Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.06.2012, 11:06   #1
bingbot
 
Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Icon16

Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.



Hallo,

seit einigen Tagen schieben sich in allen drei installierten Browsern (Chrome, FF, IE) unten rechts die gleichen Werbebanner ins Bild. Nicht auf allen Seiten, aber auf den meisten. Zudem werde ich beim surfen ab und an auf eine Werbeseite weitergeleitet, oft wird diese als "attackierende Seite" erkannt und geblockt. Insgesamt erscheint mir das Internet oder zumindest das Browser etwas langsamer.

Über meinen Twitter Account wurden die letzten Tage Spam Nachrichten versendet, vielleicht hat das auch was damit zu tun.

AVG und MAM (beides aktuell) finden nix.

Den anderen "Betroffenen" mit ähnlichen Symptomen habt ihr durch ein individuelles ComboFix File geholfen, vielleicht klappt das ja auch bei mir?

Der Anleitung folgend habe ich zunächst Defogger und dann OTL laufen lassen. Letzteres stoppt mit der Fehlermeldung "List index out of Bounds (21)". Eine OTL.txt wird trotzdem generiert, hier ihr Inhalt:

Code:
ATTFilter
OTL logfile created on: 21.06.2012 10:46:57 - Run 1
OTL by OldTimer - Version 3.2.50.0     Folder = C:\Users\Bloodhound5\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 58,90% Memory free
7,36 Gb Paging File | 5,40 Gb Available in Paging File | 73,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 134,95 Gb Total Space | 27,65 Gb Free Space | 20,49% Space Free | Partition Type: NTFS
 
Computer Name: ALIENBABY-X | User Name: Bloodhound5 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.21 10:30:15 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Bloodhound5\Desktop\OTL.exe
PRC - [2012.05.09 18:29:04 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.01.06 15:13:19 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\Bloodhound5\AppData\Local\Apps\2.0\NQLVN0WZ.Q0W\ZW642YGV.5TM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 14:22:28 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.14 14:22:18 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 14:22:14 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.14 14:22:12 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.06.14 14:22:12 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
MOD - [2012.05.13 04:30:16 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.13 04:29:34 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.13 04:29:31 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.13 04:29:28 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.13 04:29:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.13 04:29:24 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.01.06 15:13:09 | 000,368,640 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Local\Apps\2.0\NQLVN0WZ.Q0W\ZW642YGV.5TM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 19:58:23 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.06.13 23:00:58 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.21 09:39:30 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.13 20:39:08 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012.01.09 18:09:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.26 13:37:33 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.03.16 17:19:38 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Programme\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.09.21 17:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009.09.21 17:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.03.19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.01.06 15:13:15 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.12.23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.11.04 13:37:00 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.06.14 03:49:02 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.06.13 22:23:22 | 000,303,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.30 15:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.25 13:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.08.25 13:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.07.16 11:52:04 | 002,350,952 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.12.22 10:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.10.26 13:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 22:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.05.14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 67 80 84 A7 40 38 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "YouTube-Videosuche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.2
FF - prefs.js..extensions.enabledItems: foxiFrame@basic.am:5.1
FF - prefs.js..extensions.enabledItems: VerticalBookmarksToolbar@alice:3.4
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1
FF - prefs.js..extensions.enabledItems: {5274f9d8-138e-462e-8437-1d790141a7da}:1.03
FF - prefs.js..extensions.enabledItems: ireader@samabox.com:1.0.6
FF - prefs.js..extensions.enabledItems: {76C80A11-FAD4-406c-8246-F5ED4F9367B5}:0.1.7
FF - prefs.js..extensions.enabledItems: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}:5.1.0.23
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bloodhound5\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bloodhound5\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.06.12 15:45:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.17 22:22:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Bloodhound5\AppData\Roaming\10018 [2012.03.19 20:44:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.06.05 22:55:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.21 09:39:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.13 18:48:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.13 18:48:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Bloodhound5\AppData\Roaming\10018 [2012.03.19 20:44:31 | 000,000,000 | ---D | M]
 
[2011.12.26 12:29:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Extensions
[2011.01.21 11:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.06.21 09:39:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions
[2011.12.26 13:00:04 | 000,000,000 | ---D | M] (Copy Links) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}
[2012.05.23 00:17:20 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012.05.22 09:29:22 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.05.23 00:17:20 | 000,000,000 | ---D | M] (Diigo Toolbar) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}
[2012.05.22 09:29:22 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\foxyproxy@eric.h.jung
[2012.06.21 09:39:31 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\support@lastpass.com
[2011.12.26 13:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1_.default\extensions
[2011.12.26 12:03:47 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1_.default\extensions\support@lastpass.com
[2011.12.26 15:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions
[2011.12.26 15:07:32 | 000,000,000 | ---D | M] (Copy Links) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}
[2011.12.26 15:07:33 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011.12.26 15:07:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.12.26 15:07:33 | 000,000,000 | ---D | M] (Diigo Toolbar) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}
[2011.12.26 15:07:32 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\foxyproxy@eric.h.jung
[2011.12.26 15:07:32 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\support@lastpass.com
[2012.06.16 21:09:06 | 000,002,533 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Mozilla\Firefox\Profiles\8j1poem1.default\searchplugins\diigo--google.xml
[2012.06.16 21:09:09 | 000,001,018 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Mozilla\Firefox\Profiles\8j1poem1.default\searchplugins\facebook.xml
[2011.01.24 23:54:01 | 000,002,057 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Mozilla\Firefox\Profiles\8j1poem1.default\searchplugins\youtube-videosuche.xml
[2012.02.02 11:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.19 20:44:31 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\10018
[2012.01.31 10:48:21 | 000,022,740 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\{82129504-17C6-4FEC-B132-9C17E61879CA}.XPI
[2012.02.22 10:38:16 | 000,015,392 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\{966762EB-7132-4081-AC70-20D20161AD96}.XPI
[2012.05.19 13:20:20 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012.05.18 12:20:02 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011.12.27 18:47:24 | 000,195,719 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
[2011.04.24 15:13:03 | 000,017,406 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\VERTICALBOOKMARKSTOOLBAR@ALICE.XPI
[2012.05.13 17:18:56 | 000,043,424 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\VERTICALTOOLBAR@XULDEV.ORG.XPI
[2012.06.21 09:39:30 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.06.21 09:39:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.21 09:39:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.21 09:39:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 09:39:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 09:39:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 09:39:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Bloodhound5\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Bloodhound5\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: AVG Safe Search = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: AVG Do Not Track = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
 
