 7.11.26.107   221696 Bytes  30.03.2012 08:53:16
VBASE015.VDF   : 7.11.26.179   224768 Bytes  02.04.2012 19:19:06
VBASE016.VDF   : 7.11.26.241   142336 Bytes  04.04.2012 19:19:07
VBASE017.VDF   : 7.11.27.41    247808 Bytes  08.04.2012 20:34:11
VBASE018.VDF   : 7.11.27.107   161280 Bytes  12.04.2012 16:35:13
VBASE019.VDF   : 7.11.27.159   148992 Bytes  13.04.2012 16:35:14
VBASE020.VDF   : 7.11.27.201   207360 Bytes  17.04.2012 16:37:03
VBASE021.VDF   : 7.11.28.3     237568 Bytes  19.04.2012 16:38:27
VBASE022.VDF   : 7.11.28.49    193536 Bytes  20.04.2012 17:28:33
VBASE023.VDF   : 7.11.28.99    195072 Bytes  23.04.2012 13:20:59
VBASE024.VDF   : 7.11.28.133   247808 Bytes  24.04.2012 13:34:22
VBASE025.VDF   : 7.11.28.183   186880 Bytes  26.04.2012 13:40:01
VBASE026.VDF   : 7.11.28.235   166400 Bytes  30.04.2012 15:52:13
VBASE027.VDF   : 7.11.28.236     2048 Bytes  30.04.2012 15:52:13
VBASE028.VDF   : 7.11.28.237     2048 Bytes  30.04.2012 15:52:13
VBASE029.VDF   : 7.11.28.238     2048 Bytes  30.04.2012 15:52:13
VBASE030.VDF   : 7.11.28.239     2048 Bytes  30.04.2012 15:52:13
VBASE031.VDF   : 7.11.29.12    120320 Bytes  02.05.2012 15:52:14
Engineversion  : 8.2.10.58 
AEVDF.DLL      : 8.1.2.2       106868 Bytes  16.11.2011 07:07:45
AESCRIPT.DLL   : 8.1.4.18      455034 Bytes  27.04.2012 13:40:12
AESCN.DLL      : 8.1.8.2       131444 Bytes  29.01.2012 16:15:08
AESBX.DLL      : 8.2.5.5       606579 Bytes  12.03.2012 15:42:34
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 22:16:06
AEPACK.DLL     : 8.2.16.9      807287 Bytes  01.04.2012 08:53:24
AEOFFICE.DLL   : 8.1.2.28      201082 Bytes  27.04.2012 13:40:07
AEHEUR.DLL     : 8.1.4.21     4682102 Bytes  27.04.2012 13:40:03
AEHELP.DLL     : 8.1.20.0      254326 Bytes  27.04.2012 13:39:10
AEGEN.DLL      : 8.1.5.28      422260 Bytes  27.04.2012 13:39:07
AEEXP.DLL      : 8.1.0.33       82293 Bytes  27.04.2012 13:40:13
AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 22:46:01
AECORE.DLL     : 8.1.25.6      201078 Bytes  18.03.2012 11:22:24
AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 22:46:01
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  19.10.2011 15:55:51
AVPREF.DLL     : 12.1.0.17      51920 Bytes  19.10.2011 15:55:48
AVREP.DLL      : 12.1.0.17     179408 Bytes  19.10.2011 15:55:49
AVARKT.DLL     : 12.1.0.23     209360 Bytes  15.02.2012 20:04:05
AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  19.10.2011 15:55:47
SQLITE3.DLL    : 3.7.0.0       398288 Bytes  19.10.2011 15:56:03
AVSMTP.DLL     : 12.1.0.17      62928 Bytes  19.10.2011 15:55:50
NETNT.DLL      : 12.1.0.17      17104 Bytes  19.10.2011 15:55:59
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  19.10.2011 15:56:14
RCTEXT.DLL     : 12.1.0.16      98512 Bytes  19.10.2011 15:56:14
 
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +PFS,
 
Beginn des Suchlaufs: Donnerstag, 3. Mai 2012  15:44
 
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
 
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
 
Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_USERS\S-1-5-21-1061521033-2538895874-2535044014-1001\Software\ATI\ACE\Settings\Runtime\Runtime Platform Caste HotKey ProcTime
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-1061521033-2538895874-2535044014-1001\Software\ATI\ACE\Settings\Runtime\Runtime Platform Caste HotKey ProcTime
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Thread
  [HINWEIS]   Ein Systemthread ist nicht sichtbar.
Versteckter Treiber
  [HINWEIS]   Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.
 
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'plugin-container.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'NASvc.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'Crossrider.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'mscorsvw.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'CooLSrv.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '42' Modul(e) wurden durchsucht
 
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Windows\Sysnative\drivers\sptd.sys
  [WARNUNG]   Die Datei konnte nicht geöffnet werden!
Die Registry wurde durchsucht ( '705' Dateien ).
 
 
Der Suchlauf über die ausgewählten Dateien wird begonnen:
 
Beginne mit der Suche in 'C:\' <Main>
C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi
  [FUND]      Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Bho.GamePla.F
 
Beginne mit der Desinfektion:
C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi
  [FUND]      Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Bho.GamePla.F
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56d4122b.qua' verschoben!
 
 
Ende des Suchlaufs: Donnerstag, 3. Mai 2012  18:32
Benötigte Zeit:  1:28:18 Stunde(n)
 
Der Suchlauf wurde vollständig durchgeführt.
 
  39082 Verzeichnisse wurden überprüft
 780552 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      1 Dateien konnten nicht durchsucht werden
 780550 Dateien ohne Befall
   9764 Archive wurden durchsucht
      1 Warnungen
     67 Hinweise
 676648 Objekte wurden beim Rootkitscan durchsucht
     67 Versteckte Objekte wurden gefunden
         
Hier auch noch das, was der Defogger ausgespuckt hat.

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:36 on 04/05/2012 (Graf Fitsch)
 
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
 
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
 
 
-=E.O.F=-
         
Hallo!
Wollte hiermit nochmal an mein Problem erinnern. Kann irgendjemand was zu dem Fund oder den Logs sagen? Avira hat komischerweise über den Fund selbst keine Informationen.

Gruß
Graf Fitsch

Gar keiner?

Alt 19.05.2012, 13:05   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi - Standard

ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi



Zitat:
03.05.2012 19:11:32
Den Scan hast du schon am 3. Mai gemacht?

Bitte einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 20.05.2012, 14:19   #3
Graf Fitsch
 
ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi - Standard

ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi



Hallo!

Erstmal danke für die Antwort!
Im Folgenden die Logs von Malwarebytes und Eset.

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.20.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Graf Fitsch :: MACHINE [Administrator]

Schutz: Aktiviert

20.05.2012 12:17:21
mbam-log-2012-05-20 (12-17-21).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 446959
Laufzeit: 53 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5b9cd0b71eedcf4d87f180eb5307431d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-20 01:15:50
# local_time=2012-05-20 03:15:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 16088864 16088864 0 0
# compatibility_mode=5893 16776573 100 94 648466 89142292 0 0
# compatibility_mode=8192 67108863 100 0 3120 3120 0 0
# scanned=234804
# found=5
# cleaned=0
# scan_time=7307
C:\Users\Graf Fitsch\AppData\Local\Mozilla\Firefox\Profiles\7ibj1u0y.default\Cache\6\F2\75097d01	HTML/ScrInject.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
C:\Users\Graf Fitsch\AppData\Local\Mozilla\Firefox\Profiles\7ibj1u0y.default\Cache\B\0C\211FEd01	HTML/ScrInject.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
C:\Users\Graf Fitsch\AppData\Local\Mozilla\Firefox\Profiles\7ibj1u0y.default\Cache\D\6A\81C60d01	HTML/ScrInject.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
C:\Users\Graf Fitsch\AppData\Local\Mozilla\Firefox\Profiles\7ibj1u0y.default\Cache\E\48\63D17d01	HTML/ScrInject.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
C:\Users\Graf Fitsch\AppData\Local\Temp\NERO1005263\unit_app_75\Toolbar.exe	Win32/Toolbar.AskSBar application (unable to clean)	00000000000000000000000000000000	I
         
Wie ist denn mit den Funden bei Eset umzugehen?

Gruß Matthias
__________________

Alt 20.05.2012, 20:37   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi - Standard

ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Alt 20.05.2012, 20:55   #5
Graf Fitsch
 
ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi - Standard

ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi



Hallo!

Windows startet normal und im Startmenü scheint alles normal zu sein.


Alt 20.05.2012, 20:56   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi - Standard

ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi

Alt 20.05.2012, 21:26   #7
Graf Fitsch
 
ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi - Standard

ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi



So hier das OTL-Log.

Code:
ATTFilter
OTL logfile created on: 20.05.2012 22:15:59 - Run 1
OTL by OldTimer - Version 3.2.43.0     Folder = C:\Users\Graf Fitsch\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 80,41% Memory free
16,00 Gb Paging File | 13,95 Gb Available in Paging File | 87,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 91,03 Gb Free Space | 15,27% Space Free | Partition Type: NTFS
 
Computer Name: MACHINE | User Name: Graf Fitsch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.20 22:09:27 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Graf Fitsch\Desktop\OTL.exe
PRC - [2012.05.08 20:41:10 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 20:41:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 20:41:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.01 18:11:48 | 000,743,936 | ---- | M] () -- C:\Program Files (x86)\CPUCooL\CooLSRV.exe
PRC - [2011.11.30 12:32:12 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2011.05.16 00:01:44 | 000,478,720 | ---- | M] (Crossrider) -- C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.16 19:01:40 | 000,530,216 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.08 20:41:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 20:41:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.05 22:03:09 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.02 18:26:30 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.01 18:11:48 | 000,743,936 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CPUCooL\CooLSRV.exe -- (CPUCooLServer)
SRV - [2011.09.23 19:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 20:41:10 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 20:41:10 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.12.08 06:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.12.08 06:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.12.08 06:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011.10.19 17:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.06 17:14:42 | 000,145,008 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010.11.11 21:12:02 | 000,019,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ntiopnp.sys -- (ntiopnp)
DRV:64bit: - [2010.11.09 16:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010.09.06 09:19:54 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.07.08 13:37:35 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.11.04 19:22:18 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.11.04 19:22:17 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.09.11 21:49:18 | 000,076,552 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009.09.11 21:49:08 | 000,015,880 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009.09.11 21:48:46 | 000,041,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009.09.11 21:48:36 | 000,026,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:32:37 | 001,627,520 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ph3xIB64.sys -- (Ph3xIB64)
DRV:64bit: - [2009.06.10 22:31:59 | 001,192,448 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.09.17 15:14:00 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Entech64.sys -- (ENTECH64)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2011.06.07 11:13:36 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.12.01 21:06:31 | 000,125,512 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.10.14 18:25:38 | 000,023,080 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.11.04 12:52:49 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009.08.28 12:26:52 | 000,022,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\DScaler\DSDrv4amd64.sys -- (DSDrv4AMD64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1061521033-2538895874-2535044014-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1061521033-2538895874-2535044014-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1061521033-2538895874-2535044014-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 57 0D D4 01 32 CD 01  [binary data]
IE - HKU\S-1-5-21-1061521033-2538895874-2535044014-1001\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKU\S-1-5-21-1061521033-2538895874-2535044014-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1061521033-2538895874-2535044014-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1061521033-2538895874-2535044014-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://forum.stuttgarter-nachrichten.de/forum/viewforum.php?f=4"
FF - prefs.js..extensions.enabledItems: {9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}:3.0.5
FF - prefs.js..extensions.enabledItems: optout@google.com:1.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.4
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.8
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011.07.03 14:06:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.02 18:26:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.29 18:09:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Graf Fitsch\AppData\Roaming\IDM\idmmzcc5 [2012.01.01 16:33:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Graf Fitsch\AppData\Roaming\Mozilla\Firefox\Profiles\7ibj1u0y.default\extensions\mail@shopping-preise.de [2012.04.08 00:23:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Graf Fitsch\AppData\Roaming\IDM\idmmzcc5 [2012.01.01 16:33:56 | 000,000,000 | ---D | M]
 
