Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: funmoods-Startseite bei Mozilla Firefox

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 28.05.2012, 20:39   #1
schnief
 
funmoods-Startseite bei Mozilla Firefox - Unglücklich

funmoods-Startseite bei Mozilla Firefox



Hallo und guten Abend.

Seit vergangener Woche habe ich eine seltsame funmoods-Startseite bei Mozilla Firefox. Ich vermute, dass es im Zusammenhang steht mit einem Download eines PDF-Merger-Tools. Nach Recherchen im Internet befürchte ich stark, mir einen Virus eingefangen zu haben und baue auf Eure Hilfe.

Folgende Scans habe ich bereits durchgeführt:
1. Malwarebytes Anti-Malware : Dabei habe ich allerdings die in Quarantäne befindlichen Objekte gelöscht, da ich es erst falsch verstanden habe.
2. nochmal Malwarebytes Anti-Malware
3. defogger: Es gab KEINE Fehlermeldung
4. OTL

Ich hoffe, dass ich kein Tool vergessen habe und dass Ihr mir helfen könnt.
Vielen Dank und einen schönen Abend

schnief

1. log Malwarebytes Anti-Malware
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.27.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
**** :: ****-HP [Administrator]

Schutz: Aktiviert

27.05.2012 22:22:14
mbam-log-2012-05-27 (22-22-14).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 372857
Laufzeit: 52 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 19
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\f (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: Funmoods Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\****\Downloads\SoftonicDownloader_fuer_scribus.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


2. log Malwarebytes Anti-Malware
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.27.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
**** :: ****-HP [Administrator]

Schutz: Aktiviert

27.05.2012 23:24:55
mbam-log-2012-05-27 (23-24-55).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 372655
Laufzeit: 56 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


3. OTL-log
OTL logfile created on: 5/28/2012 8:54:23 PM - Run 1
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\****\unwichtigeOrdner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.75 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 51.38% Memory free
7.49 Gb Paging File | 5.48 Gb Available in Paging File | 73.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 131.75 Gb Total Space | 75.56 Gb Free Space | 57.35% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.64% Space Free | Partition Type: FAT32

Computer Name: ****-HP | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/05/28 20:52:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\****\unwichtigeOrdner\Desktop\OTL.exe
PRC - [2012/05/28 20:48:22 | 000,050,477 | ---- | M] () -- C:\Users\****\unwichtigeOrdner\Desktop\Defogger.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/31 15:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2010/09/02 22:18:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe
PRC - [2010/07/30 05:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/07/13 00:47:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/03/01 19:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2010/02/17 22:07:38 | 000,476,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
PRC - [2010/02/17 22:05:08 | 000,282,824 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
PRC - [2009/08/07 18:54:56 | 000,222,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2009/05/09 00:26:32 | 000,893,112 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/28 20:48:22 | 000,050,477 | ---- | M] () -- C:\Users\****\unwichtigeOrdner\Desktop\Defogger.exe
MOD - [2012/05/13 10:49:35 | 013,197,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll
MOD - [2012/05/13 10:49:22 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012/05/13 10:48:41 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/13 10:48:17 | 001,665,536 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll
MOD - [2012/05/13 10:48:06 | 009,091,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/13 10:47:59 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2010/02/22 20:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/02/22 20:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/02/22 20:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/05 01:22:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/07/30 05:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/04/05 20:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/02/08 20:07:16 | 000,149,032 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/02/04 20:48:28 | 000,199,032 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/05/06 14:10:29 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/02 22:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/07/13 00:47:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/01 19:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2010/02/17 22:05:08 | 000,282,824 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)
SRV - [2009/08/07 18:54:56 | 000,222,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/09 00:26:32 | 000,893,112 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/18 10:48:22 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/08/11 18:43:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/08/05 01:52:36 | 006,859,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/08/05 00:47:20 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/20 23:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 23:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 23:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 16:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/05/04 00:44:02 | 000,331,880 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/27 20:25:14 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2010/03/09 19:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/03/03 00:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/02/26 20:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/16 21:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/02/08 20:07:16 | 000,527,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/02/08 20:07:16 | 000,280,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/02/08 20:07:16 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/02/08 20:07:16 | 000,121,760 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/02/08 20:07:16 | 000,094,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/09 23:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE:64bit: - HKLM\..\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE - HKLM\..\SearchScopes,DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE - HKLM\..\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475
IE - HKLM\..\SearchScopes\{573B8760-5A07-FAE5-A744-52A46956D485}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://search.babylon.com/?affID=110819&tt=100512_1_&babsrc=HP_ss&mntrId=a8baa772000000000000e02a823bea36
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE - HKCU\..\SearchScopes,DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=100512_1_&babsrc=SP_ss&mntrId=a8baa772000000000000e02a823bea36
IE - HKCU\..\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475
IE - HKCU\..\SearchScopes\{573B8760-5A07-FAE5-A744-52A46956D485}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{83F1F119-37A3-4623-B816-A3EB3B27613D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..backup.old.browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..backup.old.browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=110819&tt=100512_1_&babsrc=HP_ss&mntrId=a8baa772000000000000e02a823bea36"
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q="
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0.0.479
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.netassistant.keyword.url: "hxxp://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={998B820D-28B8-4BC9-B969-3DCAEFEFC573}&Version=3.6.5&Vintage=20111249&Defaultbrowserid=24&Productid=2326&Vendorid=5750&Offerid=16983&searchterm="
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110819&tt=100512_1_&babsrc=KW_ss&mntrId=a8baa772000000000000e02a823bea36&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\ [2011/08/10 20:47:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/13 14:45:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/12 20:10:39 | 000,000,000 | ---D | M]

[2011/02/21 20:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2012/05/27 21:36:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\1c3dr9as.default\extensions
[2011/02/21 20:25:55 | 000,001,834 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\1c3dr9as.default\searchplugins\bing.xml
[2012/05/24 20:47:07 | 000,002,299 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\1c3dr9as.default\searchplugins\Search.xml
[2012/05/13 14:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/05/13 14:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012/05/13 14:45:44 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net
[2012/05/05 00:06:48 | 000,570,013 | ---- | M] () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1C3DR9AS.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012/04/21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/14 22:37:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/05/15 21:37:42 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/04/21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/04/21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/04/21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/04/21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100908045406.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100908045406.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.Exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKLM\..Trusted Domains: siteadvisor.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: siteadvisor.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E00C872-5886-46BE-81DB-FEDECAADDD36}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B20EDAB1-112B-43CE-81C0-CEC8C015A170}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\myrm - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myRmProt5.1.0.325.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d9a6727b-ad83-11e0-9889-e02a8206ba27}\Shell - "" = AutoRun
O33 - MountPoints2\{d9a6727b-ad83-11e0-9889-e02a8206ba27}\Shell\AutoRun\command - "" = D:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/28 20:53:54 | 000,000,000 | ---D | C] -- C:\Users\****\unwichtigeOrdner\Desktop\trojanerboard
[2012/05/28 20:51:59 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\****\unwichtigeOrdner\Desktop\OTL.exe
[2012/05/27 22:19:03 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2012/05/27 22:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/27 22:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/27 22:18:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/05/27 22:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/27 22:17:59 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\****\unwichtigeOrdner\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/27 21:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/27 21:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/27 21:52:51 | 003,862,112 | ---- | C] (Piriform Ltd) -- C:\Users\****\unwichtigeOrdner\Desktop\ccsetup319.exe
[2012/05/27 21:42:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/27 21:32:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Roxio Log Files
[2012/05/21 19:06:44 | 014,593,325 | ---- | C] (Andrea Vacondio) -- C:\Users\****\unwichtigeOrdner\Desktop\pdfsam-win-v2_2_1.exe
[2012/05/16 13:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/16 13:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/16 13:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/15 21:41:24 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\CUSTPDF Writer
[2012/05/15 21:39:54 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Google
[2012/05/15 21:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2012/05/15 21:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012/05/15 21:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/05/15 21:37:35 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Babylon
[2012/05/15 21:37:34 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Babylon
[2012/05/15 21:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/05/14 18:36:29 | 000,000,000 | ---D | C] -- C:\windows\SysNative\SPReview
[2012/05/14 18:34:58 | 000,000,000 | ---D | C] -- C:\windows\SysNative\EventProviders
[2012/05/13 14:45:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/13 14:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/03 20:32:03 | 000,000,000 | ---D | C] -- C:\Users\****\Wohnung
[2012/05/03 20:31:16 | 000,000,000 | ---D | C] -- C:\Users\****\BFD
[1 C:\Users\****\*.tmp files -> C:\Users\****\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/28 20:52:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\****\unwichtigeOrdner\Desktop\OTL.exe
[2012/05/28 20:50:53 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable
[2012/05/28 20:48:22 | 000,050,477 | ---- | M] () -- C:\Users\****\unwichtigeOrdner\Desktop\Defogger.exe
[2012/05/28 20:10:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/05/28 20:04:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/27 23:26:47 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/27 23:26:47 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/27 23:23:29 | 001,513,970 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/05/27 23:23:29 | 000,659,690 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/05/27 23:23:29 | 000,620,836 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/05/27 23:23:29 | 000,132,970 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/05/27 23:23:29 | 000,108,760 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/05/27 23:18:35 | 4022,927,360 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/27 23:17:55 | 000,013,605 | ---- | M] () -- C:\windows\SysNative\Config.MPF
[2012/05/27 22:18:56 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/27 22:18:12 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\****\unwichtigeOrdner\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/27 21:53:39 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/27 21:52:52 | 003,862,112 | ---- | M] (Piriform Ltd) -- C:\Users\****\unwichtigeOrdner\Desktop\ccsetup319.exe
[2012/05/23 21:22:20 | 002,788,367 | ---- | M] () -- C:\Users\****\unwichtigeOrdner\Desktop\spielplatz2.JPG
[2012/05/23 21:21:54 | 003,211,103 | ---- | M] () -- C:\Users\****\unwichtigeOrdner\Desktop\spielplatz1.JPG
[2012/05/21 19:07:40 | 014,593,325 | ---- | M] (Andrea Vacondio) -- C:\Users\****\unwichtigeOrdner\Desktop\pdfsam-win-v2_2_1.exe
[2012/05/15 21:37:52 | 000,000,250 | ---- | M] () -- C:\user.js
[2012/05/15 07:43:10 | 000,282,128 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/05/13 14:43:35 | 000,002,675 | ---- | M] () -- C:\Users\Public\Desktop\QuickSteuer Deluxe 2012.lnk
[2012/05/13 12:20:19 | 001,535,962 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[1 C:\Users\****\*.tmp files -> C:\Users\****\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/28 20:50:53 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable
[2012/05/28 20:48:21 | 000,050,477 | ---- | C] () -- C:\Users\****\unwichtigeOrdner\Desktop\Defogger.exe
[2012/05/27 22:18:56 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/27 21:53:39 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/23 21:22:20 | 002,788,367 | ---- | C] () -- C:\Users\****\unwichtigeOrdner\Desktop\spielplatz2.JPG
[2012/05/23 21:21:52 | 003,211,103 | ---- | C] () -- C:\Users\****\unwichtigeOrdner\Desktop\spielplatz1.JPG
[2012/05/15 21:37:51 | 000,000,250 | ---- | C] () -- C:\user.js
[2011/11/14 21:37:59 | 000,006,550 | ---- | C] () -- C:\windows\jautoexp.dat
[2011/03/29 20:43:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/18 21:41:20 | 001,535,962 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/11/18 10:53:50 | 000,255,360 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2uvc.dll
[2010/11/18 10:53:50 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2010/11/18 10:53:49 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/11/18 10:41:57 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/09/08 13:29:46 | 000,000,188 | ---- | C] () -- C:\windows\SysWow64\HPWA.ini
[2010/06/02 14:28:14 | 000,002,189 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

========== LOP Check ==========

[2011/05/09 21:34:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Amazon
[2012/05/15 21:37:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Babylon
[2012/01/19 17:36:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canon
[2011/02/24 23:04:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Lexware
[2012/05/27 21:27:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SoftGrid Client
[2011/05/27 11:20:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Subversion
[2011/02/18 21:42:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TP
[2012/05/21 21:55:36 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

4. OTL-Extras-log
OTL Extras logfile created on: 5/28/2012 8:54:23 PM - Run 1
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\****\unwichtigeOrdner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.75 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 51.38% Memory free
7.49 Gb Paging File | 5.48 Gb Available in Paging File | 73.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 131.75 Gb Total Space | 75.56 Gb Free Space | 57.35% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.64% Space Free | Partition Type: FAT32