O1 HOSTS File: ([2012.05.16 23:07:37 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 69.10.57.36 www.google-analytics.com.
O1 - Hosts: 69.10.57.36 ad-emea.doubleclick.net.
O1 - Hosts: 69.10.57.36 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Bloodhound5\AppData\Local\Apps\2.0\NQLVN0WZ.Q0W\ZW642YGV.5TM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - Startup: C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bloodhound5\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63395EAD-2F98-4836-A730-F4BDCD71EED2}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.21 10:30:17 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Bloodhound5\Desktop\OTL.exe
[2012.06.15 00:35:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.13 18:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.06.13 18:48:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.06.13 18:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.06.12 17:14:36 | 000,000,000 | ---D | C] -- C:\mukke tob geb
[2012.06.12 15:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.06.05 13:03:52 | 000,000,000 | ---D | C] -- C:\Users\Bloodhound5\AppData\Local\Microsoft Games
[2012.06.05 13:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2012.06.05 03:00:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012.06.05 03:00:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012.06.03 23:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012.06.03 23:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2012.06.03 23:32:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2012.06.03 23:32:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[1 C:\Users\Bloodhound5\AppData\Roaming\*.tmp files -> C:\Users\Bloodhound5\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.21 10:40:55 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.21 10:40:55 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.21 10:40:55 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.21 10:40:55 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.21 10:40:55 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.21 10:34:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.21 10:30:15 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Bloodhound5\Desktop\OTL.exe
[2012.06.21 10:28:51 | 000,050,477 | ---- | M] () -- C:\Users\Bloodhound5\Desktop\Defogger.exe
[2012.06.21 10:28:45 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.21 10:28:45 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.21 10:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.21 10:21:48 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.21 10:21:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.21 10:21:37 | 2962,276,352 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.21 10:03:00 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2069408673-4186737391-3019578021-1000UA.job
[2012.06.21 09:29:00 | 100,594,855 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.06.21 00:03:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2069408673-4186737391-3019578021-1000Core.job
[2012.06.20 19:32:26 | 000,001,456 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.06.16 21:12:03 | 000,388,036 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.06.14 14:21:53 | 004,913,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.12 22:12:22 | 435,000,859 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.06.12 15:45:43 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.06.11 19:48:04 | 000,001,314 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012.06.03 13:51:18 | 000,001,058 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[1 C:\Users\Bloodhound5\AppData\Roaming\*.tmp files -> C:\Users\Bloodhound5\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.21 10:28:51 | 000,050,477 | ---- | C] () -- C:\Users\Bloodhound5\Desktop\Defogger.exe
[2012.06.05 22:55:57 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.03.19 20:44:28 | 000,000,016 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Roaming\blckdom.res
[2011.12.26 13:38:10 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.12.26 13:07:23 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.12.26 13:07:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.26 13:05:55 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.12.26 13:05:55 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011.12.26 13:05:55 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011.12.26 13:05:55 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011.12.26 13:05:55 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.12.26 13:05:54 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.12.26 12:52:59 | 000,004,608 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.26 12:52:59 | 000,001,456 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.12.26 12:52:59 | 000,000,600 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Local\PUTTY.RND
[2011.12.26 12:52:59 | 000,000,032 | RHS- | C] () -- C:\Users\Bloodhound5\AppData\Local\t56.dat
[2011.12.26 12:28:50 | 000,038,547 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.12.26 12:28:50 | 000,007,069 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Roaming\e269720948.prf
[2011.12.26 12:28:50 | 000,000,417 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Roaming\redirect.xml
[2011.12.26 12:28:50 | 000,000,132 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.06.13 23:28:34 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
 
========== LOP Check ==========
 
[2011.12.26 13:04:17 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\.minecraft
[2012.03.19 20:44:31 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\10018
[2011.03.21 02:35:45 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Amazon
[2011.12.26 11:53:43 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\AVG2012
[2011.12.26 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Axure
[2011.12.26 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
[2012.01.22 18:04:28 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Bioshock
[2011.12.26 12:29:35 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Bitcoin
[2012.01.10 16:55:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\calibre
[2011.12.26 12:29:35 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.12.26 11:47:17 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\CrashPlan
[2012.01.26 17:56:51 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\DAEMON Tools Lite
[2012.06.21 10:21:54 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Dropbox
[2012.03.11 20:25:56 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Duden
[2012.02.13 10:43:45 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\e-academy Inc
[2012.05.10 13:08:57 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\FileZilla
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\FRITZ!
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\gamesport
[2012.03.19 20:43:04 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\gema
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\GeoSetter
[2012.02.15 20:06:34 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\ImgBurn
[2011.12.27 20:36:09 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\IrfanView
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\JAM Software
[2012.03.19 20:44:18 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\kock
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Leadertech
[2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\MySQL
[2012.05.03 19:24:27 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Netyy
[2011.12.26 13:00:06 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Notepad++
[2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\officedrop
[2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\PACE Anti-Piracy
[2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Samsung
[2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Songbird2
[2011.12.26 12:29:42 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Sublime Text 2
[2011.10.04 13:57:37 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Subversion
[2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\syntevo
[2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\TeamViewer
[2012.01.20 15:22:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Thunderbird
[2012.01.17 13:49:56 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Titanium
[2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Trillian
[2012.01.22 20:05:49 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\UniversalCodeLinesCounter
[2012.05.03 19:24:16 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Wau
[2012.03.19 20:44:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\xmldm
[2011.12.26 12:29:59 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Yamb
[2009.07.14 07:08:49 | 000,029,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Schonmal Danke fürs Helfen!