[2009.11.04 00:28:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Graf Fitsch\AppData\Roaming\mozilla\Extensions
[2012.04.08 00:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Graf Fitsch\AppData\Roaming\mozilla\Firefox\Profiles\7ibj1u0y.default\extensions
[2011.06.06 07:03:14 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Users\Graf Fitsch\AppData\Roaming\mozilla\Firefox\Profiles\7ibj1u0y.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
[2009.12.09 14:17:48 | 000,000,000 | ---D | M] (CookieSafe) -- C:\Users\Graf Fitsch\AppData\Roaming\mozilla\Firefox\Profiles\7ibj1u0y.default\extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD}
[2011.08.31 11:45:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Graf Fitsch\AppData\Roaming\mozilla\Firefox\Profiles\7ibj1u0y.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.09.16 21:21:54 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Graf Fitsch\AppData\Roaming\mozilla\Firefox\Profiles\7ibj1u0y.default\extensions\firefox@tvunetworks.com
[2012.04.08 00:23:37 | 000,000,000 | ---D | M] (Shopping-preise.de) -- C:\Users\Graf Fitsch\AppData\Roaming\mozilla\Firefox\Profiles\7ibj1u0y.default\extensions\mail@shopping-preise.de
[2012.05.02 18:26:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.02.19 13:15:35 | 000,345,405 | ---- | M] () (No name found) -- C:\USERS\GRAF FITSCH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7IBJ1U0Y.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012.02.21 12:47:43 | 000,520,201 | ---- | M] () (No name found) -- C:\USERS\GRAF FITSCH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7IBJ1U0Y.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012.01.11 10:51:36 | 000,292,116 | ---- | M] () (No name found) -- C:\USERS\GRAF FITSCH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7IBJ1U0Y.DEFAULT\EXTENSIONS\{AD48108D-92A6-4EB9-87E4-978ACA1DBAE4}.XPI
[2012.02.14 11:44:00 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\GRAF FITSCH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7IBJ1U0Y.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.07.30 19:48:48 | 000,008,363 | ---- | M] () (No name found) -- C:\USERS\GRAF FITSCH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7IBJ1U0Y.DEFAULT\EXTENSIONS\OPTOUT@GOOGLE.COM.XPI
[2012.05.02 18:26:30 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.06 19:33:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.06 19:33:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.06 19:33:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.06 19:33:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.06 19:33:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.06 19:33:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1061521033-2538895874-2535044014-1001..\Run: [CrossRiderPlugin] C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe (Crossrider)
O4 - HKU\S-1-5-21-1061521033-2538895874-2535044014-1001..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Graf Fitsch\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Graf Fitsch\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download aller Links mit IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download mit IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Graf Fitsch\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Graf Fitsch\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDBF1E65-C14E-44DA-A08E-7A717711ECBA}: NameServer = 62.109.123.197 213.191.74.19
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.03 21:07:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{092cce5a-c8c1-11de-8ce9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{092cce5a-c8c1-11de-8ce9-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{61afbd99-3b14-11df-8fb2-ae7b50358787}\Shell - "" = AutoRun
O33 - MountPoints2\{61afbd99-3b14-11df-8fb2-ae7b50358787}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{61afbda6-3b14-11df-8fb2-ae7b50358787}\Shell - "" = AutoRun
O33 - MountPoints2\{61afbda6-3b14-11df-8fb2-ae7b50358787}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{66c28994-8a86-11df-95d9-ff5804a70ae0}\Shell - "" = AutoRun
O33 - MountPoints2\{66c28994-8a86-11df-95d9-ff5804a70ae0}\Shell\AutoRun\command - "" = H:\ff9pcsx.d3u5.exe
O33 - MountPoints2\{ad59aa7f-c8c6-11de-bb00-00241dd481aa}\Shell - "" = AutoRun
O33 - MountPoints2\{ad59aa7f-c8c6-11de-bb00-00241dd481aa}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{bb30ef82-3bdf-11df-b3c5-e61414f955fe}\Shell - "" = AutoRun
O33 - MountPoints2\{bb30ef82-3bdf-11df-b3c5-e61414f955fe}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: CrossRiderPlugin - hkey= - key= - C:\Program Files (x86)\CrossriderWebApps\Crossrider.exe (Crossrider)
MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: Logitech Download Assistant - hkey= - key= - C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Windows\SysWOW64\NeroCheck.exe (Ahead Software Gmbh)
MsConfig:64bit - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig:64bit - StartUpReg: RivaTuner - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: RivaTunerStartupDaemon - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Start WingMan Profiler - hkey= - key= - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: Xvid - hkey= - key= - C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.XVID - xvidvfw.dll ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.RTV1 - C:\Windows\SysWow64\rtvcvfw32.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.20 22:09:23 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Graf Fitsch\Desktop\OTL.exe
[2012.05.20 12:22:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.20 12:21:38 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Graf Fitsch\Desktop\esetsmartinstaller_enu.exe
[2012.05.13 23:17:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.05.13 23:17:13 | 000,000,000 | ---D | C] -- C:\Users\Graf Fitsch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2012.05.13 23:17:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2012.05.12 19:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.05.12 19:53:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.05.12 19:53:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.05.12 19:53:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.05.12 19:02:15 | 000,000,000 | ---D | C] -- C:\Users\Graf Fitsch\AppData\Local\Risen2
[2012.05.12 18:53:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.05.03 19:09:31 | 000,000,000 | ---D | C] -- C:\Users\Graf Fitsch\AppData\Roaming\Malwarebytes
[2012.05.03 19:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.03 19:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.03 19:09:25 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.03 19:09:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.02 18:26:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.05.02 18:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.29 18:09:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.04.29 18:09:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.04.24 15:46:39 | 000,000,000 | ---D | C] -- C:\Users\Graf Fitsch\AppData\Local\Logitech
[2012.04.24 07:58:11 | 000,000,000 | ---D | C] -- C:\Users\Graf Fitsch\Desktop\FFIX
[2012.04.22 22:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3DO
[2012.04.22 22:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\3DO Shared
[2012.04.22 22:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3DO
[2012.04.22 18:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PiranhaBytes
[2012.04.22 18:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.20 22:09:27 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Graf Fitsch\Desktop\OTL.exe
[2012.05.20 22:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.20 21:58:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.20 12:21:40 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Graf Fitsch\Desktop\esetsmartinstaller_enu.exe
[2012.05.20 12:16:31 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.20 12:16:31 | 000,013,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.20 12:13:00 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.20 12:13:00 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.20 12:13:00 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.20 12:13:00 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.20 12:13:00 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.20 12:08:50 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.20 12:08:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.20 12:08:31 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.13 09:05:57 | 000,430,416 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.12 17:38:20 | 000,000,221 | ---- | M] () -- C:\Users\Graf Fitsch\Desktop\Risen 2 - Dark Waters.url
[2012.05.12 17:27:38 | 000,032,531 | ---- | M] () -- C:\Users\Graf Fitsch\Desktop\ConfigDefault.xml
[2012.05.08 20:41:10 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.08 20:41:10 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.04 13:37:00 | 000,000,020 | ---- | M] () -- C:\Users\Graf Fitsch\defogger_reenable
[2012.04.24 18:04:52 | 000,195,185 | ---- | M] () -- C:\Users\Graf Fitsch\Documents\Aufhebungsbestätigung.pdf
[2012.04.24 08:11:00 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.04.24 08:10:46 | 000,001,145 | ---- | M] () -- C:\Users\Graf Fitsch\Desktop\Final Fantasy IX PCSX.lnk
[2012.04.23 23:55:07 | 000,122,693 | ---- | M] () -- C:\Users\Graf Fitsch\Documents\Rebuy Till.odp
[2012.04.22 22:36:36 | 000,002,007 | ---- | M] () -- C:\Users\Public\Desktop\Heroes of Might and Magic IV.lnk
[2012.04.22 18:14:07 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\Gothic.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.13 00:21:17 | 000,032,531 | ---- | C] () -- C:\Users\Graf Fitsch\Desktop\ConfigDefault.xml
[2012.05.12 17:38:20 | 000,000,221 | ---- | C] () -- C:\Users\Graf Fitsch\Desktop\Risen 2 - Dark Waters.url
[2012.05.04 13:36:59 | 000,000,020 | ---- | C] () -- C:\Users\Graf Fitsch\defogger_reenable
[2012.04.24 18:04:51 | 000,195,185 | ---- | C] () -- C:\Users\Graf Fitsch\Documents\Aufhebungsbestätigung.pdf
[2012.04.24 08:10:47 | 000,000,976 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Final Fantasy IX PCSX.lnk
[2012.04.24 08:10:46 | 000,001,145 | ---- | C] () -- C:\Users\Graf Fitsch\Desktop\Final Fantasy IX PCSX.lnk
[2012.04.23 23:55:04 | 000,122,693 | ---- | C] () -- C:\Users\Graf Fitsch\Documents\Rebuy Till.odp
[2012.04.22 22:36:36 | 000,002,007 | ---- | C] () -- C:\Users\Public\Desktop\Heroes of Might and Magic IV.lnk
[2012.04.22 18:14:07 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\Gothic.lnk
[2012.04.08 00:23:36 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.11.15 20:26:10 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.11.10 18:46:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.19 15:03:40 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.08.30 22:14:03 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.08.30 22:14:03 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.06.07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.06.07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.06.07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.06.07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.02.12 12:57:47 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.02.12 12:57:47 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.02.12 12:57:46 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.10.14 14:23:26 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.08.24 18:50:18 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2010.08.24 18:50:18 | 000,000,039 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2010.07.08 19:38:26 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
 