Computer Name: ****-HP | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D39F339-8F17-49A1-8D0B-9058B4A808A6}" = rport=138 | protocol=17 | dir=out | app=system |
"{26C35838-44F9-4FCF-91B6-818DB99A7AB2}" = rport=445 | protocol=6 | dir=out | app=system |
"{2D883177-6D29-4E3F-A308-7F599DB6CCE7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{34C7A14A-FFDD-4C03-B794-53122EF5531A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4607A599-E6B7-4DEC-B1FC-DEAB2D016D75}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4903C950-9523-4BBA-A564-FBFD98A941F7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4CB343DE-0B15-4F37-B706-D1C656349EFB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D2C2C95-0DDC-4E9F-8BC6-294FBA45FA3E}" = rport=139 | protocol=6 | dir=out | app=system |
"{5277BD3A-2258-41D0-8589-EAAD7CE9BEDF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5F5C3634-E500-4011-80E9-1EE59DA8DF60}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6EF7479F-374B-4872-877E-0925D09EFB79}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{745669AF-055D-4A96-9CA4-9FB17921CCEF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7E722AFB-463B-4E78-B311-228F1E06684F}" = rport=137 | protocol=17 | dir=out | app=system |
"{859A2588-2D64-4370-8B76-7B5C0972B446}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{921E54E1-FC58-4CA1-912C-C28E28E1D5D8}" = lport=138 | protocol=17 | dir=in | app=system |
"{985310A5-307E-45DE-BE51-45242394B960}" = lport=445 | protocol=6 | dir=in | app=system |
"{B0B31531-3EE9-4112-B787-044DCBC6364D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD3C7E50-8259-4D21-B224-38853690001D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D44EF9A8-D495-4CB9-9B19-53FB9DFDAC82}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EE699008-A863-449D-BE8A-BB6256756C75}" = lport=139 | protocol=6 | dir=in | app=system |
"{F4B579FC-BF60-4E42-9AA7-56D0FA8D5C8C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F69AF8C1-2F38-4DA5-833E-F3AEAB14E3CB}" = lport=137 | protocol=17 | dir=in | app=system |
"{FDF6B15D-1CA9-43CF-88DA-33DA6609D209}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{176D228C-CF1D-437C-9FCF-E06E72D10B6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1881D78A-C1A3-4C01-B4D7-2AD515DA9336}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1FA6A257-4F95-478D-A76F-7AF6643D37F8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28C9D16F-2B3B-4699-B2F8-28A012DCC5F5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3A530E28-806B-428D-946A-036ADA801BC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5589705C-789B-4CE8-87C0-12AF3C09156F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{64F9F546-3D23-4951-BC87-D6865A1954AC}" = protocol=6 | dir=out | app=system |
"{76A022E5-C4DF-4D4E-AB1E-F79CC1C1871E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8254F2BE-A95E-4F77-AF10-6C65E94DBEA6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{96CF263D-A1D5-445B-9D3D-6372B927D251}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe |
"{9F397CD2-1AA1-4CBA-BA3E-B4A819B7EB3D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A37269AF-66CF-469C-B026-E1318C3ED890}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe |
"{A7D8D0C2-2B41-4B78-8132-7122F3DF8837}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{ACB7EDB2-9445-42E9-9AB0-D5BB740293AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AF8BA974-C0A1-46D0-908B-C509FEF3E1C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B77A6FD0-5565-453B-AD4B-303D9E7185CC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B8816531-E3B5-4DE0-BBC0-465DA63DEDE0}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe |
"{C5408337-7CE9-49F0-BED8-0F1BDDA716CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CBF530D2-B957-4709-8F12-50C057B818C9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D90A2B3B-88AA-4006-9A17-E8AC0C6AB4B8}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\managed virusscan\agent\myagtsvc.exe |
"{D9562E97-BF8C-42C6-9EFE-179DBF18E2A7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E33EBB17-7E59-4146-8549-E40B37DC81A8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E6BC333B-7A0B-4F60-B0EF-510593CF81D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEFFA0D7-E03A-4EFB-B866-BDDE0DD2FB0F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{2C69D297-A524-1FB1-5C00-1C52363E044F}" = ccc-utility64
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BBA5224-C5B1-4B8C-AAA4-68DA6654B9C1}" = HP HotKey Support
"{560932B5-8702-7FB8-01AE-265EA44FAEEB}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0150220}" = J2SE Development Kit 5.0 Update 22
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{EC720706-3F19-4B7F-BDDD-E31D9B3921D2}" = HP Wireless Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04801E42-B1A6-4C52-9F3D-CADB5A050433}" = HP Software Setup
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0C7A1F10-3965-190D-3409-B0DD7C45C0EE}" = CCC Help Italian
"{14B61ABC-D4A7-BCF5-92BE-95CEB8DF4374}" = CCC Help Czech
"{16CA9DAC-6A40-4204-A826-33C4D52A266C}" = Catalyst Control Center - Branding
"{1C598CE5-344B-997B-FF33-2976D689C0AC}" = CCC Help Greek
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2DA697D7-FED3-4DE2-A174-92A2A12F9688}" = HP SoftPaq Download Manager
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{39C5A498-FA1A-2473-34D1-6755E5A1BC99}" = CCC Help German
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4911AA-98AA-F2E0-1BF4-2E2737D1C95C}" = Catalyst Control Center InstallProxy
"{5478075D-1797-1C4C-B3F0-DC8ECCA7D5C3}" = Catalyst Control Center Localization All
"{558ED580-6168-AF04-C71F-E63B0E149E21}" = CCC Help Korean
"{5BF8E079-D6E2-4323-B794-75152371122A}" = Windows 7 Default Setting
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6AFDE3BE-BC01-45A4-9D06-BBF5AD207313}" = LightScribe System Software
"{6BCC7669-A863-4C24-804B-9C811C102F71}" = QuickSteuer Deluxe 2011
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79CF6EF9-8C9A-F284-5042-B5B54645B5F8}" = CCC Help Norwegian
"{7F30B436-1196-1401-9A4F-CFF6C10D6EBA}" = CCC Help Polish
"{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package
"{84EC6CDF-E378-0EBA-E4C2-BBD5489CD4EF}" = CCC Help Japanese
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{919D10CE-CADB-8D08-3429-7FB1DFA3B043}" = CCC Help Spanish
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96963F83-7F17-4941-B16C-1E790455E93A}" = McAfee SiteAdvisor Enterprise Plus
"{96AC1B0B-02D1-4FAA-9C1E-C92ECA74921A}" = HP Setup
"{9978D298-9AA1-99EE-9975-18AAEF34DE0C}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CD3BB19-993E-469D-9E1F-B57A175C1411}" = HP Software Framework
"{9D4D0B44-0A55-1905-5CF4-8A6EC311673F}" = CCC Help Russian
"{A005479C-7D10-A4CB-0BAD-5D8765E141C6}" = CCC Help Turkish
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C1DE827D-8A61-4A77-9CCF-31AD84CC1FB6}" = HP Documentation
"{C2036B7D-C21E-38E9-FB0B-3746E82B898B}" = CCC Help Hungarian
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{D10B94E4-8545-CA0F-EDE9-41F62272A0DE}" = CCC Help Portuguese
"{D35A9E39-05F9-0D80-C41C-71B2FDCBE5E9}" = CCC Help Chinese Standard
"{D5C1E5E2-11A5-4905-ACC6-6DDD5E3B7705}" = Visual C++ 8.0 x64 Runtime Setup Package
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D9989A13-B173-4048-B8A5-93C204DCB1B3}" = HP ESU for Microsoft Windows 7
"{DB393B0B-4A5D-7B50-AD80-3772372C4243}" = CCC Help Thai
"{E4756B93-69FF-D723-D7F8-97FFE73A0D2C}" = CCC Help French
"{E4B7F2AF-AEDA-4DE8-8014-9ADAFF7B4164}" = QuickSteuer Deluxe 2012
"{E4C82543-E98E-E66D-84A7-9C9235ADF9CE}" = CCC Help English
"{E8CA17C0-5A35-3CF1-C50F-1E9783FFB08B}" = CCC Help Swedish
"{F0261797-E2ED-8BEC-7B6F-A7C0A0E478FF}" = ccc-core-static
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F6CEF69E-35EA-6086-6D7D-21E89FD70B16}" = CCC Help Finnish
"{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}" = Realtek Ethernet Controller All-In-One Windows Driver
"{F8801800-9E88-3AB1-21DA-E50EFA0F771E}" = CCC Help Danish
"{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}" = HP Support Assistant
"{FC6256BB-BDD4-AB91-451B-86896F236769}" = CCC Help Chinese Traditional
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Canon MP240 series Benutzerregistrierung" = Canon MP240 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"McAfee Managed Firewall" = McAfee Firewall Protection Service
"McAfee Security Scan" = McAfee Security Scan Plus
"McAfeeBrowserProtection" = McAfee Browser Protection Service
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MVS" = McAfee Virus and Spyware Protection Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Scribus 1.3.3.14" = Scribus 1.3.3.14

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/12/2012 10:46:35 AM | Computer Name = ****-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 4/13/2012 11:01:31 AM | Computer Name = ****-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 4/15/2012 12:09:49 PM | Computer Name = ****-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 4/17/2012 8:24:19 AM | Computer Name = ****-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: java.exe, Version: 6.0.290.11, Zeitstempel:
0x4e897c9a Name des fehlerhaften Moduls: jaudioMp3Win.tar, Version: 0.0.0.0, Zeitstempel:
0x45dd99d9 Ausnahmecode: 0xc0000094 Fehleroffset: 0x00004be0 ID des fehlerhaften Prozesses:
0xdb4 Startzeit der fehlerhaften Anwendung: 0x01cd1c8f86a1a728 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Java\jre6\bin\java.exe Pfad des fehlerhaften Moduls:
C:\Users\****\jaudioMp3Win.tar Berichtskennung: 4110738a-8888-11e1-98d8-e02a8206ba27

Error - 4/20/2012 11:01:23 AM | Computer Name = ****-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 4/23/2012 8:55:30 AM | Computer Name = ****-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: java.exe, Version: 6.0.290.11, Zeitstempel:
0x4e897c9a Name des fehlerhaften Moduls: jaudioMp3Win.tar, Version: 0.0.0.0, Zeitstempel:
0x45dd99d9 Ausnahmecode: 0xc0000094 Fehleroffset: 0x00004be0 ID des fehlerhaften Prozesses:
0x15d0 Startzeit der fehlerhaften Anwendung: 0x01cd214a6b254b09 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Java\jre6\bin\java.exe Pfad des fehlerhaften Moduls:
C:\Users\****\jaudioMp3Win.tar Berichtskennung: 9aba35cb-8d43-11e1-89b1-e02a8206ba27

Error - 4/25/2012 8:58:58 AM | Computer Name = ****-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 4/27/2012 9:06:47 AM | Computer Name = ****-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 5/1/2012 2:20:56 PM | Computer Name = ****-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 5/4/2012 9:58:14 AM | Computer Name = ****-HP | Source = CVHSVC | ID = 100
Description = Nur zur Information. (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
DownloadLatest Failed:

[ Hewlett-Packard Events ]
Error - 4/10/2012 2:58:09 PM | Computer Name = ****-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
Framework\Logs\Temp\HPSA\HPSASession_201204102058.xml" konnte nicht gefunden werden.
mscorlib

bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents,
Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()


Error - 4/16/2012 2:25:48 PM | Computer Name = ****-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
Framework\Logs\Temp\HPSA\HPSASession_201204162025.xml" konnte nicht gefunden werden.
mscorlib

bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents,
Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()


Error - 4/24/2012 8:35:43 AM | Computer Name = ****-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
Framework\Logs\Temp\HPSA\HPSASession_201204241435.xml" konnte nicht gefunden werden.
mscorlib

bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents,
Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()


Error - 4/24/2012 8:43:47 AM | Computer Name = ****-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
Framework\Logs\Temp\HPSA\HPSASession_201204241443.xml" konnte nicht gefunden werden.
mscorlib

bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents,
Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()


Error - 5/1/2012 2:22:59 PM | Computer Name = ****-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051201082253.xml
File not created by asset agent

Error - 5/1/2012 2:23:49 PM | Computer Name = ****-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
Framework\Logs\Temp\HPSA\HPSASession_201205012023.xml" konnte nicht gefunden werden.
mscorlib

bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents,
Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()


Error - 5/8/2012 2:27:45 PM | Computer Name = ****-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
Framework\Logs\Temp\HPSA\HPSASession_201205082027.xml" konnte nicht gefunden werden.
mscorlib

bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents,
Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()


Error - 5/14/2012 2:36:47 PM | Computer Name = ****-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
Framework\Logs\Temp\HPSA\HPSASession_201205142036.xml" konnte nicht gefunden werden.
mscorlib

bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents,
Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()


Error - 5/21/2012 4:06:49 PM | Computer Name = ****-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\051221100646.xml
File not created by asset agent

Error - 5/21/2012 4:07:32 PM | Computer Name = ****-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
Framework\Logs\Temp\HPSA\HPSASession_201205212207.xml" konnte nicht gefunden werden.
mscorlib

bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) bei
System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) bei System.IO.FileStream..ctor(String
path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
options) bei System.IO.StreamWriter.CreateFile(String path, Boolean append)
bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
Int32 bufferSize) bei System.IO.StreamWriter..ctor(String path, Boolean append,
Encoding encoding) bei System.IO.File.WriteAllText(String path, String contents,
Encoding encoding) bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()


[ HP Wireless Assistant Events ]
Error - 11/18/2010 4:40:10 AM | Computer Name = OI4BJD1CORG4L | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 11/18/2010 4:40:10 AM | Computer Name = OI4BJD1CORG4L | Source = HP WA Service | ID = 0
Description = System.Exception Register() failed : e_GENERAL_EXCEPTION at HP_Common.CaslWrapper.Register(EventArrivedEventHandler
handler) at HPPA_Service.CurrentConfiguration..ctor()

Error - 11/18/2010 4:40:13 AM | Computer Name = OI4BJD1CORG4L | Source = HP WA Service | ID = 0
Description = System.Exception GetPMCCalibrationData() failed : 597 at HP_Common.CaslWrapper.GetPMCCalibrationData(PMCCalibrationData&
calibration) at HPPA_Service.HPPA_Service.ServiceWorkerMethod()

Error - 2/18/2011 3:25:43 PM | Computer Name = ****-HP | Source = HP WA Service | ID = 0
Description = System.Exception GetDeviceInfo() failed : 597 bei HP_Common.CaslWrapper.GetDeviceInfo(List`1&
radioList) bei HPPA_Service.CurrentConfiguration.ReloadRadioList()

Error - 8/5/2011 2:02:55 PM | Computer Name = ****-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException Aufruf wurde durch Messagefilter
abgebrochen. (Ausnahme von HRESULT: 0x80010002 (RPC_E_CALL_CANCELED)) bei System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) bei System.Management.ManagementScope.InitializeGuts(Object
o) bei System.Management.ManagementScope.Initialize() bei System.Management.ManagementObjectSearcher.Initialize()

bei System.Management.ManagementObjectSearcher.Get() bei HPPA_Service.CurrentConfiguration.FindDevice(String
hostPath, String portName) bei HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__9(RadioHardware
radio) bei System.Linq.Enumerable.WhereSelectListIterator`2.MoveNext() bei
System.Linq.Enumerable.WhereSelectEnumerableIterator`2.MoveNext() bei HPPA_Service.CurrentConfiguration.ReloadRadioList()

[ System Events ]
Error - 8/5/2011 5:23:58 AM | Computer Name = ****-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053

Error - 8/5/2011 2:02:49 PM | Computer Name = ****-HP | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.