Alt 24.06.2012, 18:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Standard

Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.



Zitat:
und MAM (beides aktuell) finden nix.
Trotzdem bitte alle Logs davon posten
Die Logs enthalten ein paar mehr Infos als nur Fund oder kein Fund.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 25.06.2012, 16:57   #3
bingbot
 
Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Standard

Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.



Gerne. Hier:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Bloodhound5 :: ALIENBABY-X [Administrator]

25.06.2012 16:25:10
mbam-log-2012-06-25 (16-25-10).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 521923
Laufzeit: 27 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Danke & Gruß!
__________________

Alt 25.06.2012, 17:12   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Standard

Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.



Führ bitte auch ESET aus, danach sehen wir weiter:

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner


Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
         
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
ATTFilter
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
         
Poste nun den Inhalt der log.txt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.06.2012, 18:46   #5
bingbot
 
Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Standard

Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.



vier funde:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=590cd7e9c661f14cb58e42162e2b5cf0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-25 04:43:46
# local_time=2012-06-25 06:43:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 15748382 15748382 0 0
# compatibility_mode=5893 16776574 100 94 15006090 92267788 0 0
# compatibility_mode=8192 67108863 100 0 3287979 3287979 0 0
# scanned=364381
# found=4
# cleaned=0
# scan_time=4688
C:\Users\Bloodhound5\AppData\Local\Temp\6C65.tmp	a variant of Win32/Kryptik.AGJE trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Bloodhound5\AppData\Local\Temp\L.class	a variant of Java/Agent.EQ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Bloodhound5\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\35da4ae-299203e1	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Bloodhound5\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\29bb91fb-56bcb75f	multiple threats (unable to clean)	00000000000000000000000000000000	I
         


Alt 26.06.2012, 10:24   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Standard

Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
--> Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.

Alt 26.06.2012, 21:37   #7
bingbot
 
Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Standard

Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.



Bis auf die Werbung alles super. Also: keine Probleme mit dem normal-Modus und auch im Startmenü fehlt nix.

Alt 27.06.2012, 13:31   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Standard

Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.06.2012, 14:09   #9
bingbot
 
Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Standard

Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.



Die otl.txt:
Code:
ATTFilter
OTL logfile created on: 27.06.2012 13:48:20 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Bloodhound5\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,68 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 49,40% Memory free
7,36 Gb Paging File | 4,94 Gb Available in Paging File | 67,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 134,95 Gb Total Space | 38,34 Gb Free Space | 28,41% Space Free | Partition Type: NTFS
Drive D: | 176,31 Gb Total Space | 107,50 Gb Free Space | 60,97% Space Free | Partition Type: NTFS
 
Computer Name: ALIENBABY-X | User Name: Bloodhound5 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.27 13:46:01 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Bloodhound5\Desktop\OTL.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bloodhound5\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.09 18:29:04 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2012.04.05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.01.06 15:13:19 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\Bloodhound5\AppData\Local\Apps\2.0\NQLVN0WZ.Q0W\ZW642YGV.5TM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.03.16 17:17:57 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Programme\CrashPlan\CrashPlanTray.exe
PRC - [2010.10.27 22:21:54 | 001,155,072 | ---- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe
PRC - [2010.02.22 05:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 14:22:28 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.14 14:22:18 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 14:22:14 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.14 14:22:12 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.06.14 14:22:12 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
MOD - [2012.05.13 04:30:16 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.13 04:29:34 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.13 04:29:31 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.13 04:29:28 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.13 04:29:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.13 04:29:24 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.01.06 15:13:09 | 000,368,640 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Local\Apps\2.0\NQLVN0WZ.Q0W\ZW642YGV.5TM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.10.27 22:23:04 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_rtaudioplayback.dll
MOD - [2010.10.27 22:22:52 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_messengernotify.dll
MOD - [2010.10.27 22:22:42 | 000,058,880 | ---- | M] () -- C:\Program Files (x86)\Last.fm\ext_skypenotify.dll
MOD - [2010.10.27 22:22:08 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_madtranscode.dll
MOD - [2010.10.27 22:22:00 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Last.fm\srv_httpinput.dll
MOD - [2010.10.27 22:19:28 | 000,372,736 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmFingerprint1.dll
MOD - [2010.10.27 22:19:06 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Last.fm\breakpad.dll
MOD - [2010.10.27 22:18:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Last.fm\Moose1.dll
MOD - [2010.10.27 22:18:34 | 000,540,672 | ---- | M] () -- C:\Program Files (x86)\Last.fm\LastFmTools1.dll
MOD - [2010.10.27 22:13:52 | 001,382,507 | ---- | M] () -- C:\Program Files (x86)\Last.fm\libfftw3f-3.dll
MOD - [2010.10.27 22:13:52 | 000,074,240 | ---- | M] () -- C:\Program Files (x86)\Last.fm\zlibwapi.dll
MOD - [2010.02.22 05:50:20 | 000,060,416 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\zlib1.dll
MOD - [2009.07.14 19:58:23 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.07.14 19:58:17 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll
MOD - [2008.04.16 18:42:30 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtNetwork4.dll
MOD - [2008.04.16 18:42:16 | 000,524,288 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtSql4.dll
MOD - [2008.04.16 18:42:02 | 006,701,056 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtGui4.dll
MOD - [2008.04.16 18:36:38 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtXml4.dll
MOD - [2008.04.16 18:36:34 | 001,654,784 | ---- | M] () -- C:\Program Files (x86)\Last.fm\QtCore4.dll
MOD - [2008.04.02 15:26:50 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qmng4.dll
MOD - [2008.04.02 15:26:34 | 000,021,504 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qgif4.dll
MOD - [2008.04.02 15:26:28 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Last.fm\imageformats\qjpeg4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.06.13 23:00:58 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.23 23:28:24 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.21 09:39:30 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012.01.09 18:09:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.26 13:37:33 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.03.16 17:19:38 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Programme\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.09.21 17:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009.09.21 17:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.03.19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.01.06 15:13:15 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.12.23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.11.04 13:37:00 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.06.14 03:49:02 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.06.13 22:23:22 | 000,303,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.03.30 15:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 23:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.25 13:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010.08.25 13:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.07.16 11:52:04 | 002,350,952 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.12.22 10:18:48 | 000,074,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.10.26 13:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.17 20:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 22:32:38 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.05.14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2069408673-4186737391-3019578021-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2069408673-4186737391-3019578021-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2069408673-4186737391-3019578021-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 67 80 84 A7 40 38 CD 01  [binary data]
IE - HKU\S-1-5-21-2069408673-4186737391-3019578021-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2069408673-4186737391-3019578021-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2069408673-4186737391-3019578021-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.2
FF - prefs.js..extensions.enabledItems: foxiFrame@basic.am:5.1
FF - prefs.js..extensions.enabledItems: VerticalBookmarksToolbar@alice:3.4
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1
FF - prefs.js..extensions.enabledItems: {5274f9d8-138e-462e-8437-1d790141a7da}:1.03
FF - prefs.js..extensions.enabledItems: ireader@samabox.com:1.0.6
FF - prefs.js..extensions.enabledItems: {76C80A11-FAD4-406c-8246-F5ED4F9367B5}:0.1.7
FF - prefs.js..extensions.enabledItems: {fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}:5.1.0.23
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bloodhound5\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bloodhound5\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.06.12 15:45:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.17 22:22:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Bloodhound5\AppData\Roaming\10018 [2012.03.19 20:44:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.06.05 22:55:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.21 09:39:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.13 18:48:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.13 18:48:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Bloodhound5\AppData\Roaming\10018 [2012.03.19 20:44:31 | 000,000,000 | ---D | M]
 