========== LOP Check ==========
 
[2010.02.21 14:40:34 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\.ABC
[2010.02.05 22:03:31 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Amazon
[2010.12.27 22:57:04 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Canneverbe Limited
[2010.07.08 13:49:58 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\DAEMON Tools Lite
[2012.02.20 02:43:31 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\DMCache
[2011.12.17 22:29:23 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\DScaler4
[2012.04.16 16:21:03 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\DVDVideoSoft
[2011.07.08 19:47:21 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.12 22:00:42 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Free Download Manager
[2010.02.22 01:36:31 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\ICQ
[2012.01.01 18:12:52 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\IDM
[2011.11.24 01:30:39 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Might & Magic Heroes VI
[2009.12.09 16:24:27 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\OpenOffice.org
[2011.04.12 09:20:58 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\PhotoScape
[2011.09.01 00:25:55 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\ProtectDISC
[2011.07.06 23:20:23 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung
[2009.11.07 01:03:48 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Software Informer
[2010.12.27 22:57:06 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Uniblue
[2012.04.15 23:47:53 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\uTorrent
[2012.03.05 10:35:37 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.02.21 14:40:34 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\.ABC
[2009.11.08 23:10:09 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Adobe
[2010.02.05 22:03:31 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Amazon
[2011.11.10 18:46:48 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\ATI
[2011.11.16 09:11:48 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Avira
[2010.12.27 22:57:04 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Canneverbe Limited
[2009.11.06 03:45:40 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\CyberLink
[2010.07.08 13:49:58 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\DAEMON Tools Lite
[2010.10.14 15:36:00 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\DivX
[2012.02.20 02:43:31 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\DMCache
[2011.12.17 22:29:23 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\DScaler4
[2011.11.15 20:18:35 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\dvdcss
[2012.04.16 16:21:03 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\DVDVideoSoft
[2011.07.08 19:47:21 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.12 22:00:42 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Free Download Manager
[2010.02.02 19:00:10 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Help
[2010.02.22 01:36:31 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\ICQ
[2009.11.03 23:45:46 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Identities
[2012.01.01 18:12:52 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\IDM
[2009.11.04 17:03:11 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Macromedia
[2012.05.03 19:09:31 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Media Center Programs
[2011.11.20 21:48:36 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Media Player Classic
[2011.12.22 14:21:27 | 000,000,000 | --SD | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Microsoft
[2009.11.05 00:31:34 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Microsoft Web Folders
[2011.11.24 01:30:39 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Might & Magic Heroes VI
[2009.11.04 00:28:22 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Mozilla
[2011.12.11 13:51:38 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Nero
[2011.08.03 12:58:23 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\NVIDIA
[2009.12.09 16:24:27 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\OpenOffice.org
[2011.04.12 09:20:58 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\PhotoScape
[2011.09.01 00:25:55 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\ProtectDISC
[2011.07.06 23:20:23 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung
[2012.04.15 23:13:31 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Skype
[2012.04.15 19:28:18 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\skypePM
[2009.11.07 01:03:48 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Software Informer
[2010.06.11 20:40:32 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\TVU Networks
[2010.12.27 22:57:06 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Uniblue
[2012.04.15 23:47:53 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\uTorrent
[2012.04.15 21:21:35 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\vlc
[2011.12.17 22:29:23 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Winamp
[2010.07.08 13:44:00 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\WinRAR
[2009.11.04 17:02:30 | 000,000,000 | ---D | M] -- C:\Users\Graf Fitsch\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2011.12.22 14:21:27 | 000,088,102 | R--- | M] () -- C:\Users\Graf Fitsch\AppData\Roaming\Microsoft\Installer\{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}\ARPPRODUCTICON.exe
[2011.06.28 07:32:22 | 081,122,288 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\Graf Fitsch\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
[2011.04.29 21:39:59 | 000,188,152 | ---- | M] () -- C:\Users\Graf Fitsch\AppData\Roaming\Mozilla\Firefox\Profiles\7ibj1u0y.default\FlashGot.exe
[2012.03.07 16:07:51 | 000,106,408 | ---- | M] () -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe
[2012.03.07 16:07:52 | 000,101,288 | ---- | M] () -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe
[2012.03.07 16:07:52 | 000,021,416 | ---- | M] () -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe
[2012.03.07 16:04:41 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x64.exe
[2011.09.29 09:19:14 | 000,929,680 | ---- | M] (Samsung) -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2011.09.29 09:19:18 | 000,278,928 | ---- | M] () -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2011.09.16 04:58:14 | 000,285,696 | ---- | M] (Samsung) -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe
[2011.09.29 09:19:16 | 003,508,112 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2011.07.26 10:27:16 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe
[2011.09.16 04:56:02 | 000,283,648 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2011.09.16 04:56:04 | 000,666,624 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2011.09.29 09:19:20 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2011.09.16 04:55:38 | 000,106,408 | ---- | M] () -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2011.09.16 04:55:38 | 000,101,288 | ---- | M] () -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2011.09.29 09:19:24 | 000,131,984 | ---- | M] () -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2011.09.29 09:19:26 | 000,020,880 | ---- | M] () -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2011.09.29 09:19:28 | 004,662,392 | ---- | M] () -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2011.09.16 04:54:38 | 024,111,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2011.09.29 09:19:30 | 000,364,432 | ---- | M] (ml) -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.02.22 07:57:14 | 000,371,088 | ---- | M] (ml) -- C:\Users\Graf Fitsch\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 03:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 03:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp2.cab:atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2004.08.04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Windows.old\Windows\system32\drivers\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2004.08.04 02:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\Windows.old\Windows\system32\dllcache\eventlog.dll
[2004.08.04 02:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\Windows.old\Windows\system32\eventlog.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2004.08.04 02:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\Windows.old\Windows\system32\dllcache\netlogon.dll
[2004.08.04 02:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\Windows.old\Windows\system32\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2004.08.04 02:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\Windows.old\Windows\system32\dllcache\scecli.dll
[2004.08.04 02:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\Windows.old\Windows\system32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2004.08.04 02:56:48 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\Windows.old\Windows\system32\dllcache\user32.dll
[2004.08.04 02:56:48 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\Windows.old\Windows\system32\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2004.08.04 02:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\Windows.old\Windows\system32\dllcache\userinit.exe
[2004.08.04 02:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\Windows.old\Windows\system32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 02:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\Windows.old\Windows\system32\dllcache\winlogon.exe
[2004.08.04 02:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\Windows.old\Windows\system32\winlogon.exe
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.23 15:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\Windows.old\Windows\system32\dllcache\ws2ifsl.sys
[2001.08.23 15:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\Windows.old\Windows\system32\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >
         

Alt 21.05.2012, 09:32   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi - Standard

ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.03 21:07:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{092cce5a-c8c1-11de-8ce9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{092cce5a-c8c1-11de-8ce9-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\{61afbd99-3b14-11df-8fb2-ae7b50358787}\Shell - "" = AutoRun
O33 - MountPoints2\{61afbd99-3b14-11df-8fb2-ae7b50358787}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{61afbda6-3b14-11df-8fb2-ae7b50358787}\Shell - "" = AutoRun
O33 - MountPoints2\{61afbda6-3b14-11df-8fb2-ae7b50358787}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{66c28994-8a86-11df-95d9-ff5804a70ae0}\Shell - "" = AutoRun
O33 - MountPoints2\{66c28994-8a86-11df-95d9-ff5804a70ae0}\Shell\AutoRun\command - "" = H:\ff9pcsx.d3u5.exe
O33 - MountPoints2\{ad59aa7f-c8c6-11de-bb00-00241dd481aa}\Shell - "" = AutoRun
O33 - MountPoints2\{ad59aa7f-c8c6-11de-bb00-00241dd481aa}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{bb30ef82-3bdf-11df-b3c5-e61414f955fe}\Shell - "" = AutoRun
O33 - MountPoints2\{bb30ef82-3bdf-11df-b3c5-e61414f955fe}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Alt 21.05.2012, 10:16   #9
Graf Fitsch
 
ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi - Standard

ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi



So, hier das Fix-Log. Was mir spontan aufgefallen ist: Der Browser hat seit einigen Wochen beim Systemstart rel. lang gebraucht, bis die vorherigen Tabs geladen waren, das ging mMn nach gerade wieder schneller. Gutes Zeichen?

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{092cce5a-c8c1-11de-8ce9-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{092cce5a-c8c1-11de-8ce9-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{092cce5a-c8c1-11de-8ce9-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{092cce5a-c8c1-11de-8ce9-806e6f6e6963}\ not found.
File D:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61afbd99-3b14-11df-8fb2-ae7b50358787}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61afbd99-3b14-11df-8fb2-ae7b50358787}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61afbd99-3b14-11df-8fb2-ae7b50358787}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61afbd99-3b14-11df-8fb2-ae7b50358787}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61afbda6-3b14-11df-8fb2-ae7b50358787}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61afbda6-3b14-11df-8fb2-ae7b50358787}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61afbda6-3b14-11df-8fb2-ae7b50358787}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61afbda6-3b14-11df-8fb2-ae7b50358787}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66c28994-8a86-11df-95d9-ff5804a70ae0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66c28994-8a86-11df-95d9-ff5804a70ae0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{66c28994-8a86-11df-95d9-ff5804a70ae0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66c28994-8a86-11df-95d9-ff5804a70ae0}\ not found.
File H:\ff9pcsx.d3u5.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad59aa7f-c8c6-11de-bb00-00241dd481aa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad59aa7f-c8c6-11de-bb00-00241dd481aa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad59aa7f-c8c6-11de-bb00-00241dd481aa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad59aa7f-c8c6-11de-bb00-00241dd481aa}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb30ef82-3bdf-11df-b3c5-e61414f955fe}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb30ef82-3bdf-11df-b3c5-e61414f955fe}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb30ef82-3bdf-11df-b3c5-e61414f955fe}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb30ef82-3bdf-11df-b3c5-e61414f955fe}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\LaunchU3.exe -a not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 51189 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Graf Fitsch
->Temp folder emptied: 11134279027 bytes
->Temporary Internet Files folder emptied: 2172472158 bytes
->Java cache emptied: 23551973 bytes
->FireFox cache emptied: 990462683 bytes
->Flash cache emptied: 6421 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 719872 bytes
%systemroot%\System32 (64bit) .tmp files removed: 8556032 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 317147559 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 7548826083 bytes
 
Total Files Cleaned = 21.168,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: Graf Fitsch
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.43.0 log created on 05212012_110939

Files\Folders moved on Reboot...
C:\Users\Graf Fitsch\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\SysNative\SET3BA4.tmp not found!

Registry entries deleted on Reboot...
         

Alt 21.05.2012, 10:24   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi - Standard

ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!