Error - 8/5/2011 2:03:00 PM | Computer Name = ****-HP | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{4E00C872-5886-46BE-81DB-FEDECAADDD36} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error - 8/12/2011 3:21:07 PM | Computer Name = ****-HP | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error - 8/23/2011 2:36:39 PM | Computer Name = ****-HP | Source = Service Control Manager | ID = 7034
Description = Dienst "HP Software Framework Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.

Error - 9/3/2011 7:17:01 PM | Computer Name = ****-HP | Source = DCOM | ID = 10010
Description =

Error - 9/14/2011 9:00:57 AM | Computer Name = ****-HP | Source = DCOM | ID = 10010
Description =

Error - 9/18/2011 3:54:40 AM | Computer Name = ****-HP | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 9/29/2011 1:43:37 PM | Computer Name = ****-HP | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 9/30/2011 7:48:24 AM | Computer Name = ****-HP | Source = DCOM | ID = 10010
Description =


< End of report >

Alt 30.05.2012, 15:49   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
funmoods-Startseite bei Mozilla Firefox - Standard

funmoods-Startseite bei Mozilla Firefox



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 04.06.2012, 21:31   #3
schnief
 
funmoods-Startseite bei Mozilla Firefox - Standard

funmoods-Startseite bei Mozilla Firefox



Hallo Arne,

ich kann den ESET Scan nicht durchführen.

Zum einen meldet ESET, dass es Microsoft Defender als weitere Antivirus-Software gefunden hat. Dieses Porgramm ist aber nicht aktiviert.

Zum anderen hat er Probleme bei der Initialisierung. Er meldet: "Can not get update. Is proxy configured?"

Kannst du mir dabei weiterhelfen?

Gruß
schnief
__________________

Alt 04.06.2012, 21:39   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
funmoods-Startseite bei Mozilla Firefox - Standard

funmoods-Startseite bei Mozilla Firefox



Probier den Scan mit ESET im abgesicherten Modus mit Netzwerktreibern

Und auch mal das hier beachten


Falsche Proxy Einstellungen entfernen
  • Klicke im Start-Menü unter "Einstellungen" auf "Systemsteuerung" -> "Internetoptionen".
  • Wähle die Karteikarte "Verbindungen->Lan-Einstellungen“ und überprüfe ob bei Proxyserver ein Häkchen steht,
    wenn ja -> Entfernen, dann -> OK (sofern nicht richtige Eintragung)


__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.06.2012, 21:33   #5
schnief
 
funmoods-Startseite bei Mozilla Firefox - Standard

funmoods-Startseite bei Mozilla Firefox



Hallo Arne,

der ESET-Scan ging nun doch im normalen Modus. Der Log folgt.
Die Proxy-Einstellungen sind wie in deiner Mitteilung.

Gruß
schnief

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d649358a00d89b4a8c60a7e3cdd0cdae
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-08 01:21:43
# local_time=2012-06-08 03:21:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 254580 90725768 0 0
# compatibility_mode=8192 67108863 100 0 255454 255454 0 0
# scanned=270179
# found=5
# cleaned=0
# scan_time=22585
C:\Program Files (x86)\PDFCreator\message.exe a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\****\FinalMediaPlayer2011Setup.exe a variant of Win32/InstallIQ application (unable to clean) 00000000000000000000000000000000 I
C:\Users\****\YouTubeDownloaderSetup34.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I


Alt 11.06.2012, 21:55   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
funmoods-Startseite bei Mozilla Firefox - Standard

funmoods-Startseite bei Mozilla Firefox



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
--> funmoods-Startseite bei Mozilla Firefox

Alt 12.06.2012, 12:46   #7
schnief
 
funmoods-Startseite bei Mozilla Firefox - Standard

funmoods-Startseite bei Mozilla Firefox



Hallo,

zu 1.) der normale Modus geht wieder uneingeschränkt
zu 2.) soweit ich das alles überblicken kann, vermisse ich nichts im Startmenü und leere Ordner unter alle Programme gibts auch nicht.

kann also weiter gehen

Alt 12.06.2012, 13:50   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
funmoods-Startseite bei Mozilla Firefox - Standard

funmoods-Startseite bei Mozilla Firefox



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.06.2012, 21:36   #9
schnief
 
funmoods-Startseite bei Mozilla Firefox - Standard

funmoods-Startseite bei Mozilla Firefox



Guten Abend,

hab den OTL-Scan nochmal gemacht.

Gruß
schnief

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 6/14/2012 8:31:24 PM - Run 2
OTL by OldTimer - Version 3.2.43.2     Folder = C:\Users\****\unwichtigeOrdner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.75 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 64.54% Memory free
7.49 Gb Paging File | 5.75 Gb Available in Paging File | 76.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 131.75 Gb Total Space | 73.09 Gb Free Space | 55.47% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.98 Gb Free Space | 99.64% Space Free | Partition Type: FAT32
 
Computer Name: ****-HP | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012/05/28 20:52:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\****\unwichtigeOrdner\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/31 15:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2010/09/02 22:18:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe
PRC - [2010/07/30 05:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/07/13 00:47:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/03/01 19:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
PRC - [2010/02/17 22:07:38 | 000,476,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
PRC - [2010/02/17 22:05:08 | 000,282,824 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
PRC - [2009/08/07 18:54:56 | 000,222,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
PRC - [2009/05/09 00:26:32 | 000,893,112 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/05/13 10:49:35 | 013,197,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\9ee9841d9e33fe5dceba4cd7d90f2ae0\System.Windows.Forms.ni.dll
MOD - [2012/05/13 10:49:22 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll
MOD - [2012/05/13 10:48:41 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/13 10:48:17 | 001,665,536 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\03b5233f1511f5fdb39eb681b04e5506\System.Drawing.ni.dll
MOD - [2012/05/13 10:48:06 | 009,091,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/13 10:47:59 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2010/02/22 20:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/02/22 20:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/02/22 20:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/08/05 01:22:44 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/07/30 05:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/04/05 20:12:00 | 000,103,992 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/02/08 20:07:16 | 000,149,032 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/02/04 20:48:28 | 000,199,032 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/05/06 14:10:29 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/02 22:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/07/13 00:47:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/01 19:27:22 | 000,264,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2010/02/17 22:05:08 | 000,282,824 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)
SRV - [2009/08/07 18:54:56 | 000,222,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/09 00:26:32 | 000,893,112 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/18 10:48:22 | 003,063,360 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/08/11 18:43:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/08/05 01:52:36 | 006,859,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/08/05 00:47:20 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/07/20 23:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 23:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 23:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 16:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/05/04 00:44:02 | 000,331,880 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/27 20:25:14 | 001,803,904 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2010/03/09 19:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/03/03 00:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/02/26 20:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/16 21:24:20 | 000,025,912 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2010/02/08 20:07:16 | 000,527,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/02/08 20:07:16 | 000,280,008 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/02/08 20:07:16 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/02/08 20:07:16 | 000,121,760 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/02/08 20:07:16 | 000,094,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/09 23:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE:64bit: - HKLM\..\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE - HKLM\..\SearchScopes,DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE - HKLM\..\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475
IE - HKLM\..\SearchScopes\{573B8760-5A07-FAE5-A744-52A46956D485}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://search.babylon.com/?affID=110819&tt=100512_1_&babsrc=HP_ss&mntrId=a8baa772000000000000e02a823bea36
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\..\SearchScopes,Backup.Old.DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\..\SearchScopes,DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=100512_1_&babsrc=SP_ss&mntrId=a8baa772000000000000e02a823bea36
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\..\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\..\SearchScopes\{573B8760-5A07-FAE5-A744-52A46956D485}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\..\SearchScopes\{83F1F119-37A3-4623-B816-A3EB3B27613D}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..backup.old.browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..backup.old.browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=110819&tt=100512_1_&babsrc=HP_ss&mntrId=a8baa772000000000000e02a823bea36"
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q="
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0.0.479
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.netassistant.keyword.url: "hxxp://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={998B820D-28B8-4BC9-B969-3DCAEFEFC573}&Version=3.6.5&Vintage=20111249&Defaultbrowserid=24&Productid=2326&Vendorid=5750&Offerid=16983&searchterm="
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110819&tt=100512_1_&babsrc=KW_ss&mntrId=a8baa772000000000000e02a823bea36&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\ [2011/08/10 20:47:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/13 14:45:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/12 20:10:39 | 000,000,000 | ---D | M]
 