[2011.12.26 12:29:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Extensions
[2011.01.21 11:57:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.06.25 21:53:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions
[2011.12.26 13:00:04 | 000,000,000 | ---D | M] (Copy Links) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}
[2012.05.23 00:17:20 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2012.05.22 09:29:22 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.05.23 00:17:20 | 000,000,000 | ---D | M] (Diigo Toolbar) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}
[2012.05.22 09:29:22 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\foxyproxy@eric.h.jung
[2012.06.25 21:53:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\staged
[2012.06.21 09:39:31 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1.default\extensions\support@lastpass.com
[2011.12.26 13:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1_.default\extensions
[2011.12.26 12:03:47 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\8j1poem1_.default\extensions\support@lastpass.com
[2011.12.26 15:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions
[2011.12.26 15:07:32 | 000,000,000 | ---D | M] (Copy Links) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5}
[2011.12.26 15:07:33 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011.12.26 15:07:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.12.26 15:07:33 | 000,000,000 | ---D | M] (Diigo Toolbar) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\{fc2b8f80-d9a5-4f51-8076-7c7ce3c67ee3}
[2011.12.26 15:07:32 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\foxyproxy@eric.h.jung
[2011.12.26 15:07:32 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Bloodhound5\AppData\Roaming\mozilla\Firefox\Profiles\o225yqak.default - Kopie\extensions\support@lastpass.com
[2012.06.24 21:47:33 | 000,002,533 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Mozilla\Firefox\Profiles\8j1poem1.default\searchplugins\diigo--google.xml
[2012.06.24 21:47:33 | 000,001,018 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Mozilla\Firefox\Profiles\8j1poem1.default\searchplugins\facebook.xml
[2011.01.24 23:54:01 | 000,002,057 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Mozilla\Firefox\Profiles\8j1poem1.default\searchplugins\youtube-videosuche.xml
[2012.02.02 11:57:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.19 20:44:31 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\10018
[2012.01.31 10:48:21 | 000,022,740 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\{82129504-17C6-4FEC-B132-9C17E61879CA}.XPI
[2012.02.22 10:38:16 | 000,015,392 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\{966762EB-7132-4081-AC70-20D20161AD96}.XPI
[2012.05.19 13:20:20 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012.05.18 12:20:02 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011.12.27 18:47:24 | 000,195,719 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
[2011.04.24 15:13:03 | 000,017,406 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\VERTICALBOOKMARKSTOOLBAR@ALICE.XPI
[2012.05.13 17:18:56 | 000,043,424 | ---- | M] () (No name found) -- C:\USERS\BLOODHOUND5\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8J1POEM1.DEFAULT\EXTENSIONS\VERTICALTOOLBAR@XULDEV.ORG.XPI
[2012.06.21 09:39:30 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.06.21 09:39:28 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.21 09:39:28 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.21 09:39:28 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 09:39:28 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 09:39:28 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 09:39:28 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Bloodhound5\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Bloodhound5\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: AVG Safe Search = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: AVG Do Not Track = C:\Users\Bloodhound5\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
 