Alt 21.05.2012, 10:37   #11
Graf Fitsch
 
ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi - Standard

ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi



Ok

Code:
ATTFilter
11:34:57.0038 2816	TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
11:34:57.0298 2816	============================================================
11:34:57.0298 2816	Current date / time: 2012/05/21 11:34:57.0298
11:34:57.0298 2816	SystemInfo:
11:34:57.0298 2816	
11:34:57.0298 2816	OS Version: 6.1.7601 ServicePack: 1.0
11:34:57.0298 2816	Product type: Workstation
11:34:57.0298 2816	ComputerName: MACHINE
11:34:57.0298 2816	UserName: Graf Fitsch
11:34:57.0298 2816	Windows directory: C:\Windows
11:34:57.0298 2816	System windows directory: C:\Windows
11:34:57.0298 2816	Running under WOW64
11:34:57.0298 2816	Processor architecture: Intel x64
11:34:57.0298 2816	Number of processors: 4
11:34:57.0298 2816	Page size: 0x1000
11:34:57.0298 2816	Boot type: Normal boot
11:34:57.0298 2816	============================================================
11:34:58.0318 2816	Drive \Device\Harddisk0\DR0 - Size: 0x950AF4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
11:34:58.0408 2816	============================================================
11:34:58.0408 2816	\Device\Harddisk0\DR0:
11:34:58.0408 2816	MBR partitions:
11:34:58.0408 2816	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000
11:34:58.0408 2816	============================================================
11:34:58.0438 2816	C: <-> \Device\Harddisk0\DR0\Partition0
11:34:58.0438 2816	============================================================
11:34:58.0438 2816	Initialize success
11:34:58.0438 2816	============================================================
11:35:36.0128 3316	============================================================
11:35:36.0128 3316	Scan started
11:35:36.0128 3316	Mode: Manual; SigCheck; TDLFS; 
11:35:36.0128 3316	============================================================
11:35:36.0568 3316	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:35:36.0698 3316	1394ohci - ok
11:35:36.0778 3316	acedrv11        (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
11:35:36.0828 3316	acedrv11 - ok
11:35:36.0878 3316	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:35:36.0908 3316	ACPI - ok
11:35:36.0948 3316	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:35:36.0988 3316	AcpiPmi - ok
11:35:37.0138 3316	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:35:37.0168 3316	AdobeFlashPlayerUpdateSvc - ok
11:35:37.0208 3316	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:35:37.0238 3316	adp94xx - ok
11:35:37.0278 3316	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:35:37.0328 3316	adpahci - ok
11:35:37.0348 3316	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:35:37.0368 3316	adpu320 - ok
11:35:37.0398 3316	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:35:37.0448 3316	AeLookupSvc - ok
11:35:37.0538 3316	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:35:37.0598 3316	AFD - ok
11:35:37.0648 3316	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:35:37.0678 3316	agp440 - ok
11:35:37.0688 3316	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:35:37.0788 3316	ALG - ok
11:35:37.0838 3316	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:35:37.0858 3316	aliide - ok
11:35:37.0928 3316	AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
11:35:37.0978 3316	AMD External Events Utility - ok
11:35:38.0068 3316	AMD FUEL Service - ok
11:35:38.0088 3316	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:35:38.0108 3316	amdide - ok
11:35:38.0148 3316	amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
11:35:38.0158 3316	amdiox64 - ok
11:35:38.0178 3316	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:35:38.0228 3316	AmdK8 - ok
11:35:38.0948 3316	amdkmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
11:35:39.0038 3316	amdkmdag - ok
11:35:39.0208 3316	amdkmdap        (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
11:35:39.0248 3316	amdkmdap - ok
11:35:39.0278 3316	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:35:39.0318 3316	AmdPPM - ok
11:35:39.0398 3316	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:35:39.0438 3316	amdsata - ok
11:35:39.0468 3316	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:35:39.0488 3316	amdsbs - ok
11:35:39.0498 3316	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:35:39.0508 3316	amdxata - ok
11:35:39.0598 3316	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
11:35:39.0618 3316	AntiVirSchedulerService - ok
11:35:39.0648 3316	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
11:35:39.0658 3316	AntiVirService - ok
11:35:39.0718 3316	AnyDVD          (821e7e501226ee344fdb0f40ee46109d) C:\Windows\system32\Drivers\AnyDVD.sys
11:35:39.0738 3316	AnyDVD - ok
11:35:39.0808 3316	AODDriver4.01   (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:35:39.0828 3316	AODDriver4.01 - ok
11:35:39.0848 3316	AODDriver4.1    (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
11:35:39.0858 3316	AODDriver4.1 - ok
11:35:39.0898 3316	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:35:39.0978 3316	AppID - ok
11:35:40.0008 3316	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:35:40.0078 3316	AppIDSvc - ok
11:35:40.0128 3316	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:35:40.0218 3316	Appinfo - ok
11:35:40.0268 3316	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
11:35:40.0308 3316	AppMgmt - ok
11:35:40.0338 3316	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:35:40.0358 3316	arc - ok
11:35:40.0378 3316	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:35:40.0388 3316	arcsas - ok
11:35:40.0398 3316	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:35:40.0458 3316	AsyncMac - ok
11:35:40.0478 3316	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:35:40.0488 3316	atapi - ok
11:35:40.0548 3316	AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
11:35:40.0568 3316	AtiHDAudioService - ok
11:35:40.0598 3316	atksgt          (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
11:35:40.0618 3316	atksgt - ok
11:35:40.0728 3316	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:35:40.0818 3316	AudioEndpointBuilder - ok
11:35:40.0828 3316	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:35:40.0868 3316	AudioSrv - ok
11:35:40.0908 3316	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
11:35:40.0938 3316	avgntflt - ok
11:35:40.0968 3316	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
11:35:40.0988 3316	avipbb - ok
11:35:40.0998 3316	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
11:35:41.0008 3316	avkmgr - ok
11:35:41.0048 3316	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:35:41.0148 3316	AxInstSV - ok
11:35:41.0198 3316	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:35:41.0278 3316	b06bdrv - ok
11:35:41.0318 3316	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:35:41.0368 3316	b57nd60a - ok
11:35:41.0398 3316	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:35:41.0418 3316	BDESVC - ok
11:35:41.0448 3316	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:35:41.0468 3316	Beep - ok
11:35:41.0588 3316	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:35:41.0648 3316	BFE - ok
11:35:41.0728 3316	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:35:41.0808 3316	BITS - ok
11:35:41.0858 3316	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:35:41.0908 3316	blbdrive - ok
11:35:41.0938 3316	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:35:41.0958 3316	bowser - ok
11:35:41.0998 3316	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:35:42.0058 3316	BrFiltLo - ok
11:35:42.0078 3316	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:35:42.0088 3316	BrFiltUp - ok
11:35:42.0138 3316	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:35:42.0228 3316	Browser - ok
11:35:42.0248 3316	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:35:42.0288 3316	Brserid - ok
11:35:42.0298 3316	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:35:42.0328 3316	BrSerWdm - ok
11:35:42.0348 3316	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:35:42.0408 3316	BrUsbMdm - ok
11:35:42.0438 3316	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:35:42.0458 3316	BrUsbSer - ok
11:35:42.0488 3316	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:35:42.0548 3316	BTHMODEM - ok
11:35:42.0598 3316	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:35:42.0678 3316	bthserv - ok
11:35:42.0708 3316	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:35:42.0728 3316	cdfs - ok
11:35:42.0808 3316	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:35:42.0878 3316	cdrom - ok
11:35:42.0948 3316	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:35:43.0038 3316	CertPropSvc - ok
11:35:43.0068 3316	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:35:43.0118 3316	circlass - ok
11:35:43.0168 3316	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:35:43.0178 3316	CLFS - ok
11:35:43.0238 3316	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:35:43.0268 3316	clr_optimization_v2.0.50727_32 - ok
11:35:43.0288 3316	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:35:43.0318 3316	clr_optimization_v2.0.50727_64 - ok
11:35:43.0428 3316	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:35:43.0448 3316	clr_optimization_v4.0.30319_32 - ok
11:35:43.0468 3316	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:35:43.0478 3316	clr_optimization_v4.0.30319_64 - ok
11:35:43.0498 3316	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:35:43.0528 3316	CmBatt - ok
11:35:43.0558 3316	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:35:43.0568 3316	cmdide - ok
11:35:43.0628 3316	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:35:43.0668 3316	CNG - ok
11:35:43.0678 3316	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:35:43.0688 3316	Compbatt - ok
11:35:43.0718 3316	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:35:43.0778 3316	CompositeBus - ok
11:35:43.0798 3316	COMSysApp - ok
11:35:43.0928 3316	CPUCooLServer   (f4fd82f5d6617a45cc3c4b9d4e7df2c0) C:\Program Files (x86)\CPUCooL\CooLSrv.exe
11:35:43.0978 3316	CPUCooLServer ( UnsignedFile.Multi.Generic ) - warning
11:35:43.0978 3316	CPUCooLServer - detected UnsignedFile.Multi.Generic (1)
11:35:44.0028 3316	cpuz130 - ok
11:35:44.0088 3316	cpuz135         (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
11:35:44.0108 3316	cpuz135 - ok
11:35:44.0118 3316	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:35:44.0148 3316	crcdisk - ok
11:35:44.0208 3316	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:35:44.0298 3316	CryptSvc - ok
11:35:44.0348 3316	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:35:44.0418 3316	CSC - ok
11:35:44.0488 3316	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
11:35:44.0548 3316	CscService - ok
11:35:44.0648 3316	DAUpdaterSvc    (914a7156b0c0f10be645a02e13f576b2) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
11:35:44.0668 3316	DAUpdaterSvc - ok
11:35:44.0738 3316	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:35:44.0808 3316	DcomLaunch - ok
11:35:44.0848 3316	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:35:44.0888 3316	defragsvc - ok
11:35:44.0968 3316	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:35:45.0048 3316	DfsC - ok
11:35:45.0118 3316	dgderdrv        (def365f0f6e017888c4b869d3ba4b8e0) C:\Windows\system32\drivers\dgderdrv.sys
11:35:45.0138 3316	dgderdrv - ok
11:35:45.0198 3316	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:35:45.0238 3316	Dhcp - ok
11:35:45.0258 3316	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:35:45.0288 3316	discache - ok
11:35:45.0348 3316	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:35:45.0368 3316	Disk - ok
11:35:45.0408 3316	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:35:45.0478 3316	Dnscache - ok
11:35:45.0538 3316	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:35:45.0618 3316	dot3svc - ok
11:35:45.0658 3316	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:35:45.0708 3316	DPS - ok
11:35:45.0758 3316	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:35:45.0768 3316	drmkaud - ok
11:35:45.0908 3316	DSDrv4AMD64     (390fbd3f370406e0b3767d3c71a4b3e5) C:\PROGRA~2\DScaler\DSDRV4~2.SYS