[2011/02/21 20:25:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2012/05/27 21:36:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\1c3dr9as.default\extensions
[2011/02/21 20:25:55 | 000,001,834 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\1c3dr9as.default\searchplugins\bing.xml
[2012/05/24 20:47:07 | 000,002,299 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\1c3dr9as.default\searchplugins\Search.xml
[2012/05/13 14:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/05/13 14:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012/05/13 14:45:44 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net
[2012/05/05 00:06:48 | 000,570,013 | ---- | M] () (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1C3DR9AS.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012/04/21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/14 22:37:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/05/15 21:37:42 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/04/21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/04/21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/04/21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/04/21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100908045406.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100908045406.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.Exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKLM\..Trusted Domains: siteadvisor.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: siteadvisor.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E00C872-5886-46BE-81DB-FEDECAADDD36}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B20EDAB1-112B-43CE-81C0-CEC8C015A170}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\myrm - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myRmProt5.1.0.325.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d9a6727b-ad83-11e0-9889-e02a8206ba27}\Shell - "" = AutoRun
O33 - MountPoints2\{d9a6727b-ad83-11e0-9889-e02a8206ba27}\Shell\AutoRun\command - "" = D:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: mfehidk - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfehidk.sys - C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet:64bit: mfevtp - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/06/04 22:07:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/06/04 22:07:11 | 002,322,184 | ---- | C] (ESET) -- C:\Users\****\unwichtigeOrdner\Desktop\esetsmartinstaller_enu.exe
[2012/05/28 20:53:54 | 000,000,000 | ---D | C] -- C:\Users\****\unwichtigeOrdner\Desktop\trojanerboard
[2012/05/28 20:51:59 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\****\unwichtigeOrdner\Desktop\OTL.exe
[2012/05/27 22:19:03 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2012/05/27 22:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/27 22:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/27 22:18:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/05/27 22:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/27 22:17:59 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\****\unwichtigeOrdner\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/27 21:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/27 21:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/27 21:52:51 | 003,862,112 | ---- | C] (Piriform Ltd) -- C:\Users\****\unwichtigeOrdner\Desktop\ccsetup319.exe
[2012/05/27 21:42:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/27 21:32:23 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Roxio Log Files
[2012/05/21 19:06:44 | 014,593,325 | ---- | C] (Andrea Vacondio) -- C:\Users\****\unwichtigeOrdner\Desktop\pdfsam-win-v2_2_1.exe
[2012/05/16 13:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/16 13:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/16 13:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/15 21:41:24 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\CUSTPDF Writer
[2012/05/15 21:39:54 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Google
[2012/05/15 21:37:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPLGS
[2012/05/15 21:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012/05/15 21:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/05/15 21:37:35 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Babylon
[2012/05/15 21:37:34 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Babylon
[2012/05/15 21:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[1 C:\Users\****\*.tmp files -> C:\Users\****\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/06/14 20:38:21 | 001,513,970 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/14 20:38:21 | 000,659,690 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/06/14 20:38:21 | 000,620,836 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/14 20:38:21 | 000,132,970 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/06/14 20:38:21 | 000,108,760 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/06/14 20:33:53 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 20:33:53 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/14 20:26:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/14 20:25:56 | 4022,927,360 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/12 14:01:47 | 000,013,605 | ---- | M] () -- C:\windows\SysNative\Config.MPF
[2012/06/08 09:10:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/06/04 22:07:13 | 002,322,184 | ---- | M] (ESET) -- C:\Users\****\unwichtigeOrdner\Desktop\esetsmartinstaller_enu.exe
[2012/05/28 20:52:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\****\unwichtigeOrdner\Desktop\OTL.exe
[2012/05/28 20:50:53 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable
[2012/05/28 20:48:22 | 000,050,477 | ---- | M] () -- C:\Users\****\unwichtigeOrdner\Desktop\Defogger.exe
[2012/05/27 22:18:56 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/27 22:18:12 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\****\unwichtigeOrdner\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/27 21:53:39 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/27 21:52:52 | 003,862,112 | ---- | M] (Piriform Ltd) -- C:\Users\****\unwichtigeOrdner\Desktop\ccsetup319.exe
[2012/05/23 21:22:20 | 002,788,367 | ---- | M] () -- C:\Users\****\unwichtigeOrdner\Desktop\spielplatz2.JPG
[2012/05/23 21:21:54 | 003,211,103 | ---- | M] () -- C:\Users\****\unwichtigeOrdner\Desktop\spielplatz1.JPG
[2012/05/21 19:07:40 | 014,593,325 | ---- | M] (Andrea Vacondio) -- C:\Users\****\unwichtigeOrdner\Desktop\pdfsam-win-v2_2_1.exe
[2012/05/15 21:37:52 | 000,000,250 | ---- | M] () -- C:\user.js
[1 C:\Users\****\*.tmp files -> C:\Users\****\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/05/28 20:50:53 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable
[2012/05/28 20:48:21 | 000,050,477 | ---- | C] () -- C:\Users\****\unwichtigeOrdner\Desktop\Defogger.exe
[2012/05/27 22:18:56 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/05/27 21:53:39 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/23 21:22:20 | 002,788,367 | ---- | C] () -- C:\Users\****\unwichtigeOrdner\Desktop\spielplatz2.JPG
[2012/05/23 21:21:52 | 003,211,103 | ---- | C] () -- C:\Users\****\unwichtigeOrdner\Desktop\spielplatz1.JPG
[2012/05/15 21:37:51 | 000,000,250 | ---- | C] () -- C:\user.js
[2011/11/14 21:37:59 | 000,006,550 | ---- | C] () -- C:\windows\jautoexp.dat
[2011/03/29 20:43:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/18 21:41:20 | 001,535,962 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/11/18 10:53:50 | 000,255,360 | ---- | C] ( ) -- C:\windows\SysWow64\rsnp2uvc.dll
[2010/11/18 10:53:50 | 000,025,984 | ---- | C] () -- C:\windows\snuvcdsm.exe
[2010/11/18 10:53:49 | 000,015,497 | ---- | C] () -- C:\windows\snp2uvc.ini
[2010/11/18 10:41:57 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/09/08 13:29:46 | 000,000,188 | ---- | C] () -- C:\windows\SysWow64\HPWA.ini
 
========== LOP Check ==========
 
[2011/05/09 21:34:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Amazon
[2012/05/15 21:37:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Babylon
[2012/01/19 17:36:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canon
[2011/02/24 23:04:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Lexware
[2012/06/12 14:01:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SoftGrid Client
[2011/05/27 11:20:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Subversion
[2011/02/18 21:42:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TP
[2012/05/21 21:55:36 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/02/21 21:49:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Adobe
[2011/05/09 21:34:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Amazon
[2011/02/18 21:40:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ATI
[2012/05/15 21:37:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Babylon
[2012/01/19 17:36:08 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canon
[2011/02/18 21:39:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Hewlett-Packard
[2012/05/22 20:45:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\hpqLog
[2011/02/18 21:39:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Identities
[2011/02/24 23:04:10 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Lexware
[2011/02/20 21:28:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Macromedia
[2012/05/27 22:19:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2011/02/18 21:39:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\McAfee
[2012/06/04 22:15:34 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft
[2011/02/21 20:25:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla
[2012/05/27 21:32:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Roxio Log Files
[2012/05/27 22:00:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Skype
[2011/12/20 14:10:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\skypePM
[2012/06/12 14:01:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SoftGrid Client
[2011/05/27 11:20:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Subversion
[2011/02/18 21:42:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TP
[2011/06/22 10:44:29 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_394a8c733b252fb9\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_39204d0d3b44b8d4\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_39d05b5854449cd5\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_3a006b1e5421763d\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010/05/12 10:37:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010/05/12 10:50:37 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010/05/12 10:38:10 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2010/05/12 10:50:49 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/09/08 13:12:34 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/09/08 13:12:34 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
         
--- --- ---
[/code]

Alt 15.06.2012, 14:49   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
funmoods-Startseite bei Mozilla Firefox - Standard

funmoods-Startseite bei Mozilla Firefox



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/10
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE:64bit: - HKLM\..\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/10
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE - HKLM\..\SearchScopes,DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE - HKLM\..\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475
IE - HKLM\..\SearchScopes\{573B8760-5A07-FAE5-A744-52A46956D485}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://search.babylon.com/?affID=110819&tt=100512_1_&babsrc=HP_ss&mntrId=a8baa772000000000000e02a823bea36
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/10
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\..\SearchScopes,Backup.Old.DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\..\SearchScopes,DefaultScope = {42082122-0C9D-4D19-8D54-D7242094F839}
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=100512_1_&babsrc=SP_ss&mntrId=a8baa772000000000000e02a823bea36
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\..\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\..\SearchScopes\{573B8760-5A07-FAE5-A744-52A46956D485}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\..\SearchScopes\{83F1F119-37A3-4623-B816-A3EB3B27613D}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
FF - prefs.js..backup.old.browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..backup.old.browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=110819&tt=100512_1_&babsrc=HP_ss&mntrId=a8baa772000000000000e02a823bea36"
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q="
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475"
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={998B820D-28B8-4BC9-B969-3DCAEFEFC573}&Version=3.6.5&Vintage=20111249&Defaultbrowserid=24&Productid=2326&Vendorid=5750&Offerid=16983&searchterm="
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=110819&tt=100512_1_&babsrc=KW_ss&mntrId=a8baa772000000000000e02a823bea36&q="
[2011/02/21 20:25:55 | 000,001,834 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\1c3dr9as.default\searchplugins\bing.xml
[2012/05/24 20:47:07 | 000,002,299 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\1c3dr9as.default\searchplugins\Search.xml
[2012/05/13 14:45:44 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net
[2012/05/15 21:37:42 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d9a6727b-ad83-11e0-9889-e02a8206ba27}\Shell - "" = AutoRun
O33 - MountPoints2\{d9a6727b-ad83-11e0-9889-e02a8206ba27}\Shell\AutoRun\command - "" = D:\setup.exe AUTORUN=1
[2012/05/15 21:37:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Babylon
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.06.2012, 18:40   #11
schnief
 
funmoods-Startseite bei Mozilla Firefox - Standard

funmoods-Startseite bei Mozilla Firefox



Hallo Arne,

ich hab den OTL-Fix gemacht. Hier das Log.


Vielen Dank schonmal und guten Abend.
schnief

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42082122-0C9D-4D19-8D54-D7242094F839}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42082122-0C9D-4D19-8D54-D7242094F839}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{573B8760-5A07-FAE5-A744-52A46956D485}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{573B8760-5A07-FAE5-A744-52A46956D485}\ not found.
HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Backup.Old.Start Page| /E : value set successfully!
HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3509303512-1638139293-2482028298-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-3509303512-1638139293-2482028298-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-3509303512-1638139293-2482028298-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3509303512-1638139293-2482028298-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3509303512-1638139293-2482028298-1001\Software\Microsoft\Internet Explorer\SearchScopes\{42082122-0C9D-4D19-8D54-D7242094F839}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42082122-0C9D-4D19-8D54-D7242094F839}\ not found.
Registry key HKEY_USERS\S-1-5-21-3509303512-1638139293-2482028298-1001\Software\Microsoft\Internet Explorer\SearchScopes\{573B8760-5A07-FAE5-A744-52A46956D485}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{573B8760-5A07-FAE5-A744-52A46956D485}\ not found.
Registry key HKEY_USERS\S-1-5-21-3509303512-1638139293-2482028298-1001\Software\Microsoft\Internet Explorer\SearchScopes\{83F1F119-37A3-4623-B816-A3EB3B27613D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83F1F119-37A3-4623-B816-A3EB3B27613D}\ not found.
Prefs.js: "Search the web (Babylon)" removed from backup.old.browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from backup.old.browser.search.selectedEngine
Prefs.js: "hxxp://search.babylon.com/?affID=110819&tt=100512_1_&babsrc=HP_ss&mntrId=a8baa772000000000000e02a823bea36" removed from browser.startup.homepage
Prefs.js: "Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://www.bing.com/search?FORM=MSNTLB&PC=MSNTDF&q=" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475" removed from browser.startup.homepage
Prefs.js: "hxxp://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={998B820D-28B8-4BC9-B969-3DCAEFEFC573}&Version=3.6.5&Vintage=20111249&Defaultbrowserid=24&Productid=2326&Vendorid=5750&Offerid=16983&searchterm=" removed from extensions.netassistant.keyword.url
Prefs.js: "hxxp://search.babylon.com/?affID=110819&tt=100512_1_&babsrc=KW_ss&mntrId=a8baa772000000000000e02a823bea36&q=" removed from keyword.URL
C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\1c3dr9as.default\searchplugins\bing.xml moved successfully.
C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\1c3dr9as.default\searchplugins\Search.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\weather folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\ticker folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\shopping folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\search folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\pref folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\phish folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\newtab\initial-thumbs folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\newtab folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\neterror folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\horoscope folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\homebutton folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\highlight folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\help folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\email folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\ebay folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin\brand folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\skin folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\weather folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\ticker folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\shopping folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\search folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\pref folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\phish folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\newtab folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\neterror folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\main folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\horoscope folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\highlight folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\help folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\email folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US\ebay folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\en-US folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\weather folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\ticker folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\shopping folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\search folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\pref folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\phish folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\newtab folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\neterror folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\main folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\horoscope folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\highlight folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\help\page folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\help folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\email folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE\ebay folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale\de-DE folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\locale folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\defaults\preferences folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\defaults folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\weather folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\util folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\tracking folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\ticker folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\shopping folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\search\mcollect folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\search folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\pref folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\phish folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\newtab folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\neterror folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\main folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\hotnews folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\horoscope folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\highlight folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\help folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\email folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content\ebay folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\content folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net\components folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@gmx.net folder moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9a6727b-ad83-11e0-9889-e02a8206ba27}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9a6727b-ad83-11e0-9889-e02a8206ba27}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9a6727b-ad83-11e0-9889-e02a8206ba27}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9a6727b-ad83-11e0-9889-e02a8206ba27}\ not found.
File D:\setup.exe AUTORUN=1 not found.
C:\Users\****\AppData\Roaming\Babylon folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: ****
->Temp folder emptied: 14293413 bytes
->Temporary Internet Files folder emptied: 37093164 bytes
->Java cache emptied: 16993895 bytes
->FireFox cache emptied: 363799797 bytes
->Flash cache emptied: 3963 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 58236308 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045936 bytes
RecycleBin emptied: 4107763521 bytes
 
Total Files Cleaned = 4,420.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: ****
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.43.2 log created on 06182012_192246

Files\Folders moved on Reboot...
C:\Users\****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 18.06.2012, 21:18   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
funmoods-Startseite bei Mozilla Firefox - Standard

funmoods-Startseite bei Mozilla Firefox



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.06.2012, 19:46   #13
schnief
 
funmoods-Startseite bei Mozilla Firefox - Standard

funmoods-Startseite bei Mozilla Firefox



Hallo Arne,

hier nun das Log vom TDSS-Tool.