O1 HOSTS File: ([2012.05.16 23:07:37 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 69.10.57.36 www.google-analytics.com.
O1 - Hosts: 69.10.57.36 ad-emea.doubleclick.net.
O1 - Hosts: 69.10.57.36 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2069408673-4186737391-3019578021-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\.DEFAULT..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-18..\Run: [Duden Korrektor SysTray] C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe (Expert System S.p.A.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2069408673-4186737391-3019578021-1000..\Run: [AVMUSBFernanschluss] C:\Users\Bloodhound5\AppData\Local\Apps\2.0\NQLVN0WZ.Q0W\ZW642YGV.5TM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2069408673-4186737391-3019578021-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe -update plugin File not found
O4 - Startup: C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Bloodhound5\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2069408673-4186737391-3019578021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.1)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63395EAD-2F98-4836-A730-F4BDCD71EED2}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AmIcoSinglun64 - hkey= - key= - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: BlueStacks Agent - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: BlueStacks App Player - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: 6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f - C:\ProgramData\Duden\dkreg.exe /dktray=on /csapi=on /ALLUSERS
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.27 13:46:00 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Bloodhound5\Desktop\OTL.exe
[2012.06.25 17:22:40 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Bloodhound5\Desktop\esetsmartinstaller_enu.exe
[2012.06.24 00:59:12 | 000,000,000 | ---D | C] -- C:\Users\Bloodhound5\AppData\Local\Macromedia
[2012.06.15 00:35:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.06.13 18:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.06.13 18:48:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.06.13 18:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.06.12 17:14:36 | 000,000,000 | ---D | C] -- C:\mukke tob geb
[2012.06.12 15:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.06.05 13:03:52 | 000,000,000 | ---D | C] -- C:\Users\Bloodhound5\AppData\Local\Microsoft Games
[2012.06.05 13:03:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2012.06.05 03:00:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012.06.05 03:00:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012.06.03 23:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012.06.03 23:33:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2012.06.03 23:32:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2012.06.03 23:32:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[1 C:\Users\Bloodhound5\AppData\Roaming\*.tmp files -> C:\Users\Bloodhound5\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.27 13:46:01 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Bloodhound5\Desktop\OTL.exe
[2012.06.27 13:34:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.27 13:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.27 13:03:00 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2069408673-4186737391-3019578021-1000UA.job
[2012.06.27 12:32:28 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.27 12:32:28 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.27 12:32:28 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.27 12:32:28 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.27 12:32:28 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.27 11:09:28 | 100,746,374 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.06.27 11:04:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.27 02:41:08 | 000,001,456 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012.06.27 00:09:49 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2069408673-4186737391-3019578021-1000Core.job
[2012.06.26 18:41:58 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.25 17:22:41 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Bloodhound5\Desktop\esetsmartinstaller_enu.exe
[2012.06.23 23:37:14 | 000,003,584 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.23 23:05:43 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.23 23:05:43 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.22 22:15:05 | 000,388,005 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.06.22 15:13:09 | 004,930,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.22 15:12:57 | 2962,276,352 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.21 10:28:51 | 000,050,477 | ---- | M] () -- C:\Users\Bloodhound5\Desktop\Defogger.exe
[2012.06.12 22:12:22 | 435,000,859 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.06.12 15:45:43 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.06.11 19:48:04 | 000,001,314 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
[2012.06.03 13:51:18 | 000,001,058 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[1 C:\Users\Bloodhound5\AppData\Roaming\*.tmp files -> C:\Users\Bloodhound5\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.21 10:28:51 | 000,050,477 | ---- | C] () -- C:\Users\Bloodhound5\Desktop\Defogger.exe
[2012.06.05 22:55:57 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012.05.18 17:50:24 | 000,000,020 | ---- | C] () -- C:\Users\Bloodhound5\defogger_reenable
[2012.03.19 20:44:28 | 000,000,016 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Roaming\blckdom.res
[2012.01.26 18:09:53 | 000,000,234 | ---- | C] () -- C:\Users\Bloodhound5\.gitconfig
[2011.12.26 13:38:10 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.12.26 13:07:23 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.12.26 13:07:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.12.26 13:05:55 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.12.26 13:05:55 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011.12.26 13:05:55 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011.12.26 13:05:55 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011.12.26 13:05:55 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.12.26 13:05:54 | 000,003,914 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.12.26 12:52:59 | 000,003,584 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.26 12:52:59 | 000,001,456 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.12.26 12:52:59 | 000,000,600 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Local\PUTTY.RND
[2011.12.26 12:52:59 | 000,000,032 | RHS- | C] () -- C:\Users\Bloodhound5\AppData\Local\t56.dat
[2011.12.26 12:28:50 | 000,038,547 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.12.26 12:28:50 | 000,007,069 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Roaming\e269720948.prf
[2011.12.26 12:28:50 | 000,000,417 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Roaming\redirect.xml
[2011.12.26 12:28:50 | 000,000,132 | ---- | C] () -- C:\Users\Bloodhound5\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.26 12:27:57 | 000,008,620 | ---- | C] () -- C:\Users\Bloodhound5\_viminfo
[2011.12.26 12:27:57 | 000,001,998 | ---- | C] () -- C:\Users\Bloodhound5\.bash_history
[2011.12.26 12:27:57 | 000,000,937 | -H-- | C] () -- C:\Users\Bloodhound5\.gitk
[2011.12.26 12:27:57 | 000,000,036 | ---- | C] () -- C:\Users\Bloodhound5\.org.eclipse.epp.usagedata.recording.userId
[2011.06.13 23:28:34 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
 