11:35:45.0938 3316	DSDrv4AMD64 - ok
11:35:46.0028 3316	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:35:46.0068 3316	DXGKrnl - ok
11:35:46.0098 3316	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:35:46.0168 3316	EapHost - ok
11:35:46.0358 3316	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:35:46.0438 3316	ebdrv - ok
11:35:46.0538 3316	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:35:46.0618 3316	EFS - ok
11:35:46.0738 3316	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:35:46.0838 3316	ehRecvr - ok
11:35:46.0878 3316	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:35:46.0958 3316	ehSched - ok
11:35:47.0058 3316	ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
11:35:47.0088 3316	ElbyCDIO - ok
11:35:47.0138 3316	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:35:47.0178 3316	elxstor - ok
11:35:47.0228 3316	ENTECH64        (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
11:35:47.0248 3316	ENTECH64 - ok
11:35:47.0288 3316	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:35:47.0328 3316	ErrDev - ok
11:35:47.0388 3316	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:35:47.0458 3316	EventSystem - ok
11:35:47.0488 3316	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:35:47.0548 3316	exfat - ok
11:35:47.0568 3316	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:35:47.0638 3316	fastfat - ok
11:35:47.0738 3316	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:35:47.0818 3316	Fax - ok
11:35:47.0858 3316	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:35:47.0888 3316	fdc - ok
11:35:47.0928 3316	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:35:48.0018 3316	fdPHost - ok
11:35:48.0038 3316	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:35:48.0108 3316	FDResPub - ok
11:35:48.0138 3316	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:35:48.0148 3316	FileInfo - ok
11:35:48.0158 3316	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:35:48.0228 3316	Filetrace - ok
11:35:48.0258 3316	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:35:48.0298 3316	flpydisk - ok
11:35:48.0368 3316	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:35:48.0398 3316	FltMgr - ok
11:35:48.0508 3316	FontCache       (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
11:35:48.0578 3316	FontCache - ok
11:35:48.0638 3316	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:35:48.0658 3316	FontCache3.0.0.0 - ok
11:35:48.0678 3316	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:35:48.0688 3316	FsDepends - ok
11:35:48.0718 3316	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:35:48.0748 3316	Fs_Rec - ok
11:35:48.0808 3316	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:35:48.0848 3316	fvevol - ok
11:35:48.0868 3316	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:35:48.0878 3316	gagp30kx - ok
11:35:48.0898 3316	gdrv            (46e2828bca26b31fa5a1dd4d84df633d) C:\Windows\gdrv.sys
11:35:48.0908 3316	gdrv - ok
11:35:48.0958 3316	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:35:49.0038 3316	gpsvc - ok
11:35:49.0158 3316	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:35:49.0188 3316	gupdate - ok
11:35:49.0208 3316	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:35:49.0228 3316	gupdatem - ok
11:35:49.0268 3316	GVTDrv64        (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
11:35:49.0298 3316	GVTDrv64 - ok
11:35:49.0408 3316	HCW85BDA        (9e308d0bc9a9cf6e50aa25639c9cccb3) C:\Windows\system32\drivers\HCW85BDA.sys
11:35:49.0558 3316	HCW85BDA - ok
11:35:49.0588 3316	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:35:49.0628 3316	hcw85cir - ok
11:35:49.0718 3316	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:35:49.0748 3316	HdAudAddService - ok
11:35:49.0818 3316	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:35:49.0878 3316	HDAudBus - ok
11:35:49.0918 3316	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:35:49.0968 3316	HidBatt - ok
11:35:49.0998 3316	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:35:50.0048 3316	HidBth - ok
11:35:50.0078 3316	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:35:50.0138 3316	HidIr - ok
11:35:50.0168 3316	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:35:50.0218 3316	hidserv - ok
11:35:50.0268 3316	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:35:50.0298 3316	HidUsb - ok
11:35:50.0348 3316	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:35:50.0418 3316	hkmsvc - ok
11:35:50.0468 3316	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:35:50.0508 3316	HomeGroupListener - ok
11:35:50.0558 3316	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:35:50.0588 3316	HomeGroupProvider - ok
11:35:50.0628 3316	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:35:50.0658 3316	HpSAMD - ok
11:35:50.0748 3316	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:35:50.0818 3316	HTTP - ok
11:35:50.0848 3316	hwdatacard - ok
11:35:50.0888 3316	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:35:50.0908 3316	hwpolicy - ok
11:35:50.0918 3316	hwusbdev - ok
11:35:50.0938 3316	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:35:50.0948 3316	i8042prt - ok
11:35:50.0998 3316	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:35:51.0018 3316	iaStorV - ok
11:35:51.0068 3316	IDMWFP          (71359fc89451bf54fa06f049d3a87adf) C:\Windows\system32\DRIVERS\idmwfp.sys
11:35:51.0088 3316	IDMWFP - ok
11:35:51.0168 3316	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:35:51.0208 3316	IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:35:51.0208 3316	IDriverT - detected UnsignedFile.Multi.Generic (1)
11:35:51.0318 3316	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:35:51.0368 3316	idsvc - ok
11:35:51.0388 3316	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:35:51.0398 3316	iirsp - ok
11:35:51.0488 3316	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:35:51.0588 3316	IKEEXT - ok
11:35:51.0708 3316	IntcAzAudAddService (4b071aebbc13d60430ee0371b262f681) C:\Windows\system32\drivers\RTKVHD64.sys
11:35:51.0748 3316	IntcAzAudAddService - ok
11:35:51.0848 3316	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:35:51.0878 3316	intelide - ok
11:35:51.0898 3316	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:35:51.0928 3316	intelppm - ok
11:35:51.0968 3316	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:35:52.0018 3316	IPBusEnum - ok
11:35:52.0068 3316	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:35:52.0158 3316	IpFilterDriver - ok
11:35:52.0208 3316	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:35:52.0258 3316	iphlpsvc - ok
11:35:52.0308 3316	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:35:52.0338 3316	IPMIDRV - ok
11:35:52.0358 3316	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:35:52.0458 3316	IPNAT - ok
11:35:52.0488 3316	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:35:52.0538 3316	IRENUM - ok
11:35:52.0568 3316	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:35:52.0598 3316	isapnp - ok
11:35:52.0638 3316	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:35:52.0658 3316	iScsiPrt - ok
11:35:52.0688 3316	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:35:52.0698 3316	kbdclass - ok
11:35:52.0748 3316	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:35:52.0778 3316	kbdhid - ok
11:35:52.0808 3316	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:35:52.0838 3316	KeyIso - ok
11:35:52.0848 3316	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:35:52.0858 3316	KSecDD - ok
11:35:52.0878 3316	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:35:52.0888 3316	KSecPkg - ok
11:35:52.0898 3316	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:35:52.0968 3316	ksthunk - ok
11:35:53.0018 3316	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:35:53.0098 3316	KtmRm - ok
11:35:53.0138 3316	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
11:35:53.0218 3316	LanmanServer - ok
11:35:53.0248 3316	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:35:53.0328 3316	LanmanWorkstation - ok
11:35:53.0368 3316	lirsgt          (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
11:35:53.0398 3316	lirsgt - ok
11:35:53.0418 3316	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:35:53.0488 3316	lltdio - ok
11:35:53.0538 3316	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:35:53.0628 3316	lltdsvc - ok
11:35:53.0658 3316	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:35:53.0678 3316	lmhosts - ok
11:35:53.0708 3316	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:35:53.0708 3316	LSI_FC - ok
11:35:53.0718 3316	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:35:53.0728 3316	LSI_SAS - ok
11:35:53.0748 3316	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:35:53.0748 3316	LSI_SAS2 - ok
11:35:53.0768 3316	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:35:53.0778 3316	LSI_SCSI - ok
11:35:53.0798 3316	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:35:53.0868 3316	luafv - ok
11:35:53.0928 3316	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
11:35:53.0958 3316	MBAMProtector - ok
11:35:54.0048 3316	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:35:54.0078 3316	MBAMService - ok
11:35:54.0118 3316	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:35:54.0158 3316	Mcx2Svc - ok
11:35:54.0198 3316	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:35:54.0218 3316	megasas - ok
11:35:54.0238 3316	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:35:54.0258 3316	MegaSR - ok
11:35:54.0308 3316	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:35:54.0378 3316	MMCSS - ok
11:35:54.0408 3316	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:35:54.0488 3316	Modem - ok
11:35:54.0518 3316	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:35:54.0568 3316	monitor - ok
11:35:54.0628 3316	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:35:54.0658 3316	mouclass - ok
11:35:54.0708 3316	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:35:54.0778 3316	mouhid - ok
11:35:54.0808 3316	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:35:54.0818 3316	mountmgr - ok
11:35:54.0868 3316	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:35:54.0898 3316	MozillaMaintenance - ok
11:35:54.0938 3316	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:35:54.0968 3316	mpio - ok
11:35:54.0988 3316	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:35:55.0048 3316	mpsdrv - ok
11:35:55.0128 3316	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:35:55.0198 3316	MpsSvc - ok
11:35:55.0238 3316	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:35:55.0308 3316	MRxDAV - ok
11:35:55.0358 3316	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:35:55.0398 3316	mrxsmb - ok
11:35:55.0448 3316	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:35:55.0478 3316	mrxsmb10 - ok
11:35:55.0518 3316	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:35:55.0578 3316	mrxsmb20 - ok
11:35:55.0608 3316	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:35:55.0638 3316	msahci - ok
11:35:55.0678 3316	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:35:55.0708 3316	msdsm - ok
11:35:55.0738 3316	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:35:55.0798 3316	MSDTC - ok
11:35:55.0838 3316	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:35:55.0888 3316	Msfs - ok
11:35:55.0898 3316	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:35:55.0948 3316	mshidkmdf - ok
11:35:55.0978 3316	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:35:56.0008 3316	msisadrv - ok
11:35:56.0038 3316	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:35:56.0098 3316	MSiSCSI - ok
11:35:56.0098 3316	msiserver - ok
11:35:56.0128 3316	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:35:56.0208 3316	MSKSSRV - ok
11:35:56.0248 3316	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:35:56.0328 3316	MSPCLOCK - ok
11:35:56.0348 3316	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:35:56.0418 3316	MSPQM - ok
11:35:56.0478 3316	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:35:56.0498 3316	MsRPC - ok
11:35:56.0508 3316	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:35:56.0518 3316	mssmbios - ok