Gruß
schnief

Code:
ATTFilter
20:31:33.0932 4696	TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
20:31:35.0945 4696	============================================================
20:31:35.0945 4696	Current date / time: 2012/06/21 20:31:35.0945
20:31:35.0945 4696	SystemInfo:
20:31:35.0945 4696	
20:31:35.0945 4696	OS Version: 6.1.7601 ServicePack: 1.0
20:31:35.0945 4696	Product type: Workstation
20:31:35.0945 4696	ComputerName: ****-HP
20:31:35.0945 4696	UserName: ****
20:31:35.0945 4696	Windows directory: C:\windows
20:31:35.0945 4696	System windows directory: C:\windows
20:31:35.0945 4696	Running under WOW64
20:31:35.0945 4696	Processor architecture: Intel x64
20:31:35.0945 4696	Number of processors: 1
20:31:35.0945 4696	Page size: 0x1000
20:31:35.0945 4696	Boot type: Normal boot
20:31:35.0945 4696	============================================================
20:31:38.0753 4696	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:31:38.0768 4696	Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:31:38.0768 4696	============================================================
20:31:38.0768 4696	\Device\Harddisk0\DR0:
20:31:38.0768 4696	MBR partitions:
20:31:38.0768 4696	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
20:31:38.0768 4696	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x10782000
20:31:38.0768 4696	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x10818800, BlocksNum 0x1E00000
20:31:38.0768 4696	\Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x12618800, BlocksNum 0x3FD800
20:31:38.0768 4696	\Device\Harddisk1\DR1:
20:31:38.0768 4696	MBR partitions:
20:31:38.0768 4696	\Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x2542D682
20:31:38.0768 4696	============================================================
20:31:38.0799 4696	C: <-> \Device\Harddisk0\DR0\Partition1
20:31:38.0831 4696	F: <-> \Device\Harddisk0\DR0\Partition3
20:31:38.0831 4696	D: <-> \Device\Harddisk1\DR1\Partition0
20:31:38.0831 4696	============================================================
20:31:38.0831 4696	Initialize success
20:31:38.0831 4696	============================================================
20:33:51.0025 4384	============================================================
20:33:51.0025 4384	Scan started
20:33:51.0025 4384	Mode: Manual; SigCheck; TDLFS; 
20:33:51.0025 4384	============================================================
20:33:52.0554 4384	1394ohci        (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
20:33:54.0379 4384	1394ohci - ok
20:33:54.0567 4384	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
20:33:54.0676 4384	ACPI - ok
20:33:54.0723 4384	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
20:33:54.0910 4384	AcpiPmi - ok
20:33:55.0097 4384	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:33:55.0144 4384	AdobeARMservice - ok
20:33:55.0300 4384	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:33:55.0393 4384	AdobeFlashPlayerUpdateSvc - ok
20:33:55.0503 4384	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
20:33:55.0518 4384	adp94xx - ok
20:33:55.0565 4384	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
20:33:55.0581 4384	adpahci - ok
20:33:55.0612 4384	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
20:33:55.0627 4384	adpu320 - ok
20:33:55.0659 4384	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
20:33:55.0939 4384	AeLookupSvc - ok
20:33:56.0095 4384	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
20:33:56.0267 4384	AFD - ok
20:33:56.0392 4384	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
20:33:56.0407 4384	agp440 - ok
20:33:56.0439 4384	ALG             (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
20:33:56.0579 4384	ALG - ok
20:33:56.0641 4384	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
20:33:56.0657 4384	aliide - ok
20:33:56.0688 4384	AMD External Events Utility (5a06ab7ab4d389dfe3c109599df0bb65) C:\windows\system32\atiesrxx.exe
20:33:56.0922 4384	AMD External Events Utility - ok
20:33:56.0938 4384	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
20:33:56.0953 4384	amdide - ok
20:33:57.0000 4384	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
20:33:57.0265 4384	AmdK8 - ok
20:33:57.0609 4384	amdkmdag        (650ddccd6657e20737433cb774521b81) C:\windows\system32\DRIVERS\atikmdag.sys
20:33:57.0827 4384	amdkmdag - ok
20:33:58.0014 4384	amdkmdap        (f51b013c55b30dbe3ad59a7fe197c5ba) C:\windows\system32\DRIVERS\atikmpag.sys
20:33:58.0357 4384	amdkmdap - ok
20:33:58.0513 4384	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
20:33:58.0591 4384	AmdPPM - ok
20:33:58.0638 4384	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
20:33:58.0685 4384	amdsata - ok
20:33:58.0763 4384	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
20:33:58.0779 4384	amdsbs - ok
20:33:58.0825 4384	amdxata         (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
20:33:58.0935 4384	amdxata - ok
20:33:59.0013 4384	AppID           (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
20:33:59.0777 4384	AppID - ok
20:33:59.0886 4384	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
20:34:00.0011 4384	AppIDSvc - ok
20:34:00.0105 4384	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
20:34:00.0495 4384	Appinfo - ok
20:34:00.0557 4384	arc             (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
20:34:00.0573 4384	arc - ok
20:34:00.0619 4384	arcsas          (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
20:34:00.0635 4384	arcsas - ok
20:34:00.0729 4384	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
20:34:00.0838 4384	AsyncMac - ok
20:34:00.0885 4384	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
20:34:00.0885 4384	atapi - ok
20:34:01.0009 4384	AtiHdmiService  (2d648572ba9a610952fcafba1e119c2d) C:\windows\system32\drivers\AtiHdmi.sys
20:34:01.0337 4384	AtiHdmiService - ok
20:34:01.0399 4384	AtiPcie         (e82e61f46d1336447f4deff8c074f13e) C:\windows\system32\DRIVERS\AtiPcie64.sys
20:34:01.0462 4384	AtiPcie - ok
20:34:01.0633 4384	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:34:01.0930 4384	AudioEndpointBuilder - ok
20:34:01.0930 4384	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
20:34:02.0039 4384	AudioSrv - ok
20:34:02.0101 4384	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
20:34:02.0289 4384	AxInstSV - ok
20:34:02.0351 4384	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
20:34:02.0445 4384	b06bdrv - ok
20:34:02.0538 4384	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
20:34:02.0632 4384	b57nd60a - ok
20:34:02.0959 4384	BCM43XX         (810be94a9e42309b3f74217ac28bc6ac) C:\windows\system32\DRIVERS\bcmwl664.sys
20:34:03.0053 4384	BCM43XX - ok
20:34:03.0225 4384	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
20:34:03.0303 4384	BDESVC - ok
20:34:03.0412 4384	Beep            (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
20:34:03.0521 4384	Beep - ok
20:34:03.0708 4384	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
20:34:03.0927 4384	BFE - ok
20:34:04.0005 4384	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
20:34:04.0114 4384	BITS - ok
20:34:04.0192 4384	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
20:34:04.0379 4384	blbdrive - ok
20:34:04.0410 4384	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
20:34:04.0941 4384	bowser - ok
20:34:04.0972 4384	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
20:34:05.0175 4384	BrFiltLo - ok
20:34:05.0190 4384	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
20:34:05.0221 4384	BrFiltUp - ok
20:34:05.0268 4384	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
20:34:05.0502 4384	Browser - ok
20:34:05.0736 4384	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
20:34:05.0892 4384	Brserid - ok
20:34:05.0923 4384	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
20:34:06.0033 4384	BrSerWdm - ok
20:34:06.0064 4384	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
20:34:06.0204 4384	BrUsbMdm - ok
20:34:06.0267 4384	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
20:34:06.0423 4384	BrUsbSer - ok
20:34:06.0532 4384	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
20:34:06.0735 4384	BthEnum - ok
20:34:06.0781 4384	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
20:34:06.0969 4384	BTHMODEM - ok
20:34:07.0047 4384	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
20:34:07.0187 4384	BthPan - ok
20:34:07.0327 4384	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
20:34:07.0530 4384	BTHPORT - ok
20:34:07.0546 4384	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
20:34:07.0733 4384	bthserv - ok
20:34:07.0842 4384	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
20:34:08.0076 4384	BTHUSB - ok
20:34:08.0123 4384	btwampfl        (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\windows\system32\drivers\btwampfl.sys
20:34:08.0263 4384	btwampfl - ok
20:34:08.0310 4384	btwaudio        (a75bf6802a967f5aacecc3c67febdf55) C:\windows\system32\drivers\btwaudio.sys
20:34:08.0404 4384	btwaudio - ok
20:34:08.0419 4384	btwavdt         (d895dc213edbda5fcc53aad1f1e0e63b) C:\windows\system32\DRIVERS\btwavdt.sys
20:34:08.0544 4384	btwavdt - ok
20:34:08.0653 4384	btwdins         (692f8648d7686d91e34a65ac698019d8) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:34:08.0747 4384	btwdins - ok
20:34:08.0778 4384	btwl2cap        (07096d2bc22ccb6cea5a532df0be8a75) C:\windows\system32\DRIVERS\btwl2cap.sys
20:34:08.0950 4384	btwl2cap - ok
20:34:08.0981 4384	btwrchid        (6d7aa2bde0135599c5f230d69db3b420) C:\windows\system32\DRIVERS\btwrchid.sys
20:34:09.0075 4384	btwrchid - ok
20:34:09.0137 4384	cdfs            (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
20:34:09.0309 4384	cdfs - ok
20:34:09.0387 4384	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
20:34:09.0511 4384	cdrom - ok
20:34:09.0636 4384	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:34:09.0761 4384	CertPropSvc - ok
20:34:09.0808 4384	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
20:34:10.0026 4384	circlass - ok
20:34:10.0073 4384	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
20:34:10.0089 4384	CLFS - ok
20:34:10.0229 4384	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:34:10.0245 4384	clr_optimization_v2.0.50727_32 - ok
20:34:10.0385 4384	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:34:10.0401 4384	clr_optimization_v2.0.50727_64 - ok
20:34:10.0619 4384	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:34:10.0635 4384	clr_optimization_v4.0.30319_32 - ok
20:34:10.0666 4384	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:34:10.0681 4384	clr_optimization_v4.0.30319_64 - ok
20:34:10.0806 4384	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
20:34:11.0056 4384	CmBatt - ok
20:34:11.0181 4384	cmdide          (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
20:34:11.0196 4384	cmdide - ok
20:34:11.0259 4384	CNG             (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
20:34:11.0477 4384	CNG - ok
20:34:11.0508 4384	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
20:34:11.0539 4384	Compbatt - ok
20:34:11.0617 4384	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
20:34:11.0805 4384	CompositeBus - ok
20:34:11.0820 4384	COMSysApp - ok
20:34:11.0851 4384	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
20:34:11.0867 4384	crcdisk - ok
20:34:11.0976 4384	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
20:34:12.0195 4384	CryptSvc - ok
20:34:12.0351 4384	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:34:12.0444 4384	cvhsvc - ok
20:34:12.0522 4384	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
20:34:12.0709 4384	DcomLaunch - ok
20:34:12.0756 4384	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
20:34:12.0850 4384	defragsvc - ok
20:34:13.0006 4384	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
20:34:13.0084 4384	DfsC - ok
20:34:13.0240 4384	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
20:34:13.0458 4384	Dhcp - ok
20:34:13.0489 4384	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
20:34:13.0848 4384	discache - ok
20:34:13.0957 4384	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
20:34:13.0973 4384	Disk - ok
20:34:14.0004 4384	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
20:34:14.0207 4384	Dnscache - ok
20:34:14.0254 4384	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
20:34:14.0535 4384	dot3svc - ok
20:34:14.0566 4384	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
20:34:14.0956 4384	DPS - ok
20:34:15.0018 4384	drmkaud         (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
20:34:15.0190 4384	drmkaud - ok
20:34:15.0283 4384	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
20:34:15.0346 4384	DXGKrnl - ok
20:34:15.0393 4384	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
20:34:15.0486 4384	EapHost - ok
20:34:15.0689 4384	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
20:34:15.0907 4384	ebdrv - ok
20:34:16.0360 4384	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
20:34:16.0516 4384	EFS - ok
20:34:16.0641 4384	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
20:34:16.0921 4384	ehRecvr - ok
20:34:16.0984 4384	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
20:34:17.0171 4384	ehSched - ok
20:34:17.0233 4384	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
20:34:17.0265 4384	elxstor - ok
20:34:17.0296 4384	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
20:34:17.0421 4384	ErrDev - ok
20:34:17.0623 4384	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
20:34:17.0811 4384	EventSystem - ok
20:34:17.0857 4384	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
20:34:18.0232 4384	exfat - ok
20:34:18.0263 4384	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
20:34:18.0372 4384	fastfat - ok
20:34:18.0466 4384	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
20:34:18.0840 4384	Fax - ok
20:34:18.0949 4384	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
20:34:19.0168 4384	fdc - ok
20:34:19.0199 4384	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
20:34:19.0293 4384	fdPHost - ok
20:34:19.0324 4384	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
20:34:19.0511 4384	FDResPub - ok
20:34:19.0542 4384	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
20:34:19.0558 4384	FileInfo - ok
20:34:19.0573 4384	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
20:34:19.0729 4384	Filetrace - ok
20:34:19.0745 4384	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
20:34:19.0917 4384	flpydisk - ok
20:34:19.0995 4384	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
20:34:20.0041 4384	FltMgr - ok
20:34:20.0197 4384	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
20:34:20.0338 4384	FontCache - ok
20:34:20.0416 4384	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:34:20.0463 4384	FontCache3.0.0.0 - ok
20:34:20.0509 4384	FsDepends       (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
20:34:20.0525 4384	FsDepends - ok
20:34:20.0572 4384	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
20:34:20.0619 4384	Fs_Rec - ok
20:34:20.0712 4384	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
20:34:20.0728 4384	fvevol - ok
20:34:20.0775 4384	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
20:34:20.0790 4384	gagp30kx - ok
20:34:20.0868 4384	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
20:34:21.0055 4384	gpsvc - ok
20:34:21.0071 4384	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
20:34:21.0258 4384	hcw85cir - ok
20:34:21.0367 4384	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
20:34:21.0617 4384	HdAudAddService - ok
20:34:21.0664 4384	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
20:34:21.0835 4384	HDAudBus - ok
20:34:21.0929 4384	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
20:34:21.0960 4384	HidBatt - ok
20:34:21.0976 4384	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
20:34:23.0739 4384	HidBth - ok
20:34:23.0785 4384	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
20:34:26.0079 4384	HidIr - ok
20:34:26.0219 4384	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
20:34:26.0547 4384	hidserv - ok
20:34:26.0703 4384	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
20:34:26.0812 4384	HidUsb - ok
20:34:26.0983 4384	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
20:34:27.0093 4384	hkmsvc - ok
20:34:27.0139 4384	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
20:34:27.0358 4384	HomeGroupListener - ok
20:34:27.0405 4384	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
20:34:27.0483 4384	HomeGroupProvider - ok
20:34:27.0732 4384	HP Health Check Service (3f4add4196e2b860019539837be305f9) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
20:34:27.0795 4384	HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
20:34:27.0795 4384	HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
20:34:27.0982 4384	HP Wireless Assistant Service (58cc11d14d88ef70ef7abbc75b5eebd8) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
20:34:27.0997 4384	HP Wireless Assistant Service - ok
20:34:28.0107 4384	HPDrvMntSvc.exe (c7a62d20dc8e7790ba2e788f88377ae4) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
20:34:28.0185 4384	HPDrvMntSvc.exe - ok