========== LOP Check ==========
 
[2011.12.26 13:04:17 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\.minecraft
[2012.03.19 20:44:31 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\10018
[2011.03.21 02:35:45 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Amazon
[2011.12.26 11:53:43 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\AVG2012
[2011.12.26 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Axure
[2011.12.26 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
[2012.01.22 18:04:28 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Bioshock
[2011.12.26 12:29:35 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Bitcoin
[2012.01.10 16:55:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\calibre
[2011.12.26 12:29:35 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.12.26 11:47:17 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\CrashPlan
[2012.01.26 17:56:51 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\DAEMON Tools Lite
[2012.06.27 13:40:05 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Dropbox
[2012.03.11 20:25:56 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Duden
[2012.02.13 10:43:45 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\e-academy Inc
[2012.06.22 02:28:34 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\FileZilla
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\FRITZ!
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\gamesport
[2012.03.19 20:43:04 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\gema
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\GeoSetter
[2012.02.15 20:06:34 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\ImgBurn
[2011.12.27 20:36:09 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\IrfanView
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\JAM Software
[2012.03.19 20:44:18 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\kock
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Leadertech
[2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\MySQL
[2012.05.03 19:24:27 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Netyy
[2011.12.26 13:00:06 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Notepad++
[2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\officedrop
[2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\PACE Anti-Piracy
[2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Samsung
[2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Songbird2
[2011.12.26 12:29:42 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Sublime Text 2
[2011.10.04 13:57:37 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Subversion
[2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\syntevo
[2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\TeamViewer
[2012.01.20 15:22:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Thunderbird
[2012.01.17 13:49:56 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Titanium
[2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Trillian
[2012.01.22 20:05:49 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\UniversalCodeLinesCounter
[2012.05.03 19:24:16 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Wau
[2012.03.19 20:44:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\xmldm
[2011.12.26 12:29:59 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Yamb
[2009.07.14 07:08:49 | 000,029,862 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.26 13:04:17 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\.minecraft
[2012.03.19 20:44:31 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\10018
[2011.12.26 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Adobe
[2011.12.26 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Adobe Mini Bridge CS5
[2011.03.21 02:35:45 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Amazon
[2012.01.17 13:49:56 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Apple Computer
[2011.12.26 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\ATI
[2011.12.26 11:53:43 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\AVG2012
[2011.12.26 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Axure
[2011.12.26 12:29:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
[2012.01.22 18:04:28 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Bioshock
[2011.12.26 12:29:35 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Bitcoin
[2012.01.10 16:55:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\calibre
[2011.12.26 12:29:35 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.12.26 11:47:17 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\CrashPlan
[2012.01.26 17:56:51 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\DAEMON Tools Lite
[2011.12.26 12:29:35 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Digsby
[2012.06.27 13:40:05 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Dropbox
[2012.03.11 20:25:56 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Duden
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\dvdcss
[2012.02.13 10:43:45 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\e-academy Inc
[2012.06.22 02:28:34 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\FileZilla
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\FRITZ!
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\gamesport
[2012.03.19 20:43:04 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\gema
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\GeoSetter
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Identities
[2012.02.15 20:06:34 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\ImgBurn
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\InstallShield
[2011.12.26 13:19:19 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Intel
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Intel Corporation
[2011.12.27 20:36:09 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\IrfanView
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\JAM Software
[2012.03.19 20:44:18 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\kock
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Leadertech
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Logishrd
[2011.12.26 12:29:36 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Logitech
[2011.12.26 11:43:34 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Macromedia
[2012.04.02 00:30:04 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Media Center Programs
[2011.12.26 12:29:40 | 000,000,000 | --SD | M] -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft
[2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft FxCop
[2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Mozilla
[2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\MySQL
[2012.05.03 19:24:27 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Netyy
[2011.12.26 13:00:06 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Notepad++
[2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\officedrop
[2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\PACE Anti-Piracy
[2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Samsung
[2012.06.27 13:35:09 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Skype
[2011.12.26 12:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Songbird2
[2011.12.26 12:29:42 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Sublime Text 2
[2011.10.04 13:57:37 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Subversion
[2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\syntevo
[2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\TeamViewer
[2012.01.20 15:22:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Thunderbird
[2012.01.17 13:49:56 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Titanium
[2011.12.26 12:29:44 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Trillian
[2012.01.22 20:05:49 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\UniversalCodeLinesCounter
[2012.04.02 01:24:14 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\vlc
[2011.10.05 16:05:39 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\VMware
[2012.05.03 19:24:16 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Wau
[2012.04.02 01:24:14 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Winamp
[2011.12.26 12:29:55 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\WinRAR
[2012.03.19 20:44:21 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\xmldm
[2011.12.26 12:29:59 | 000,000,000 | ---D | M] -- C:\Users\Bloodhound5\AppData\Roaming\Yamb
 
< %APPDATA%\*.exe /s >
[2010.12.25 15:15:12 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Bloodhound5\AppData\Roaming\.minecraft\MineCraftSP.exe
[2010.12.25 15:15:12 | 000,695,296 | ---- | M] (AnjoCaido) -- C:\Users\Bloodhound5\AppData\Roaming\.minecraft\original1.MinecraftSP.exe
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bloodhound5\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Bloodhound5\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.01.18 09:04:32 | 004,785,447 | ---- | M] (Phil Harvey) -- C:\Users\Bloodhound5\AppData\Roaming\GeoSetter\tools\exiftool.exe
[2012.06.03 23:32:53 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Bloodhound5\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.04.14 00:42:30 | 000,117,427 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Bloodhound5\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
[2011.01.21 15:36:36 | 000,010,134 | R--- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
[2011.05.11 20:13:59 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{2E8ECB58-EE3A-452C-B57E-1B982735F0F2}\NewShortcut1_D216F3B2761946D6B253BD0528BFB287.exe
[2011.05.11 20:13:59 | 000,073,728 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{2E8ECB58-EE3A-452C-B57E-1B982735F0F2}\NewShortcut5_D216F3B2761946D6B253BD0528BFB287.exe
[2011.05.11 20:13:59 | 000,069,632 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{2E8ECB58-EE3A-452C-B57E-1B982735F0F2}\NewShortcut7_D216F3B2761946D6B253BD0528BFB287.exe
[2011.01.22 12:58:53 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.01.05 23:03:33 | 000,370,070 | R--- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{5775DD65-B236-44B0-B8ED-B930B8E6670F}\_1D47C55E44A870EE659F36.exe
[2012.01.05 23:03:33 | 000,370,070 | R--- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{5775DD65-B236-44B0-B8ED-B930B8E6670F}\_5E471AA219398E9ECBB35C.exe
[2012.01.05 23:03:33 | 000,370,070 | R--- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{5775DD65-B236-44B0-B8ED-B930B8E6670F}\_B737BDF228C34B77A848A6.exe
[2011.12.19 15:54:53 | 000,018,854 | R--- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{74D66C04-BE4B-4E1C-8FD6-B93A2AD12474}\_6FEFF9B68218417F98F549.exe
[2012.02.13 10:43:45 | 000,009,662 | R--- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}\_112D608FD02CD87FDC7735.exe
[2012.02.13 10:43:45 | 000,009,662 | R--- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}\_2194D4E881A0FE23DAD30A.exe
[2012.02.13 10:43:45 | 000,009,662 | R--- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}\_853F67D554F05449430E7E.exe
[2011.12.26 13:07:23 | 000,010,134 | R--- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Microsoft\Installer\{C30773F5-0746-C580-B32E-BF6F6854A5E2}\ARPPRODUCTICON.exe
[2009.06.29 08:26:54 | 000,235,764 | ---- | M] () -- C:\Users\Bloodhound5\AppData\Roaming\Yamb\MP4Box.exe
[2011.06.22 20:50:29 | 000,128,682 | ---- | M] (hxxp://yamb.unite-video.com) -- C:\Users\Bloodhound5\AppData\Roaming\Yamb\Uninstall.exe
[2009.06.29 14:15:54 | 002,424,832 | ---- | M] (Kurtnoise) -- C:\Users\Bloodhound5\AppData\Roaming\Yamb\Yamb.exe
[2009.05.03 20:25:40 | 001,871,360 | ---- | M] (madshi.net) -- C:\Users\Bloodhound5\AppData\Roaming\Yamb\eac3to\eac3to.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2012.05.18 00:48:40 | 009,737,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
[2012.01.08 00:05:10 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll

< End of report >
         

Alt 28.06.2012, 10:19   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Standard

Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
FF - user.js - File not found
O4 - HKLM..\Run: []  File not found
:Files
C:\Users\Bloodhound5\AppData\Roaming\blckdom.res
C:\Users\Bloodhound5\AppData\Roaming\10018
C:\Users\Bloodhound5\AppData\Roaming\Wau
C:\Users\Bloodhound5\AppData\Roaming\xmldm
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.06.2012, 11:19   #11
bingbot
 
Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Standard

Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.



Schaut gut aus, zumindest ist die Werbung weg:
Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
C:\Users\Bloodhound5\AppData\Roaming\blckdom.res moved successfully.
C:\Users\Bloodhound5\AppData\Roaming\10018\components folder moved successfully.
C:\Users\Bloodhound5\AppData\Roaming\10018 folder moved successfully.
C:\Users\Bloodhound5\AppData\Roaming\Wau folder moved successfully.
C:\Users\Bloodhound5\AppData\Roaming\xmldm folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Bloodhound5
->Temp folder emptied: 1408577370 bytes
->Temporary Internet Files folder emptied: 189399060 bytes
->Java cache emptied: 3442030 bytes
->FireFox cache emptied: 1206471503 bytes
->Google Chrome cache emptied: 329619028 bytes
->Flash cache emptied: 290281 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 219791255 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 3283441342 bytes
 
Total Files Cleaned = 6.334,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Bloodhound5
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.0 log created on 06282012_111104

Files\Folders moved on Reboot...
C:\Users\Bloodhound5\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\hsperfdata_ALIENBABY-X$\1960 not found!
File\Folder C:\Windows\temp\jna1218871082399566072.dll not found!

PendingFileRenameOperations files...
File C:\Users\Bloodhound5\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Windows\temp\hsperfdata_ALIENBABY-X$\1960 not found!
File C:\Windows\temp\jna1218871082399566072.dll not found!

Registry entries deleted on Reboot...
         

Alt 28.06.2012, 14:41   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Standard

Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.07.2012, 00:27   #13
bingbot
 
Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Standard

Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.