11:35:56.0528 3316	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:35:56.0598 3316	MSTEE - ok
11:35:56.0618 3316	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:35:56.0628 3316	MTConfig - ok
11:35:56.0638 3316	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:35:56.0648 3316	Mup - ok
11:35:56.0708 3316	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:35:56.0778 3316	napagent - ok
11:35:56.0838 3316	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:35:56.0918 3316	NativeWifiP - ok
11:35:57.0088 3316	NAUpdate        (1bbbf640bc0e0b750537baece8d66c18) C:\Program Files (x86)\Nero\Update\NASvc.exe
11:35:57.0128 3316	NAUpdate - ok
11:35:57.0228 3316	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:35:57.0268 3316	NDIS - ok
11:35:57.0278 3316	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:35:57.0308 3316	NdisCap - ok
11:35:57.0318 3316	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:35:57.0408 3316	NdisTapi - ok
11:35:57.0478 3316	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:35:57.0538 3316	Ndisuio - ok
11:35:57.0578 3316	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:35:57.0678 3316	NdisWan - ok
11:35:57.0718 3316	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:35:57.0798 3316	NDProxy - ok
11:35:57.0908 3316	Nero BackItUp Scheduler 4.0 - ok
11:35:57.0928 3316	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:35:57.0988 3316	NetBIOS - ok
11:35:58.0028 3316	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:35:58.0078 3316	NetBT - ok
11:35:58.0108 3316	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:35:58.0128 3316	Netlogon - ok
11:35:58.0168 3316	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:35:58.0228 3316	Netman - ok
11:35:58.0268 3316	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:35:58.0348 3316	netprofm - ok
11:35:58.0398 3316	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:35:58.0428 3316	NetTcpPortSharing - ok
11:35:58.0458 3316	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:35:58.0468 3316	nfrd960 - ok
11:35:58.0518 3316	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:35:58.0588 3316	NlaSvc - ok
11:35:58.0628 3316	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:35:58.0678 3316	Npfs - ok
11:35:58.0688 3316	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:35:58.0728 3316	nsi - ok
11:35:58.0748 3316	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:35:58.0818 3316	nsiproxy - ok
11:35:58.0948 3316	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:35:58.0998 3316	Ntfs - ok
11:35:59.0128 3316	ntiopnp         (69e894c5a09c6a6e6372e35653bb05f3) C:\Windows\system32\drivers\ntiopnp.sys
11:35:59.0158 3316	ntiopnp - ok
11:35:59.0168 3316	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:35:59.0218 3316	Null - ok
11:35:59.0238 3316	nvlddmkm - ok
11:35:59.0288 3316	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:35:59.0318 3316	nvraid - ok
11:35:59.0328 3316	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:35:59.0348 3316	nvstor - ok
11:35:59.0358 3316	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:35:59.0368 3316	nv_agp - ok
11:35:59.0408 3316	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:35:59.0468 3316	ohci1394 - ok
11:35:59.0518 3316	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:35:59.0568 3316	p2pimsvc - ok
11:35:59.0608 3316	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:35:59.0648 3316	p2psvc - ok
11:35:59.0658 3316	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:35:59.0668 3316	Parport - ok
11:35:59.0708 3316	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:35:59.0738 3316	partmgr - ok
11:35:59.0758 3316	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:35:59.0788 3316	PcaSvc - ok
11:35:59.0818 3316	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:35:59.0838 3316	pci - ok
11:35:59.0848 3316	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:35:59.0858 3316	pciide - ok
11:35:59.0878 3316	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:35:59.0898 3316	pcmcia - ok
11:35:59.0908 3316	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:35:59.0908 3316	pcw - ok
11:35:59.0918 3316	PDNMp50 - ok
11:35:59.0948 3316	PDNSp50 - ok
11:35:59.0958 3316	PDNSp50a64 - ok
11:35:59.0998 3316	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:36:00.0068 3316	PEAUTH - ok
11:36:00.0188 3316	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
11:36:00.0278 3316	PeerDistSvc - ok
11:36:00.0348 3316	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:36:00.0398 3316	PerfHost - ok
11:36:00.0598 3316	Ph3xIB64        (1e81496aff9d7fa2b4c4032b746de5b9) C:\Windows\system32\DRIVERS\Ph3xIB64.sys
11:36:00.0688 3316	Ph3xIB64 - ok
11:36:00.0878 3316	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:36:00.0938 3316	pla - ok
11:36:00.0998 3316	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:36:01.0028 3316	PlugPlay - ok
11:36:01.0048 3316	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:36:01.0078 3316	PNRPAutoReg - ok
11:36:01.0118 3316	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:36:01.0148 3316	PNRPsvc - ok
11:36:01.0178 3316	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:36:01.0238 3316	PolicyAgent - ok
11:36:01.0278 3316	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:36:01.0348 3316	Power - ok
11:36:01.0418 3316	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:36:01.0518 3316	PptpMiniport - ok
11:36:01.0558 3316	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:36:01.0608 3316	Processor - ok
11:36:01.0658 3316	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:36:01.0758 3316	ProfSvc - ok
11:36:01.0808 3316	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:36:01.0828 3316	ProtectedStorage - ok
11:36:01.0888 3316	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:36:01.0918 3316	Psched - ok
11:36:02.0028 3316	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:36:02.0088 3316	ql2300 - ok
11:36:02.0178 3316	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:36:02.0218 3316	ql40xx - ok
11:36:02.0448 3316	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:36:02.0498 3316	QWAVE - ok
11:36:02.0518 3316	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:36:02.0558 3316	QWAVEdrv - ok
11:36:02.0578 3316	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:36:02.0628 3316	RasAcd - ok
11:36:02.0648 3316	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:36:02.0678 3316	RasAgileVpn - ok
11:36:02.0688 3316	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:36:02.0758 3316	RasAuto - ok
11:36:02.0818 3316	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:36:02.0898 3316	Rasl2tp - ok
11:36:02.0948 3316	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:36:02.0998 3316	RasMan - ok
11:36:03.0018 3316	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:36:03.0088 3316	RasPppoe - ok
11:36:03.0108 3316	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:36:03.0178 3316	RasSstp - ok
11:36:03.0218 3316	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:36:03.0318 3316	rdbss - ok
11:36:03.0348 3316	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:36:03.0398 3316	rdpbus - ok
11:36:03.0418 3316	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:36:03.0448 3316	RDPCDD - ok
11:36:03.0508 3316	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:36:03.0548 3316	RDPDR - ok
11:36:03.0558 3316	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:36:03.0608 3316	RDPENCDD - ok
11:36:03.0628 3316	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:36:03.0658 3316	RDPREFMP - ok
11:36:03.0698 3316	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:36:03.0738 3316	RDPWD - ok
11:36:03.0788 3316	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:36:03.0818 3316	rdyboost - ok
11:36:03.0838 3316	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:36:03.0918 3316	RemoteAccess - ok
11:36:03.0958 3316	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:36:04.0048 3316	RemoteRegistry - ok
11:36:04.0108 3316	RMCAST          (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys
11:36:04.0188 3316	RMCAST - ok
11:36:04.0218 3316	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:36:04.0248 3316	RpcEptMapper - ok
11:36:04.0268 3316	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:36:04.0288 3316	RpcLocator - ok
11:36:04.0338 3316	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:36:04.0388 3316	RpcSs - ok
11:36:04.0408 3316	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:36:04.0448 3316	rspndr - ok
11:36:04.0538 3316	RTCore64        (4b60ef388071e0baf299496e3d6590ae) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
11:36:04.0558 3316	RTCore64 - ok
11:36:04.0608 3316	RTL8167         (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:36:04.0658 3316	RTL8167 - ok
11:36:04.0698 3316	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
11:36:04.0758 3316	s3cap - ok
11:36:04.0798 3316	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:36:04.0818 3316	SamSs - ok
11:36:04.0858 3316	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:36:04.0888 3316	sbp2port - ok
11:36:04.0908 3316	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:36:04.0968 3316	SCardSvr - ok
11:36:04.0998 3316	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:36:05.0058 3316	scfilter - ok
11:36:05.0148 3316	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:36:05.0198 3316	Schedule - ok
11:36:05.0238 3316	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:36:05.0258 3316	SCPolicySvc - ok
11:36:05.0298 3316	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:36:05.0378 3316	SDRSVC - ok
11:36:05.0418 3316	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:36:05.0488 3316	secdrv - ok
11:36:05.0528 3316	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:36:05.0598 3316	seclogon - ok
11:36:05.0628 3316	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:36:05.0678 3316	SENS - ok
11:36:05.0698 3316	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:36:05.0718 3316	SensrSvc - ok
11:36:05.0728 3316	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:36:05.0748 3316	Serenum - ok
11:36:05.0778 3316	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:36:05.0818 3316	Serial - ok
11:36:05.0858 3316	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:36:05.0878 3316	sermouse - ok
11:36:05.0928 3316	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:36:05.0978 3316	SessionEnv - ok
11:36:06.0008 3316	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:36:06.0078 3316	sffdisk - ok
11:36:06.0088 3316	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:36:06.0128 3316	sffp_mmc - ok
11:36:06.0138 3316	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:36:06.0158 3316	sffp_sd - ok
11:36:06.0188 3316	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:36:06.0238 3316	sfloppy - ok
11:36:06.0278 3316	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:36:06.0358 3316	SharedAccess - ok
11:36:06.0408 3316	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:36:06.0458 3316	ShellHWDetection - ok
11:36:06.0478 3316	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:36:06.0488 3316	SiSRaid2 - ok
11:36:06.0508 3316	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:36:06.0508 3316	SiSRaid4 - ok
11:36:06.0538 3316	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:36:06.0598 3316	Smb - ok
11:36:06.0638 3316	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:36:06.0688 3316	SNMPTRAP - ok
11:36:06.0778 3316	speedfan        (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys
11:36:06.0798 3316	speedfan - ok
11:36:06.0808 3316	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:36:06.0828 3316	spldr - ok
11:36:06.0878 3316	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:36:06.0928 3316	Spooler - ok
11:36:07.0158 3316	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:36:07.0228 3316	sppsvc - ok
11:36:07.0318 3316	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:36:07.0408 3316	sppuinotify - ok
11:36:07.0588 3316	sptd            (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
11:36:07.0638 3316	sptd - ok
11:36:07.0698 3316	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:36:07.0758 3316	srv - ok
11:36:07.0808 3316	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:36:07.0858 3316	srv2 - ok