20:34:28.0309 4384	hpHotkeyMonitor (4d94f4d7782657e79eb1352570b563db) C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
20:34:28.0387 4384	hpHotkeyMonitor - ok
20:34:28.0434 4384	HpqKbFiltr      (b98ee5d4535a685634b90f7e04de0df7) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
20:34:28.0543 4384	HpqKbFiltr - ok
20:34:28.0621 4384	hpqwmiex        (e91bfc73b5874484886bc7d0e402ecd8) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
20:34:28.0653 4384	hpqwmiex - ok
20:34:28.0699 4384	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
20:34:28.0762 4384	HpSAMD - ok
20:34:28.0949 4384	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
20:34:29.0027 4384	HTTP - ok
20:34:29.0074 4384	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
20:34:29.0089 4384	hwpolicy - ok
20:34:29.0121 4384	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
20:34:29.0167 4384	i8042prt - ok
20:34:29.0199 4384	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
20:34:29.0277 4384	iaStorV - ok
20:34:29.0417 4384	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:34:29.0526 4384	idsvc - ok
20:34:29.0557 4384	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
20:34:29.0573 4384	iirsp - ok
20:34:29.0682 4384	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
20:34:29.0760 4384	IKEEXT - ok
20:34:29.0791 4384	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
20:34:29.0807 4384	intelide - ok
20:34:29.0854 4384	intelppm        (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
20:34:29.0932 4384	intelppm - ok
20:34:30.0010 4384	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
20:34:30.0119 4384	IPBusEnum - ok
20:34:30.0197 4384	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
20:34:30.0337 4384	IpFilterDriver - ok
20:34:30.0431 4384	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
20:34:30.0665 4384	iphlpsvc - ok
20:34:30.0712 4384	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
20:34:30.0821 4384	IPMIDRV - ok
20:34:30.0899 4384	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
20:34:31.0024 4384	IPNAT - ok
20:34:31.0086 4384	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
20:34:31.0149 4384	IRENUM - ok
20:34:31.0195 4384	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
20:34:31.0211 4384	isapnp - ok
20:34:31.0289 4384	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
20:34:31.0383 4384	iScsiPrt - ok
20:34:31.0461 4384	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
20:34:31.0476 4384	kbdclass - ok
20:34:31.0507 4384	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
20:34:31.0648 4384	kbdhid - ok
20:34:31.0695 4384	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:34:31.0773 4384	KeyIso - ok
20:34:31.0819 4384	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
20:34:31.0866 4384	KSecDD - ok
20:34:31.0929 4384	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
20:34:31.0991 4384	KSecPkg - ok
20:34:32.0241 4384	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
20:34:32.0303 4384	ksthunk - ok
20:34:32.0365 4384	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
20:34:32.0428 4384	KtmRm - ok
20:34:32.0490 4384	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
20:34:32.0662 4384	LanmanServer - ok
20:34:32.0709 4384	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
20:34:32.0755 4384	LanmanWorkstation - ok
20:34:32.0927 4384	LightScribeService (47269f0de1e5089c6f23bc1ec48cfc31) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:34:33.0083 4384	LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:34:33.0083 4384	LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:34:33.0255 4384	lltdio          (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
20:34:33.0426 4384	lltdio - ok
20:34:33.0489 4384	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
20:34:33.0613 4384	lltdsvc - ok
20:34:33.0691 4384	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
20:34:33.0957 4384	lmhosts - ok
20:34:34.0019 4384	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
20:34:34.0035 4384	LSI_FC - ok
20:34:34.0050 4384	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
20:34:34.0066 4384	LSI_SAS - ok
20:34:34.0097 4384	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
20:34:34.0113 4384	LSI_SAS2 - ok
20:34:34.0128 4384	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
20:34:34.0144 4384	LSI_SCSI - ok
20:34:34.0222 4384	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
20:34:34.0347 4384	luafv - ok
20:34:34.0534 4384	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
20:34:34.0659 4384	MBAMProtector - ok
20:34:34.0846 4384	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:34:34.0861 4384	MBAMService - ok
20:34:35.0002 4384	McAfee SiteAdvisor Enterprise Service (fcd749a10cf28df4f508d2bf87491e83) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
20:34:35.0017 4384	McAfee SiteAdvisor Enterprise Service - ok
20:34:35.0173 4384	McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe
20:34:35.0251 4384	McComponentHostService - ok
20:34:35.0361 4384	McShield        (b5bb78e513ba72ab7cd16a6eff9aca5c) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
20:34:35.0392 4384	McShield - ok
20:34:35.0563 4384	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
20:34:35.0891 4384	Mcx2Svc - ok
20:34:35.0969 4384	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
20:34:35.0985 4384	megasas - ok
20:34:36.0047 4384	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
20:34:36.0063 4384	MegaSR - ok
20:34:36.0156 4384	mfeapfk         (987b4e601d1b802481f8208dc31a3609) C:\windows\system32\drivers\mfeapfk.sys
20:34:36.0203 4384	mfeapfk - ok
20:34:36.0265 4384	mfeavfk         (f9bbcfa30ee9d8329c2418e30a973070) C:\windows\system32\drivers\mfeavfk.sys
20:34:36.0375 4384	mfeavfk - ok
20:34:36.0406 4384	mfeavfk01 - ok
20:34:36.0437 4384	mfehidk         (658158edc55e913d09acf42d4b84b1fc) C:\windows\system32\drivers\mfehidk.sys
20:34:36.0531 4384	mfehidk - ok
20:34:36.0546 4384	mferkdet        (8113e310275ce13f9a935c6db4f5b2a3) C:\windows\system32\drivers\mferkdet.sys
20:34:36.0640 4384	mferkdet - ok
20:34:36.0733 4384	mfevtp          (2934db3cd1326ecdd3c6c23a78a2527a) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
20:34:36.0843 4384	mfevtp - ok
20:34:36.0921 4384	mfewfpk         (62a29b0fde4f747c7ac76bbd37a9f886) C:\windows\system32\drivers\mfewfpk.sys
20:34:37.0014 4384	mfewfpk - ok
20:34:37.0092 4384	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:34:37.0248 4384	MMCSS - ok
20:34:37.0326 4384	Modem           (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
20:34:37.0482 4384	Modem - ok
20:34:37.0545 4384	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
20:34:37.0654 4384	monitor - ok
20:34:37.0732 4384	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
20:34:37.0747 4384	mouclass - ok
20:34:37.0794 4384	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
20:34:37.0981 4384	mouhid - ok
20:34:38.0013 4384	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
20:34:38.0028 4384	mountmgr - ok
20:34:38.0200 4384	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:34:38.0247 4384	MozillaMaintenance - ok
20:34:38.0293 4384	MPFP            (ae2e68527013eb4f761eccc630f7f1a3) C:\windows\system32\Drivers\Mpfp.sys
20:34:38.0356 4384	MPFP - ok
20:34:38.0527 4384	MpfService      (95aac73d11ddba901042953e5f8146f7) C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
20:34:38.0621 4384	MpfService - ok
20:34:38.0683 4384	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
20:34:38.0746 4384	mpio - ok
20:34:38.0839 4384	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
20:34:38.0949 4384	mpsdrv - ok
20:34:39.0027 4384	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
20:34:39.0198 4384	MpsSvc - ok
20:34:39.0245 4384	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
20:34:39.0573 4384	MRxDAV - ok
20:34:39.0651 4384	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
20:34:39.0931 4384	mrxsmb - ok
20:34:40.0025 4384	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
20:34:40.0150 4384	mrxsmb10 - ok
20:34:40.0197 4384	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
20:34:40.0306 4384	mrxsmb20 - ok
20:34:40.0368 4384	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
20:34:40.0431 4384	msahci - ok
20:34:40.0493 4384	msdsm           (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
20:34:40.0555 4384	msdsm - ok
20:34:40.0649 4384	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
20:34:40.0696 4384	MSDTC - ok
20:34:40.0774 4384	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
20:34:40.0867 4384	Msfs - ok
20:34:40.0914 4384	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
20:34:40.0977 4384	mshidkmdf - ok
20:34:41.0039 4384	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
20:34:41.0055 4384	msisadrv - ok
20:34:41.0133 4384	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
20:34:41.0211 4384	MSiSCSI - ok
20:34:41.0211 4384	msiserver - ok
20:34:41.0304 4384	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
20:34:41.0476 4384	MSKSSRV - ok
20:34:41.0491 4384	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
20:34:41.0569 4384	MSPCLOCK - ok
20:34:41.0569 4384	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
20:34:41.0647 4384	MSPQM - ok
20:34:41.0850 4384	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
20:34:41.0959 4384	MsRPC - ok
20:34:42.0115 4384	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
20:34:42.0162 4384	mssmbios - ok
20:34:42.0240 4384	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
20:34:42.0318 4384	MSTEE - ok
20:34:42.0505 4384	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
20:34:42.0615 4384	MTConfig - ok
20:34:42.0693 4384	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
20:34:42.0708 4384	Mup - ok
20:34:43.0254 4384	myAgtSvc        (32e99b29e9206a6ad73bfab8cbf7ace8) C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
20:34:43.0285 4384	myAgtSvc - ok
20:34:43.0956 4384	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
20:34:44.0034 4384	napagent - ok
20:34:44.0221 4384	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
20:34:44.0253 4384	NativeWifiP - ok
20:34:45.0017 4384	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
20:34:45.0033 4384	NDIS - ok
20:34:45.0142 4384	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
20:34:45.0204 4384	NdisCap - ok
20:34:45.0235 4384	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
20:34:45.0298 4384	NdisTapi - ok
20:34:45.0469 4384	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
20:34:45.0563 4384	Ndisuio - ok
20:34:45.0641 4384	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
20:34:45.0750 4384	NdisWan - ok
20:34:45.0813 4384	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
20:34:45.0922 4384	NDProxy - ok
20:34:46.0062 4384	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
20:34:46.0109 4384	NetBIOS - ok
20:34:46.0405 4384	NetBT           (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
20:34:46.0483 4384	NetBT - ok
20:34:46.0577 4384	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:34:46.0593 4384	Netlogon - ok
20:34:46.0811 4384	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
20:34:46.0858 4384	Netman - ok
20:34:47.0045 4384	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
20:34:47.0154 4384	netprofm - ok
20:34:47.0981 4384	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:34:47.0997 4384	NetTcpPortSharing - ok
20:34:48.0246 4384	nfrd960         (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
20:34:48.0262 4384	nfrd960 - ok
20:34:48.0355 4384	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
20:34:48.0449 4384	NlaSvc - ok
20:34:48.0496 4384	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
20:34:48.0527 4384	Npfs - ok
20:34:48.0621 4384	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
20:34:48.0683 4384	nsi - ok
20:34:48.0714 4384	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
20:34:48.0792 4384	nsiproxy - ok
20:34:49.0213 4384	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
20:34:49.0369 4384	Ntfs - ok
20:34:49.0837 4384	Null            (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
20:34:49.0915 4384	Null - ok
20:34:50.0165 4384	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
20:34:50.0243 4384	nvraid - ok
20:34:50.0352 4384	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
20:34:50.0446 4384	nvstor - ok
20:34:50.0539 4384	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
20:34:50.0555 4384	nv_agp - ok
20:34:50.0680 4384	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
20:34:50.0758 4384	ohci1394 - ok
20:34:51.0366 4384	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:34:51.0429 4384	ose - ok
20:34:53.0129 4384	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:34:53.0597 4384	osppsvc - ok
20:34:54.0081 4384	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:34:54.0190 4384	p2pimsvc - ok
20:34:54.0361 4384	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
20:34:54.0393 4384	p2psvc - ok
20:34:54.0892 4384	Parport         (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
20:34:54.0923 4384	Parport - ok
20:34:55.0032 4384	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
20:34:55.0079 4384	partmgr - ok
20:34:55.0297 4384	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
20:34:55.0360 4384	PcaSvc - ok
20:34:55.0407 4384	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
20:34:55.0422 4384	pci - ok
20:34:55.0485 4384	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
20:34:55.0500 4384	pciide - ok
20:34:55.0609 4384	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
20:34:55.0625 4384	pcmcia - ok
20:34:55.0765 4384	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
20:34:55.0781 4384	pcw - ok
20:34:56.0140 4384	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
20:34:56.0233 4384	PEAUTH - ok
20:34:56.0405 4384	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
20:34:56.0452 4384	PerfHost - ok
20:34:56.0686 4384	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
20:34:56.0826 4384	pla - ok
20:34:56.0889 4384	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
20:34:57.0013 4384	PlugPlay - ok
20:34:57.0076 4384	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
20:34:57.0091 4384	PNRPAutoReg - ok
20:34:57.0216 4384	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
20:34:57.0247 4384	PNRPsvc - ok
20:34:57.0622 4384	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
20:34:57.0700 4384	PolicyAgent - ok
20:34:57.0762 4384	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
20:34:57.0856 4384	Power - ok
20:34:57.0996 4384	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
20:34:58.0090 4384	PptpMiniport - ok
20:34:58.0137 4384	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
20:34:58.0168 4384	Processor - ok
20:34:58.0449 4384	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
20:34:58.0527 4384	ProfSvc - ok
20:34:58.0651 4384	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:34:58.0667 4384	ProtectedStorage - ok
20:34:58.0839 4384	Psched          (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
20:34:58.0932 4384	Psched - ok
20:34:59.0587 4384	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
20:34:59.0806 4384	ql2300 - ok
20:35:00.0399 4384	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
20:35:00.0414 4384	ql40xx - ok
20:35:00.0523 4384	QWAVE           (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
20:35:00.0570 4384	QWAVE - ok
20:35:00.0726 4384	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
20:35:00.0789 4384	QWAVEdrv - ok
20:35:00.0851 4384	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
20:35:00.0913 4384	RasAcd - ok
20:35:01.0303 4384	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
20:35:01.0366 4384	RasAgileVpn - ok
20:35:01.0569 4384	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
20:35:01.0647 4384	RasAuto - ok
20:35:01.0725 4384	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
20:35:01.0849 4384	Rasl2tp - ok
20:35:01.0959 4384	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
20:35:02.0099 4384	RasMan - ok
20:35:02.0239 4384	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
20:35:02.0286 4384	RasPppoe - ok
20:35:02.0411 4384	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
20:35:02.0458 4384	RasSstp - ok
20:35:02.0567 4384	rdbss           (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
20:35:02.0676 4384	rdbss - ok
20:35:02.0739 4384	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
20:35:02.0770 4384	rdpbus - ok
20:35:02.0817 4384	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
20:35:02.0879 4384	RDPCDD - ok
20:35:03.0004 4384	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
20:35:03.0066 4384	RDPENCDD - ok
20:35:03.0129 4384	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
20:35:03.0175 4384	RDPREFMP - ok
20:35:03.0253 4384	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
20:35:03.0363 4384	RDPWD - ok
20:35:03.0503 4384	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
20:35:03.0565 4384	rdyboost - ok
20:35:04.0133 4384	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
20:35:04.0235 4384	RemoteAccess - ok
20:35:04.0713 4384	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
20:35:04.0864 4384	RemoteRegistry - ok
20:35:04.0998 4384	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
20:35:05.0055 4384	RFCOMM - ok
20:35:05.0232 4384	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
20:35:05.0456 4384	RpcEptMapper - ok
20:35:05.0592 4384	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
20:35:05.0673 4384	RpcLocator - ok
20:35:07.0243 4384	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
20:35:07.0293 4384	RpcSs - ok
20:35:07.0390 4384	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
20:35:07.0499 4384	rspndr - ok
20:35:09.0575 4384	RTL8167         (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys
20:35:09.0655 4384	RTL8167 - ok
20:35:10.0196 4384	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:35:10.0231 4384	SamSs - ok
20:35:11.0297 4384	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
20:35:11.0676 4384	sbp2port - ok
20:35:12.0139 4384	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
20:35:12.0202 4384	SCardSvr - ok
20:35:12.0368 4384	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
20:35:12.0540 4384	scfilter - ok
20:35:14.0834 4384	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
20:35:15.0038 4384	Schedule - ok
20:35:15.0419 4384	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
20:35:15.0458 4384	SCPolicySvc - ok
20:35:15.0742 4384	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys
20:35:15.0960 4384	sdbus - ok
20:35:16.0417 4384	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
20:35:16.0604 4384	SDRSVC - ok
20:35:16.0756 4384	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
20:35:16.0824 4384	secdrv - ok
20:35:17.0011 4384	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
20:35:17.0136 4384	seclogon - ok
20:35:17.0357 4384	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
20:35:17.0459 4384	SENS - ok
20:35:17.0713 4384	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
20:35:17.0789 4384	SensrSvc - ok
20:35:17.0887 4384	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
20:35:17.0905 4384	Serenum - ok
20:35:18.0304 4384	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
20:35:18.0372 4384	Serial - ok
20:35:18.0723 4384	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
20:35:18.0806 4384	sermouse - ok
20:35:18.0959 4384	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
20:35:19.0050 4384	SessionEnv - ok
20:35:19.0097 4384	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
20:35:19.0272 4384	sffdisk - ok
20:35:19.0315 4384	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
20:35:19.0349 4384	sffp_mmc - ok
20:35:19.0378 4384	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
20:35:19.0489 4384	sffp_sd - ok
20:35:19.0595 4384	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
20:35:19.0676 4384	sfloppy - ok
20:35:19.0942 4384	Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
20:35:20.0005 4384	Sftfs - ok
20:35:20.0163 4384	sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:35:20.0252 4384	sftlist - ok
20:35:20.0425 4384	Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
20:35:20.0499 4384	Sftplay - ok
20:35:20.0674 4384	Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
20:35:20.0736 4384	Sftredir - ok
20:35:20.0813 4384	Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
20:35:20.0877 4384	Sftvol - ok
20:35:21.0381 4384	sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:35:21.0480 4384	sftvsa - ok
20:35:21.0576 4384	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
20:35:21.0637 4384	SharedAccess - ok
20:35:21.0803 4384	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
20:35:21.0923 4384	ShellHWDetection - ok
20:35:21.0993 4384	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
20:35:22.0007 4384	SiSRaid2 - ok
20:35:22.0055 4384	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
20:35:22.0071 4384	SiSRaid4 - ok
20:35:22.0134 4384	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
20:35:22.0179 4384	Smb - ok
20:35:22.0276 4384	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
20:35:22.0300 4384	SNMPTRAP - ok
20:35:22.0967 4384	SNP2UVC         (2b0bd5d647f382b9e7253c598e24d133) C:\windows\system32\DRIVERS\snp2uvc.sys
20:35:23.0042 4384	SNP2UVC - ok
20:35:23.0974 4384	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
20:35:23.0988 4384	spldr - ok
20:35:24.0539 4384	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
20:35:24.0588 4384	Spooler - ok
20:35:24.0846 4384	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
20:35:24.0954 4384	sppsvc - ok
20:35:25.0428 4384	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
20:35:25.0508 4384	sppuinotify - ok
20:35:25.0653 4384	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
20:35:25.0760 4384	srv - ok
20:35:25.0927 4384	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
20:35:25.0994 4384	srv2 - ok
20:35:26.0100 4384	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
20:35:26.0218 4384	srvnet - ok
20:35:26.0339 4384	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
20:35:26.0419 4384	SSDPSRV - ok
20:35:26.0548 4384	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
20:35:26.0614 4384	SstpSvc - ok
20:35:26.0680 4384	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
20:35:26.0694 4384	stexstor - ok
20:35:26.0731 4384	STHDA - ok
20:35:26.0971 4384	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
20:35:27.0079 4384	stisvc - ok
20:35:27.0178 4384	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
20:35:27.0196 4384	swenum - ok
20:35:27.0399 4384	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
20:35:27.0483 4384	swprv - ok
20:35:27.0593 4384	SynTP           (3c80203c725c28cea5713d1ab242880a) C:\windows\system32\DRIVERS\SynTP.sys
20:35:27.0648 4384	SynTP - ok
20:35:28.0027 4384	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
20:35:28.0138 4384	SysMain - ok
20:35:28.0538 4384	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
20:35:28.0613 4384	TabletInputService - ok
20:35:28.0708 4384	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
20:35:28.0841 4384	TapiSrv - ok
20:35:28.0904 4384	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
20:35:28.0962 4384	TBS - ok
20:35:29.0228 4384	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
20:35:29.0319 4384	Tcpip - ok
20:35:30.0228 4384	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
20:35:30.0274 4384	TCPIP6 - ok
20:35:30.0763 4384	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
20:35:30.0889 4384	tcpipreg - ok
20:35:30.0978 4384	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
20:35:31.0038 4384	TDPIPE - ok
20:35:31.0108 4384	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
20:35:31.0190 4384	TDTCP - ok
20:35:31.0385 4384	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
20:35:31.0481 4384	tdx - ok
20:35:31.0623 4384	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
20:35:31.0670 4384	TermDD - ok
20:35:31.0831 4384	TermService     (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
20:35:31.0953 4384	TermService - ok
20:35:32.0048 4384	Themes          (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
20:35:32.0089 4384	Themes - ok
20:35:32.0133 4384	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
20:35:32.0179 4384	THREADORDER - ok
20:35:32.0241 4384	TPM             (dbcc20c02e8a3e43b03c304a4e40a84f) C:\windows\system32\drivers\tpm.sys
20:35:32.0267 4384	TPM - ok
20:35:32.0378 4384	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
20:35:32.0438 4384	TrkWks - ok
20:35:32.0554 4384	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
20:35:32.0605 4384	TrustedInstaller - ok
20:35:32.0691 4384	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
20:35:32.0796 4384	tssecsrv - ok
20:35:32.0906 4384	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
20:35:33.0003 4384	TsUsbFlt - ok
20:35:33.0105 4384	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
20:35:33.0180 4384	tunnel - ok
20:35:33.0281 4384	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
20:35:33.0300 4384	uagp35 - ok
20:35:33.0407 4384	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
20:35:33.0519 4384	udfs - ok
20:35:33.0710 4384	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
20:35:33.0738 4384	UI0Detect - ok
20:35:33.0808 4384	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
20:35:33.0823 4384	uliagpkx - ok
20:35:33.0884 4384	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
20:35:33.0936 4384	umbus - ok
20:35:34.0002 4384	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
20:35:34.0038 4384	UmPass - ok
20:35:34.0184 4384	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
20:35:34.0268 4384	upnphost - ok
20:35:34.0344 4384	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
20:35:34.0453 4384	usbccgp - ok
20:35:34.0796 4384	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
20:35:34.0858 4384	usbcir - ok
20:35:34.0925 4384	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
20:35:35.0001 4384	usbehci - ok
20:35:35.0134 4384	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
20:35:35.0254 4384	usbhub - ok
20:35:35.0540 4384	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
20:35:35.0648 4384	usbohci - ok
20:35:35.0794 4384	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
20:35:35.0851 4384	usbprint - ok
20:35:35.0949 4384	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
20:35:36.0031 4384	usbscan - ok
20:35:36.0207 4384	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\drivers\USBSTOR.SYS
20:35:36.0322 4384	USBSTOR - ok
20:35:36.0380 4384	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
20:35:36.0512 4384	usbuhci - ok
20:35:36.0658 4384	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
20:35:36.0732 4384	usbvideo - ok
20:35:36.0790 4384	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
20:35:36.0859 4384	UxSms - ok
20:35:36.0949 4384	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
20:35:36.0981 4384	VaultSvc - ok
20:35:37.0204 4384	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
20:35:37.0217 4384	vdrvroot - ok
20:35:37.0387 4384	vds             (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
20:35:37.0528 4384	vds - ok
20:35:37.0705 4384	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
20:35:37.0752 4384	vga - ok
20:35:37.0830 4384	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
20:35:37.0929 4384	VgaSave - ok
20:35:38.0032 4384	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
20:35:38.0086 4384	vhdmp - ok
20:35:38.0167 4384	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
20:35:38.0182 4384	viaide - ok
20:35:38.0636 4384	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
20:35:38.0743 4384	volmgr - ok
20:35:38.0848 4384	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
20:35:38.0867 4384	volmgrx - ok
20:35:39.0143 4384	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
20:35:39.0212 4384	volsnap - ok
20:35:39.0491 4384	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
20:35:39.0508 4384	vsmraid - ok
20:35:40.0123 4384	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
20:35:40.0216 4384	VSS - ok
20:35:40.0752 4384	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
20:35:40.0806 4384	vwifibus - ok
20:35:40.0872 4384	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
20:35:40.0937 4384	vwififlt - ok
20:35:41.0004 4384	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
20:35:41.0047 4384	vwifimp - ok
20:35:41.0123 4384	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
20:35:41.0200 4384	W32Time - ok
20:35:41.0320 4384	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
20:35:41.0381 4384	WacomPen - ok
20:35:41.0573 4384	WANARP          (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:35:41.0677 4384	WANARP - ok
20:35:41.0686 4384	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
20:35:41.0724 4384	Wanarpv6 - ok
20:35:42.0064 4384	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
20:35:42.0206 4384	wbengine - ok
20:35:42.0414 4384	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
20:35:42.0473 4384	WbioSrvc - ok
20:35:42.0589 4384	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
20:35:42.0690 4384	wcncsvc - ok
20:35:42.0721 4384	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
20:35:42.0784 4384	WcsPlugInService - ok
20:35:42.0923 4384	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
20:35:42.0939 4384	Wd - ok
20:35:43.0149 4384	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
20:35:43.0175 4384	Wdf01000 - ok
20:35:43.0355 4384	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:35:43.0532 4384	WdiServiceHost - ok
20:35:43.0540 4384	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
20:35:43.0572 4384	WdiSystemHost - ok
20:35:43.0651 4384	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
20:35:43.0756 4384	WebClient - ok
20:35:43.0863 4384	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
20:35:43.0950 4384	Wecsvc - ok
20:35:44.0159 4384	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
20:35:44.0233 4384	wercplsupport - ok
20:35:44.0448 4384	WerSvc          (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
20:35:44.0590 4384	WerSvc - ok
20:35:44.0789 4384	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
20:35:44.0864 4384	WfpLwf - ok
20:35:44.0885 4384	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
20:35:44.0900 4384	WIMMount - ok
20:35:44.0994 4384	WinDefend - ok
20:35:45.0009 4384	WinHttpAutoProxySvc - ok
20:35:45.0482 4384	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
20:35:45.0563 4384	Winmgmt - ok
20:35:46.0027 4384	WinRM           (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
20:35:46.0273 4384	WinRM - ok
20:35:46.0569 4384	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
20:35:46.0653 4384	WinUsb - ok
20:35:46.0866 4384	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
20:35:46.0947 4384	Wlansvc - ok
20:35:48.0300 4384	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:35:48.0665 4384	wlidsvc - ok
20:35:49.0108 4384	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
20:35:49.0231 4384	WmiAcpi - ok
20:35:49.0359 4384	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
20:35:49.0497 4384	wmiApSrv - ok
20:35:50.0077 4384	WMPNetworkSvc - ok
20:35:50.0360 4384	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
20:35:50.0504 4384	WPCSvc - ok
20:35:50.0600 4384	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
20:35:50.0643 4384	WPDBusEnum - ok
20:35:50.0670 4384	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
20:35:50.0778 4384	ws2ifsl - ok
20:35:50.0853 4384	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
20:35:50.0930 4384	wscsvc - ok
20:35:50.0944 4384	WSearch - ok
20:35:51.0632 4384	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
20:35:51.0681 4384	wuauserv - ok
20:35:52.0643 4384	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
20:35:52.0757 4384	WudfPf - ok
20:35:52.0815 4384	WUDFRd          (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
20:35:53.0004 4384	WUDFRd - ok
20:35:53.0228 4384	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
20:35:53.0305 4384	wudfsvc - ok
20:35:53.0679 4384	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
20:35:53.0733 4384	WwanSvc - ok
20:35:53.0859 4384	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:35:54.0750 4384	\Device\Harddisk0\DR0 - ok
20:35:54.0759 4384	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:36:02.0669 4384	\Device\Harddisk1\DR1 - ok
20:36:02.0688 4384	Boot (0x1200)   (557f5ec52bd17c94673bf37203277cbf) \Device\Harddisk0\DR0\Partition0
20:36:02.0690 4384	\Device\Harddisk0\DR0\Partition0 - ok
20:36:02.0702 4384	Boot (0x1200)   (e384c685613eb5760b240da4b6fd4db3) \Device\Harddisk0\DR0\Partition1
20:36:02.0703 4384	\Device\Harddisk0\DR0\Partition1 - ok
20:36:02.0737 4384	Boot (0x1200)   (7c941d31ecf9e2e64d1cc8d3e48c859a) \Device\Harddisk0\DR0\Partition2
20:36:02.0738 4384	\Device\Harddisk0\DR0\Partition2 - ok
20:36:02.0757 4384	Boot (0x1200)   (c66b356a808dc910aea06f0fc97fdf18) \Device\Harddisk0\DR0\Partition3
20:36:02.0758 4384	\Device\Harddisk0\DR0\Partition3 - ok
20:36:02.0765 4384	Boot (0x1200)   (001b50ecabc6380a8e5998f2e7c597b6) \Device\Harddisk1\DR1\Partition0
20:36:02.0766 4384	\Device\Harddisk1\DR1\Partition0 - ok
20:36:02.0769 4384	============================================================
20:36:02.0769 4384	Scan finished
20:36:02.0769 4384	============================================================
20:36:02.0783 0896	Detected object count: 2
20:36:02.0783 0896	Actual detected object count: 2
20:36:40.0178 0896	HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:40.0178 0896	HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:36:40.0180 0896	LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:36:40.0180 0896	LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 21.06.2012, 19:55   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
funmoods-Startseite bei Mozilla Firefox - Standard