11:36:07.0878 3316	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:36:07.0938 3316	srvnet - ok
11:36:08.0018 3316	ssadbus         (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
11:36:08.0098 3316	ssadbus - ok
11:36:08.0138 3316	ssadmdfl        (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
11:36:08.0168 3316	ssadmdfl - ok
11:36:08.0208 3316	ssadmdm         (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
11:36:08.0248 3316	ssadmdm - ok
11:36:08.0298 3316	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:36:08.0358 3316	SSDPSRV - ok
11:36:08.0388 3316	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:36:08.0408 3316	SstpSvc - ok
11:36:08.0458 3316	Steam Client Service - ok
11:36:08.0488 3316	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:36:08.0518 3316	stexstor - ok
11:36:08.0588 3316	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:36:08.0648 3316	stisvc - ok
11:36:08.0688 3316	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
11:36:08.0698 3316	storflt - ok
11:36:08.0708 3316	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
11:36:08.0768 3316	StorSvc - ok
11:36:08.0788 3316	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
11:36:08.0798 3316	storvsc - ok
11:36:08.0838 3316	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:36:08.0848 3316	swenum - ok
11:36:08.0878 3316	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:36:08.0938 3316	swprv - ok
11:36:09.0068 3316	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:36:09.0118 3316	SysMain - ok
11:36:09.0218 3316	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:36:09.0288 3316	TabletInputService - ok
11:36:09.0338 3316	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:36:09.0408 3316	TapiSrv - ok
11:36:09.0438 3316	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:36:09.0458 3316	TBS - ok
11:36:09.0608 3316	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:36:09.0658 3316	Tcpip - ok
11:36:09.0808 3316	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:36:09.0848 3316	TCPIP6 - ok
11:36:09.0908 3316	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:36:09.0988 3316	tcpipreg - ok
11:36:10.0018 3316	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:36:10.0028 3316	TDPIPE - ok
11:36:10.0058 3316	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:36:10.0108 3316	TDTCP - ok
11:36:10.0168 3316	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:36:10.0258 3316	tdx - ok
11:36:10.0288 3316	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:36:10.0308 3316	TermDD - ok
11:36:10.0348 3316	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:36:10.0388 3316	TermService - ok
11:36:10.0448 3316	TFsExDisk       (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
11:36:10.0468 3316	TFsExDisk - ok
11:36:10.0488 3316	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:36:10.0538 3316	Themes - ok
11:36:10.0568 3316	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:36:10.0618 3316	THREADORDER - ok
11:36:10.0638 3316	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:36:10.0678 3316	TrkWks - ok
11:36:10.0748 3316	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:36:10.0818 3316	TrustedInstaller - ok
11:36:10.0878 3316	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:36:10.0918 3316	tssecsrv - ok
11:36:10.0958 3316	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:36:11.0028 3316	TsUsbFlt - ok
11:36:11.0088 3316	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:36:11.0178 3316	tunnel - ok
11:36:11.0208 3316	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:36:11.0218 3316	uagp35 - ok
11:36:11.0258 3316	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:36:11.0358 3316	udfs - ok
11:36:11.0388 3316	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:36:11.0398 3316	UI0Detect - ok
11:36:11.0428 3316	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:36:11.0458 3316	uliagpkx - ok
11:36:11.0508 3316	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:36:11.0568 3316	umbus - ok
11:36:11.0598 3316	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:36:11.0618 3316	UmPass - ok
11:36:11.0668 3316	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
11:36:11.0698 3316	UmRdpService - ok
11:36:11.0748 3316	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:36:11.0818 3316	upnphost - ok
11:36:11.0888 3316	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:36:11.0918 3316	usbaudio - ok
11:36:11.0938 3316	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:36:11.0948 3316	usbccgp - ok
11:36:11.0988 3316	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:36:11.0998 3316	usbcir - ok
11:36:12.0008 3316	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:36:12.0048 3316	usbehci - ok
11:36:12.0108 3316	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:36:12.0168 3316	usbhub - ok
11:36:12.0198 3316	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
11:36:12.0238 3316	usbohci - ok
11:36:12.0258 3316	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:36:12.0278 3316	usbprint - ok
11:36:12.0318 3316	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:36:12.0328 3316	usbscan - ok
11:36:12.0338 3316	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:36:12.0378 3316	USBSTOR - ok
11:36:12.0408 3316	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:36:12.0458 3316	usbuhci - ok
11:36:12.0498 3316	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:36:12.0588 3316	UxSms - ok
11:36:12.0618 3316	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:36:12.0628 3316	VaultSvc - ok
11:36:12.0638 3316	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:36:12.0648 3316	vdrvroot - ok
11:36:12.0708 3316	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:36:12.0778 3316	vds - ok
11:36:12.0798 3316	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:36:12.0808 3316	vga - ok
11:36:12.0818 3316	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:36:12.0858 3316	VgaSave - ok
11:36:12.0898 3316	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:36:12.0938 3316	vhdmp - ok
11:36:12.0968 3316	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:36:12.0988 3316	viaide - ok
11:36:13.0008 3316	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
11:36:13.0018 3316	vmbus - ok
11:36:13.0028 3316	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
11:36:13.0038 3316	VMBusHID - ok
11:36:13.0048 3316	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:36:13.0058 3316	volmgr - ok
11:36:13.0118 3316	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:36:13.0148 3316	volmgrx - ok
11:36:13.0178 3316	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:36:13.0188 3316	volsnap - ok
11:36:13.0218 3316	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:36:13.0228 3316	vsmraid - ok
11:36:13.0358 3316	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:36:13.0448 3316	VSS - ok
11:36:13.0538 3316	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:36:13.0598 3316	vwifibus - ok
11:36:13.0648 3316	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:36:13.0738 3316	W32Time - ok
11:36:13.0758 3316	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:36:13.0768 3316	WacomPen - ok
11:36:13.0788 3316	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:36:13.0858 3316	WANARP - ok
11:36:13.0878 3316	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:36:13.0898 3316	Wanarpv6 - ok
11:36:14.0028 3316	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:36:14.0088 3316	WatAdminSvc - ok
11:36:14.0208 3316	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:36:14.0318 3316	wbengine - ok
11:36:14.0418 3316	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:36:14.0468 3316	WbioSrvc - ok
11:36:14.0518 3316	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:36:14.0548 3316	wcncsvc - ok
11:36:14.0558 3316	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:36:14.0578 3316	WcsPlugInService - ok
11:36:14.0598 3316	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:36:14.0608 3316	Wd - ok
11:36:14.0638 3316	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:36:14.0648 3316	Wdf01000 - ok
11:36:14.0658 3316	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:36:14.0738 3316	WdiServiceHost - ok
11:36:14.0738 3316	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:36:14.0758 3316	WdiSystemHost - ok
11:36:14.0808 3316	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:36:14.0888 3316	WebClient - ok
11:36:14.0918 3316	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:36:14.0978 3316	Wecsvc - ok
11:36:14.0998 3316	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:36:15.0028 3316	wercplsupport - ok
11:36:15.0038 3316	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:36:15.0108 3316	WerSvc - ok
11:36:15.0138 3316	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:36:15.0168 3316	WfpLwf - ok
11:36:15.0178 3316	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:36:15.0188 3316	WIMMount - ok
11:36:15.0198 3316	WinDefend - ok
11:36:15.0208 3316	WinHttpAutoProxySvc - ok
11:36:15.0238 3316	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:36:15.0258 3316	Winmgmt - ok
11:36:15.0398 3316	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:36:15.0488 3316	WinRM - ok
11:36:15.0638 3316	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:36:15.0688 3316	WinUsb - ok
11:36:15.0778 3316	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:36:15.0848 3316	Wlansvc - ok
11:36:16.0088 3316	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:36:16.0128 3316	wlidsvc - ok
11:36:16.0198 3316	WmBEnum         (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys
11:36:16.0218 3316	WmBEnum - ok
11:36:16.0278 3316	WmFilter        (6f6f2b263002b243d3501c7e6c8fc11d) C:\Windows\system32\drivers\WmFilter.sys
11:36:16.0298 3316	WmFilter - ok
11:36:16.0338 3316	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:36:16.0378 3316	WmiAcpi - ok
11:36:16.0438 3316	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:36:16.0498 3316	wmiApSrv - ok
11:36:16.0538 3316	WMPNetworkSvc - ok
11:36:16.0558 3316	WmVirHid        (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys
11:36:16.0578 3316	WmVirHid - ok
11:36:16.0598 3316	WmXlCore        (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys
11:36:16.0598 3316	WmXlCore - ok
11:36:16.0608 3316	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:36:16.0638 3316	WPCSvc - ok
11:36:16.0678 3316	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:36:16.0688 3316	WPDBusEnum - ok
11:36:16.0708 3316	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:36:16.0768 3316	ws2ifsl - ok
11:36:16.0788 3316	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
11:36:16.0838 3316	wscsvc - ok
11:36:16.0838 3316	WSearch - ok
11:36:16.0988 3316	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:36:17.0078 3316	wuauserv - ok
11:36:17.0198 3316	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:36:17.0268 3316	WudfPf - ok
11:36:17.0298 3316	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:36:17.0358 3316	WUDFRd - ok
11:36:17.0408 3316	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:36:17.0458 3316	wudfsvc - ok
11:36:17.0478 3316	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:36:17.0498 3316	WwanSvc - ok
11:36:17.0518 3316	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:36:17.0798 3316	\Device\Harddisk0\DR0 - ok
11:36:17.0798 3316	Boot (0x1200)   (266e80329216931ae654d59a85b1913b) \Device\Harddisk0\DR0\Partition0
11:36:17.0808 3316	\Device\Harddisk0\DR0\Partition0 - ok
11:36:17.0808 3316	============================================================
11:36:17.0808 3316	Scan finished
11:36:17.0808 3316	============================================================
11:36:17.0828 1260	Detected object count: 2
11:36:17.0828 1260	Actual detected object count: 2
11:36:34.0568 1260	CPUCooLServer ( UnsignedFile.Multi.Generic ) - skipped by user
11:36:34.0568 1260	CPUCooLServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
11:36:34.0568 1260	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:36:34.0568 1260	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 21.05.2012, 11:22   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi - Standard

ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Alt 21.05.2012, 14:37   #13
Graf Fitsch
 
ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi - Standard

ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi



Es folgt das combofix-Log
Habe leider vergessen, den Defender zu deaktivieren sehe ich grade, ich hoffe es passt trotzdem?

Code:
ATTFilter
ComboFix 12-05-20.10 - Graf Fitsch 21.05.2012  15:20:21.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8190.6714 [GMT 2:00]
ausgeführt von:: c:\users\Graf Fitsch\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\SysWow64\Config.cfg
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\system32
c:\windows\SysWow64\system32\3DAudio.ax
c:\windows\SysWow64\system32\avrt.dll
c:\windows\SysWow64\system32\cis-2.4.dll
c:\windows\SysWow64\system32\issacapi_bs-2.3.dll
c:\windows\SysWow64\system32\issacapi_pe-2.3.dll
c:\windows\SysWow64\system32\issacapi_se-2.3.dll
c:\windows\SysWow64\system32\MACXMLProto.dll
c:\windows\SysWow64\system32\MaDRM.dll
c:\windows\SysWow64\system32\MaJGUILib.dll
c:\windows\SysWow64\system32\MAMACExtract.dll
c:\windows\SysWow64\system32\MASetupCleaner.exe
c:\windows\SysWow64\system32\MaXMLProto.dll
c:\windows\SysWow64\system32\mfplat.dll
c:\windows\SysWow64\system32\MK_Lyric.dll
c:\windows\SysWow64\system32\MSCLib.dll
c:\windows\SysWow64\system32\MSFLib.dll
c:\windows\SysWow64\system32\MSLUR71.dll
c:\windows\SysWow64\system32\msvcp60.dll
c:\windows\SysWow64\system32\MTTELECHIP.dll
c:\windows\SysWow64\system32\MTXSYNCICON.dll
c:\windows\SysWow64\system32\muzaf1.dll
c:\windows\SysWow64\system32\muzapp.dll
c:\windows\SysWow64\system32\muzapp.exe
c:\windows\SysWow64\system32\muzdecode.ax
c:\windows\SysWow64\system32\muzeffect.ax
c:\windows\SysWow64\system32\muzmp4sp.ax
c:\windows\SysWow64\system32\muzmpgsp.ax
c:\windows\SysWow64\system32\muzoggsp.ax
c:\windows\SysWow64\system32\muzwmts.dll
c:\windows\SysWow64\system32\psapi.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-21 bis 2012-05-21  ))))))))))))))))))))))))))))))
.
.
2012-05-21 09:33 . 2012-05-21 09:33	--------	d-----w-	c:\program files (x86)\AMD AVT
2012-05-21 09:09 . 2012-05-21 09:09	--------	d-----w-	C:\_OTL
2012-05-20 23:13 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{BA209638-998D-46C4-8C6D-13B99A08CE8F}\mpengine.dll
2012-05-20 10:22 . 2012-05-20 10:22	--------	d-----w-	c:\program files (x86)\ESET
2012-05-13 21:17 . 2012-05-21 13:15	--------	d-----w-	c:\program files (x86)\MSI Afterburner
2012-05-12 23:05 . 2012-03-31 06:05	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-12 23:05 . 2012-03-31 03:10	3146240	----a-w-	c:\windows\system32\win32k.sys
2012-05-12 23:05 . 2012-03-31 04:39	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 23:05 . 2012-03-31 04:39	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 23:05 . 2012-03-03 06:35	1544704	----a-w-	c:\windows\system32\DWrite.dll
2012-05-12 23:05 . 2012-03-03 05:31	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-05-12 23:05 . 2012-03-17 07:58	75120	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-12 23:05 . 2012-03-30 11:35	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-12 23:03 . 2012-03-31 05:42	1732096	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 23:03 . 2012-03-31 05:40	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 23:03 . 2012-03-31 05:40	1367552	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 23:03 . 2012-03-31 05:40	1393664	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 23:03 . 2012-03-31 04:29	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 17:53 . 2012-05-12 17:53	--------	d-----w-	c:\programdata\ATI
2012-05-12 17:53 . 2012-05-12 17:53	--------	d-----w-	c:\program files (x86)\AMD APP
2012-05-12 17:02 . 2012-05-12 17:02	--------	d-----w-	c:\users\Graf Fitsch\AppData\Local\Risen2
2012-05-12 16:53 . 2012-05-12 16:53	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-05-03 17:09 . 2012-05-03 17:09	--------	d-----w-	c:\users\Graf Fitsch\AppData\Roaming\Malwarebytes
2012-05-03 17:09 . 2012-05-03 17:09	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-03 17:09 . 2012-05-03 17:09	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-03 17:09 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-03 07:00 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-05-03 07:00 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2012-05-03 07:00 . 2012-03-01 05:37	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-05-03 07:00 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-05-03 07:00 . 2012-03-01 06:38	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-05-03 07:00 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2012-05-03 07:00 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-05-02 16:26 . 2012-05-02 16:26	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-05-02 16:26 . 2012-05-02 16:26	157352	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-02 16:26 . 2012-05-02 16:26	129976	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-29 16:09 . 2012-04-29 16:09	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-04-29 16:09 . 2012-04-29 16:09	476960	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-04-29 16:09 . 2012-04-29 16:09	--------	d-----w-	c:\program files (x86)\Java
2012-04-24 13:46 . 2012-04-24 13:46	--------	d-----w-	c:\users\Graf Fitsch\AppData\Local\Logitech
2012-04-22 20:33 . 2012-04-22 20:36	--------	d-----w-	c:\program files (x86)\Common Files\3DO Shared
2012-04-22 20:33 . 2012-04-22 20:33	--------	d-----w-	c:\program files (x86)\3DO
2012-04-22 16:14 . 2012-04-22 16:14	--------	d-----w-	c:\program files (x86)\PiranhaBytes
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 18:41 . 2011-11-16 07:06	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 18:41 . 2011-11-16 07:06	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-05 20:03 . 2012-04-02 07:14	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 20:03 . 2011-09-30 12:06	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 20:03 . 2012-04-17 08:03	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-29 16:09 . 2010-04-28 09:05	472864	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-04-06 05:22 . 2012-04-06 05:22	11174400	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21	909312	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2011-10-26 02:04	1067520	----a-w-	c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16	503808	----a-w-	c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16	236544	----a-w-	c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2012-04-06 02:13	6800896	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10	26181632	----a-w-	c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-11-30 16:20	64000	----a-w-	c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2011-10-26 01:46	7479296	----a-w-	c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50	19753984	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35	1120768	----a-w-	c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34	1831424	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34	4731904	----a-w-	c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34	6203392	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29	16090624	----a-w-	c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25	13764096	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23	7431680	----a-w-	c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22	4795904	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11	514560	----a-w-	c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2011-12-06 02:12	360448	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11	17408	----a-w-	c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10	343040	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-10-26 01:21	54784	----a-w-	c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2012-04-06 01:09	41984	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09	44544	----a-w-	c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09	32256	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34	74752	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34	64512	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33	16457216	----a-w-	c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32	13007872	----a-w-	c:\windows\SysWow64\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32	54784	----a-w-	c:\windows\system32\OpenCL.dll
2012-04-05 20:32 . 2012-04-05 20:32	50176	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-03-09 12:07 . 2012-03-09 12:07	29184	----a-w-	c:\windows\system32\kdbsdk64.dll
2012-03-09 12:06 . 2012-03-09 12:06	24576	----a-w-	c:\windows\SysWow64\kdbsdk32.dll
2012-02-23 12:32 . 2012-02-23 12:32	95760	----a-w-	c:\windows\system32\drivers\AtihdW76.sys
2012-02-23 08:18 . 2009-11-03 22:35	279656	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CrossRiderPlugin"="c:\program files (x86)\CrossriderWebApps\Crossrider.exe" [2011-05-15 478720]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-11-30 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
3;2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 cpuz130;cpuz130;c:\users\GRAFFI~1\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-09-06 20552]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 136176]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2009-11-04 30528]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976]
R3 PDNMp50;PDNMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNMp50.sys [x]
R3 PDNSp50;PDNSp50 NDIS Protocol Driver;c:\windows\system32\drivers\PDNSp50.sys [x]
R3 PDNSp50a64;PDNSp50a64 NDIS Protocol Driver;c:\windows\system32\Drivers\PDNSp50a64.sys [x]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-09-06 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - RTCore64
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 20:03]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 19:28]
.
2012-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-18 19:28]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:50	22408	----a-w-	c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-20 6963744]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-20 1833504]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Download aller Links mit IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download mit IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Free YouTube Download - c:\users\Graf Fitsch\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Graf Fitsch\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
TCP: Interfaces\{CDBF1E65-C14E-44DA-A08E-7A717711ECBA}: NameServer = 62.109.123.7 213.191.92.86
FF - ProfilePath - c:\users\Graf Fitsch\AppData\Roaming\Mozilla\Firefox\Profiles\7ibj1u0y.default\
FF - prefs.js: browser.startup.homepage - hxxp://forum.stuttgarter-nachrichten.de/forum/viewforum.php?f=4
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Final Fantasy VII - c:\program files (x86)\Square Soft
AddRemove-FINAL FANTASY VIII - c:\program files (x86)\Eidos Interactive\Square Soft
AddRemove-G2MDK - e:\programme\JoWooD\Gothic II\g2mdk-uninst.exe
AddRemove-GIIa Sythera (Demo) - e:\programme\Jowood\Gothic II\Sythera.mod-uninst.exe
AddRemove-GOTHIC2 - ADDON_RETURNING - e:\programme\Jowood\Gothic II\ADDON_RETURNING-uninst.exe
AddRemove-Heroes of Might and Magic IV - c:\windows\IsUn0407.exe
AddRemove-Sarkeras - Artefakt der Ahnen - e:\programme\JoWooD\Gothic II\Sarkeras-uninst.exe
AddRemove-Sythera Performance Patch - e:\programme\JoWooD\Gothic II\SytheraPerfPatch-uninst.exe
AddRemove-Tomb Raider III - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1061521033-2538895874-2535044014-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{85D28A93-D69F-3FBD-40FD-CB50BC5DD349}*]
@Allowed: (Read) (RestrictedCode)
"gabnlokaijjgjc"=hex:61,63,6c,63,70,63,65,6d,6b,62,6e,6d,63,67,6c,69,61,68,67,
   6b,62,68,65,64,70,6a,66,61,63,6b,6e,69,6a,6a,6e,66,6f,65,67,64,6e,66,69,6d,\
.
[HKEY_USERS\S-1-5-21-1061521033-2538895874-2535044014-1001_Classes\Wow6432Node\CLSID\{527800ac-a78c-42ab-ad20-c68b9ae5072a}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000031
"Therad"=dword:0000002a
.
[HKEY_USERS\S-1-5-21-1061521033-2538895874-2535044014-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):63,78,c3,45,3c,f3,24,71,a5,76,3b,c0,97,17,01,d1,1b,65,2a,a2,00,
   b5,7b,eb,23,44,ae,7f,85,ab,e8,c5,e3,3a,da,66,c9,84,45,4b,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-21  15:31:04
ComboFix-quarantined-files.txt  2012-05-21 13:31
.
Vor Suchlauf: 22 Verzeichnis(se), 117.298.827.264 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 117.331.451.904 Bytes frei
.
- - End Of File - - 6FA79758D986D18B9067DA855AA1E414
         

Alt 21.05.2012, 14:46   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi - Standard

ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr", dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Alt 21.05.2012, 17:00   #15
Graf Fitsch
 
ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi - Standard

ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi



Das aswmbr-Log:

Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-05-21 17:44:31
-----------------------------
17:44:31.546    OS Version: Windows x64 6.1.7601 Service Pack 1
17:44:31.546    Number of processors: 4 586 0x402
17:44:31.546    ComputerName: MACHINE  UserName: 
17:44:32.626    Initialize success
17:45:32.433    AVAST engine defs: 12052100
17:45:44.883    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:45:44.883    Disk 0 Vendor: WDC_WD6400AAKS-00A7B2 01.03B01 Size: 610479MB BusType: 3
17:45:44.913    Disk 0 MBR read successfully
17:45:44.913    Disk 0 MBR scan
17:45:44.923    Disk 0 Windows 7 default MBR code
17:45:44.943    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       610378 MB offset 206848
17:45:44.953    Disk 0 scanning C:\Windows\system32\drivers
17:45:56.433    Service scanning
17:46:17.033    Modules scanning
17:46:17.043    Disk 0 trace - called modules:
17:46:17.063    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
17:46:17.073    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007aab060]
17:46:17.083    3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8006af29b0]
17:46:17.103    5 ACPI.sys[fffff88000e297a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006b0d060]
17:46:18.833    AVAST engine scan C:\Windows
17:46:22.443    AVAST engine scan C:\Windows\system32
17:48:50.804    AVAST engine scan C:\Windows\system32\drivers
17:49:03.264    AVAST engine scan C:\Users\Graf Fitsch
17:57:05.334    AVAST engine scan C:\ProgramData
17:58:49.676    Scan finished successfully
17:59:30.976    Disk 0 MBR has been saved successfully to "C:\Users\Graf Fitsch\Desktop\MBR.dat"
17:59:30.976    The log file has been saved successfully to "C:\Users\Graf Fitsch\Desktop\aswMBR.txt"
         

Antwort

Themen zu ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi
.dll, appdata, avg, avira antivir, code, desktop, folge, free, fund, hotkey, log, malwarebytes, mas, modul, namen, nt.dll, programm, prozesse, quarantäne, registry, required, software, spyware, temp, versteckte, verweise, warnung, windows



Ähnliche Themen: ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi


  1. TR/Agent.7375 in C:\Users\HerrTest\AppData\Local\Temp\nscA085.tmp\temp\5FT.zip
    Log-Analyse und Auswertung - 18.10.2015 (13)
  2. C:\Users\Be\AppData\Local\Temp\OCS Virus gefunden?
    Plagegeister aller Art und deren Bekämpfung - 05.07.2014 (14)
  3. Fehlermeldung: RunDLL - Problem beim Starten von C:\Users\a.....\AppData\Local\Temp\ch810.exe Das angegebene Modul wurde nicht gefunden.
    Log-Analyse und Auswertung - 05.10.2013 (10)
  4. C:\Users\*****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 23.02.2013 (3)
  5. RunDLL: Problem beim Starten von C\Users\user\AppData\Local\Temp\wgsdgsdgdsgsd.exe - das angegebenen Modul wurde nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (1)
  6. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden
    Log-Analyse und Auswertung - 19.12.2012 (2)
  7. RunDLL: Problem beim Starten von C\Users\user\AppData\Local\Temp\wgsdgsdgdsgsd.exe - das angegebenen Modul wurde nicht gefunden
    Log-Analyse und Auswertung - 17.12.2012 (9)
  8. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (11)
  9. C:\Users\***\AppData\Local\Temp\wgsdgsdgdsgsd.exe - Das Modul kann nicht gefunden werden.
    Plagegeister aller Art und deren Bekämpfung - 05.11.2012 (13)
  10. C:\Users\User\AppData\Local\Temp\wgsdgsdgdsgsd.exe wurde nicht Gefunden - GVU Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (16)
  11. TR/Crypt.XPACK.Gen8 in C:\Users\Sarina Pancaro\AppData\Local\Temp\wpbt0.dll gefunden
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (24)
  12. C:\Users\Name\AppData\Local\Temp\g7i0ol_kaz.exe, was ist das??
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (15)
  13. C:/users/anwender/AppData/Local/Temp/0.9455801217990903.exe modul konnte nicht gefunden werden.
    Plagegeister aller Art und deren Bekämpfung - 08.04.2012 (1)
  14. Exploit:Java/Blacole.ET in C\Users\***\AppData\Local\Temp\jar_cache... gefunden
    Log-Analyse und Auswertung - 06.04.2012 (8)
  15. C:\Users\***\AppData\Local\Temp!
    Plagegeister aller Art und deren Bekämpfung - 26.03.2012 (1)
  16. C:/Users/Appdata/Local/Temp/WAB.log
    Log-Analyse und Auswertung - 21.04.2011 (3)
  17. Java-Exploit (CVE-2010-0840.AA) beim Surfen gefunden (C:\Users\Leomuck\AppData\Local\Temp\)
    Plagegeister aller Art und deren Bekämpfung - 24.02.2011 (5)

Zum Thema ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi - Hallo! Wie im Titel beschrieben hatte ich folgenden Fund bei Avira. Habe ihn in Quarantäne verschoben. Danach habe ich noch Malwarebytes laufen lassen. Im Nahang ist das Log davon sowie - ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi...
Archiv
Du betrachtest: ADSPY/Bho.GamePla.F gefunden in C:\Users\Graf Fitsch\AppData\Local\Temp\tmp-f9h.xpi auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.