funmoods-Startseite bei Mozilla Firefox



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.06.2012, 21:07   #15
schnief
 
funmoods-Startseite bei Mozilla Firefox - Standard

funmoods-Startseite bei Mozilla Firefox



Hallo Arne,

hier gleich das Combofix-Log:

Gruß
schnief

Code:
ATTFilter
CfomboFix 12-06-21.02 - **** 21.06.2012  21:29:43.1.1 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3837.2730 [GMT 2:00]
ausgeführt von:: c:\users\****\unwichtigeOrdner\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
c:\users\****\4.0
c:\users\****\jaudioMp3Win.tar
c:\users\****\mp3buf.tmp
c:\users\****\YouTubeDownloaderSetup34.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-21 bis 2012-06-21  ))))))))))))))))))))))))))))))
.
.
2012-06-21 19:41 . 2012-06-21 19:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-21 19:23 . 2012-06-21 19:23	--------	d-----w-	c:\users\****\AppData\Roaming\Avira
2012-06-21 19:10 . 2012-06-21 19:10	--------	d-----w-	c:\programdata\Avira
2012-06-21 19:10 . 2012-06-21 19:10	--------	d-----w-	c:\program files (x86)\Avira
2012-06-21 19:10 . 2012-05-02 13:24	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-06-21 19:10 . 2012-04-27 08:20	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-06-21 19:10 . 2012-04-24 22:32	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-06-21 19:03 . 2010-02-10 14:09	384	----a-w-	c:\windows\myClean.bat
2012-06-21 18:29 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 18:29 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 18:29 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 18:29 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 18:29 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 18:29 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 18:29 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 18:28 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 18:28 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-18 17:22 . 2012-06-18 17:22	--------	d-----w-	C:\_OTL
2012-06-14 19:11 . 2012-05-15 01:32	3146752	----a-w-	c:\windows\system32\win32k.sys
2012-06-14 19:11 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-14 19:11 . 2012-04-26 05:41	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-14 19:11 . 2012-04-26 05:34	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-14 19:11 . 2012-05-01 05:40	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-06-14 19:11 . 2012-05-04 11:06	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-06-14 19:11 . 2012-05-04 10:03	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 19:11 . 2012-05-04 10:03	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 19:10 . 2012-04-28 03:55	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-14 19:10 . 2012-04-07 12:31	3216384	----a-w-	c:\windows\system32\msi.dll
2012-06-14 19:10 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\SysWow64\msi.dll
2012-06-14 19:10 . 2012-04-24 05:37	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-06-14 19:10 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-06-14 19:10 . 2012-04-24 05:37	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-14 19:10 . 2012-04-24 05:37	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-06-14 19:10 . 2012-04-24 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-06-14 19:10 . 2012-04-24 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-06-04 20:22 . 2012-05-14 23:41	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B939DE8A-67B5-4D01-A086-5F786EC7F405}\mpengine.dll
2012-06-04 20:22 . 2012-02-23 08:18	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-06-04 20:07 . 2012-06-04 20:07	--------	d-----w-	c:\program files (x86)\ESET
2012-05-27 20:19 . 2012-05-27 20:19	--------	d-----w-	c:\users\****\AppData\Roaming\Malwarebytes
2012-05-27 20:18 . 2012-05-27 20:18	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-27 20:18 . 2012-05-27 20:18	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-27 20:18 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-27 19:53 . 2012-05-27 19:53	--------	d-----w-	c:\program files\CCleaner
2012-05-27 19:32 . 2012-05-27 19:32	--------	d-----w-	c:\users\****\AppData\Roaming\Roxio Log Files
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-14 16:50 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-05-14 16:50 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-05-06 12:10 . 2012-04-12 12:12	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-06 12:10 . 2011-07-07 07:14	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-06 12:10 . 2012-04-12 15:10	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-30 11:35 . 2012-05-12 07:54	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-05 98304]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 3331944]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-30 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-07-12 92216]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - AVKMGR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 12:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-03 2114376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uLocal Page = c:\windows\system32\blank.htm
mStart Page = 
mLocal Page = 
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\1c3dr9as.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=100512_1_
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - a8baa772000000000000e02a823bea36
FF - user.js: extensions.BabylonToolbar_i.hardId - a8baa772000000000000e02a823bea36
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15475
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:37
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2XzutAtN2Y1L1Qzu0EtDtB0AzztBtA0B0E0AtAyC0AyByBtBtN0D0TzutBtDtCtBtDyDtByE&cr=55663475
FF - user.js: extensions.funmoods.tlbrSrchUrl - 
FF - user.js: extensions.funmoods.id - a8baa772000000000000e02a823bea36
FF - user.js: extensions.funmoods.instlDay - 15484
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2220:46
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - iron2
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - iron2
FF - user.js: extensions.funmoods.dfltLng - 
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{FC17E0A7-EAA9-4902-92F8-C83B9FD02246} - c:\program files (x86)\InstallShield Installation Information\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-21  21:58:24
ComboFix-quarantined-files.txt  2012-06-21 19:58
.
Vor Suchlauf: 14 Verzeichnis(se), 79.785.791.488 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 79.280.054.272 Bytes frei
.
- - End Of File - - 3E7C12D5094AB72334004639AE86D3FB
         

Antwort

Themen zu funmoods-Startseite bei Mozilla Firefox
autorun, benutzerregistrierung, bho, browser, ccsetup, dateisystem, defender, error, failed, firefox, flash player, format, funmoods, google, helper, heuristiks/extra, heuristiks/shuriken, home, install.exe, internet, logfile, mcafee firewall, mcafee virus, microsoft office starter 2010, mozilla, netzwerk, realtek, registry, rundll, search the web, searchscopes, security, security scan, siteadvisor, software, svchost.exe, symantec, tarma, version=1.0, virus



Ähnliche Themen: funmoods-Startseite bei Mozilla Firefox


  1. Win 8.1 : Mozilla Tab-falsche Startseite und Chinesische Schriftzeichen, Windows-Start "Startmenü aktualisiert"
    Log-Analyse und Auswertung - 15.03.2015 (33)
  2. Webseaches.com als Startseite von Mozilla lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 01.09.2014 (14)
  3. Wirrer Code auf Google-Startseite (Mozilla)
    Netzwerk und Hardware - 19.08.2014 (3)
  4. Problem mit Internet PoP-Ups und neuer Startseite im Mozilla
    Plagegeister aller Art und deren Bekämpfung - 27.07.2014 (12)
  5. Mozilla Firefox Problem
    Alles rund um Windows - 25.03.2014 (31)
  6. Windows 7: qv06 als Startseite/Tab im Mozilla Firefox (nach download von softonic)
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (9)
  7. Infizierte Registrierungschlüssel (Pup.funmoods) - Firefox läßt sich nicht mehr öffnen
    Log-Analyse und Auswertung - 11.04.2013 (34)
  8. Startseite "deltasearch.com", wenn Mozilla geöffnet wird
    Log-Analyse und Auswertung - 20.03.2013 (18)
  9. "Funmoods Search" Startseite in Chrome lässt sich nicht entfernen - möglicher Virus?
    Plagegeister aller Art und deren Bekämpfung - 22.01.2013 (9)
  10. "Funmoods Search" Startseite nicht entfernbar - möglicher Virus?
    Plagegeister aller Art und deren Bekämpfung - 01.12.2012 (15)
  11. searchqu.com als Startseite in Mozilla Firefox und IE
    Log-Analyse und Auswertung - 06.10.2012 (11)
  12. Searchqu Startseite im Mozilla lässt sich nicht löschen
    Log-Analyse und Auswertung - 20.12.2011 (18)
  13. Mozilla FireFox Problem
    Alles rund um Windows - 22.07.2011 (5)
  14. Mozilla Firefox und IE Startseite wird "entführt"
    Log-Analyse und Auswertung - 08.12.2009 (3)
  15. Mozilla Firefox
    Alles rund um Windows - 17.05.2009 (0)
  16. IE pop-ups mit mozilla firefox
    Log-Analyse und Auswertung - 31.08.2007 (4)
  17. Sicherheitslücken in Mozilla u.Firefox
    Alles rund um Windows - 04.10.2004 (6)

Zum Thema funmoods-Startseite bei Mozilla Firefox - Hallo und guten Abend. Seit vergangener Woche habe ich eine seltsame funmoods-Startseite bei Mozilla Firefox. Ich vermute, dass es im Zusammenhang steht mit einem Download eines PDF-Merger-Tools. Nach Recherchen im - funmoods-Startseite bei Mozilla Firefox...
Archiv
Du betrachtest: funmoods-Startseite bei Mozilla Firefox auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.