sorry für die späte Antwort, war die letzten Tage unterwegs.
Das sagt TDS-Killer
Code:
ATTFilter
00:18:04.0612 2996	TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
00:18:04.0816 2996	============================================================
00:18:04.0817 2996	Current date / time: 2012/07/02 00:18:04.0816
00:18:04.0817 2996	SystemInfo:
00:18:04.0817 2996	
00:18:04.0817 2996	OS Version: 6.1.7601 ServicePack: 1.0
00:18:04.0817 2996	Product type: Workstation
00:18:04.0817 2996	ComputerName: ALIENBABY-X
00:18:04.0817 2996	UserName: Bloodhound5
00:18:04.0817 2996	Windows directory: C:\Windows
00:18:04.0817 2996	System windows directory: C:\Windows
00:18:04.0817 2996	Running under WOW64
00:18:04.0817 2996	Processor architecture: Intel x64
00:18:04.0817 2996	Number of processors: 4
00:18:04.0817 2996	Page size: 0x1000
00:18:04.0817 2996	Boot type: Normal boot
00:18:04.0817 2996	============================================================
00:18:05.0060 2996	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:18:07.0073 2996	Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:18:07.0126 2996	============================================================
00:18:07.0126 2996	\Device\Harddisk0\DR0:
00:18:07.0126 2996	MBR partitions:
00:18:07.0126 2996	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1C00800, BlocksNum 0x32000
00:18:07.0126 2996	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1C32800, BlocksNum 0x10DE6800
00:18:07.0126 2996	\Device\Harddisk1\DR1:
00:18:07.0127 2996	MBR partitions:
00:18:07.0127 2996	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x1609D800
00:18:07.0127 2996	============================================================
00:18:07.0129 2996	C: <-> \Device\Harddisk0\DR0\Partition1
00:18:07.0177 2996	D: <-> \Device\Harddisk1\DR1\Partition0
00:18:07.0177 2996	============================================================
00:18:07.0177 2996	Initialize success
00:18:07.0177 2996	============================================================
00:23:32.0650 5820	============================================================
00:23:32.0650 5820	Scan started
00:23:32.0650 5820	Mode: Manual; SigCheck; TDLFS; 
00:23:32.0650 5820	============================================================
00:23:32.0931 5820	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:23:32.0978 5820	1394ohci - ok
00:23:32.0978 5820	3002e - ok
00:23:32.0993 5820	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:23:33.0024 5820	ACPI - ok
00:23:33.0024 5820	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:23:33.0040 5820	AcpiPmi - ok
00:23:33.0056 5820	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:23:33.0056 5820	AdobeARMservice - ok
00:23:33.0102 5820	AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:23:33.0102 5820	AdobeFlashPlayerUpdateSvc - ok
00:23:33.0134 5820	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
00:23:33.0149 5820	adp94xx - ok
00:23:33.0165 5820	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
00:23:33.0165 5820	adpahci - ok
00:23:33.0180 5820	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
00:23:33.0196 5820	adpu320 - ok
00:23:33.0196 5820	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:23:33.0274 5820	AeLookupSvc - ok
00:23:33.0290 5820	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:23:33.0321 5820	AFD - ok
00:23:33.0321 5820	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:23:33.0321 5820	agp440 - ok
00:23:33.0336 5820	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:23:33.0352 5820	ALG - ok
00:23:33.0352 5820	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:23:33.0368 5820	aliide - ok
00:23:33.0368 5820	AMD External Events Utility (520a16454c60dbdcbfd0645ae509b89c) C:\Windows\system32\atiesrxx.exe
00:23:33.0399 5820	AMD External Events Utility - ok
00:23:33.0399 5820	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:23:33.0414 5820	amdide - ok
00:23:33.0414 5820	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
00:23:33.0430 5820	AmdK8 - ok
00:23:33.0820 5820	amdkmdag        (046e2912a515a16dd6832371e573ff0c) C:\Windows\system32\DRIVERS\atikmdag.sys
00:23:33.0960 5820	amdkmdag - ok
00:23:34.0007 5820	amdkmdap        (b618489abae5f112baffaf6b077adc54) C:\Windows\system32\DRIVERS\atikmpag.sys
00:23:34.0023 5820	amdkmdap - ok
00:23:34.0038 5820	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
00:23:34.0038 5820	AmdPPM - ok
00:23:34.0054 5820	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:23:34.0054 5820	amdsata - ok
00:23:34.0070 5820	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
00:23:34.0085 5820	amdsbs - ok
00:23:34.0085 5820	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:23:34.0085 5820	amdxata - ok
00:23:34.0101 5820	AmUStor         (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
00:23:34.0101 5820	AmUStor - ok
00:23:34.0116 5820	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:23:34.0194 5820	AppID - ok
00:23:34.0194 5820	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:23:34.0226 5820	AppIDSvc - ok
00:23:34.0226 5820	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:23:34.0257 5820	Appinfo - ok
00:23:34.0272 5820	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
00:23:34.0272 5820	AppMgmt - ok
00:23:34.0288 5820	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
00:23:34.0288 5820	arc - ok
00:23:34.0304 5820	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
00:23:34.0304 5820	arcsas - ok
00:23:34.0319 5820	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:23:34.0335 5820	AsyncMac - ok
00:23:34.0350 5820	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:23:34.0350 5820	atapi - ok
00:23:34.0413 5820	athr            (0a1a97fcc2ec39476bfbd16c3f1507d3) C:\Windows\system32\DRIVERS\athrx.sys
00:23:34.0460 5820	athr - ok
00:23:34.0491 5820	AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
00:23:34.0506 5820	AtiHDAudioService - ok
00:23:34.0538 5820	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:23:34.0569 5820	AudioEndpointBuilder - ok
00:23:34.0569 5820	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:23:34.0600 5820	AudioSrv - ok
00:23:34.0818 5820	AVGIDSAgent     (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
00:23:34.0912 5820	AVGIDSAgent - ok
00:23:34.0943 5820	AVGIDSDriver    (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
00:23:34.0959 5820	AVGIDSDriver - ok
00:23:34.0959 5820	AVGIDSFilter    (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
00:23:34.0974 5820	AVGIDSFilter - ok
00:23:34.0974 5820	AVGIDSHA        (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
00:23:34.0974 5820	AVGIDSHA - ok
00:23:34.0990 5820	Avgldx64        (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
00:23:35.0006 5820	Avgldx64 - ok
00:23:35.0006 5820	Avgmfx64        (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
00:23:35.0006 5820	Avgmfx64 - ok
00:23:35.0021 5820	Avgrkx64        (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
00:23:35.0021 5820	Avgrkx64 - ok
00:23:35.0037 5820	Avgtdia         (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
00:23:35.0052 5820	Avgtdia - ok
00:23:35.0068 5820	avgwd           (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
00:23:35.0068 5820	avgwd - ok
00:23:35.0084 5820	avmaudio        (bd39d7cfd9d6a73396b618113a8e8d57) C:\Windows\system32\DRIVERS\avmaudio.sys
00:23:35.0084 5820	avmaudio - ok
00:23:35.0099 5820	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:23:35.0115 5820	AxInstSV - ok
00:23:35.0130 5820	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
00:23:35.0146 5820	b06bdrv - ok
00:23:35.0162 5820	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:23:35.0177 5820	b57nd60a - ok
00:23:35.0177 5820	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:23:35.0193 5820	BDESVC - ok
00:23:35.0193 5820	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:23:35.0224 5820	Beep - ok
00:23:35.0255 5820	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:23:35.0302 5820	BFE - ok
00:23:35.0333 5820	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
00:23:35.0364 5820	BITS - ok
00:23:35.0364 5820	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
00:23:35.0380 5820	blbdrive - ok
00:23:35.0380 5820	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:23:35.0396 5820	bowser - ok
00:23:35.0396 5820	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:23:35.0427 5820	BrFiltLo - ok
00:23:35.0427 5820	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:23:35.0427 5820	BrFiltUp - ok
00:23:35.0442 5820	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:23:35.0474 5820	Browser - ok
00:23:35.0474 5820	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:23:35.0489 5820	Brserid - ok
00:23:35.0505 5820	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:23:35.0505 5820	BrSerWdm - ok
00:23:35.0505 5820	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:23:35.0520 5820	BrUsbMdm - ok
00:23:35.0520 5820	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:23:35.0536 5820	BrUsbSer - ok
00:23:35.0536 5820	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
00:23:35.0552 5820	BTHMODEM - ok
00:23:35.0567 5820	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
00:23:35.0583 5820	BTHPORT - ok
00:23:35.0598 5820	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:23:35.0614 5820	bthserv - ok
00:23:35.0630 5820	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
00:23:35.0630 5820	BTHUSB - ok
00:23:35.0645 5820	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:23:35.0661 5820	cdfs - ok
00:23:35.0676 5820	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
00:23:35.0692 5820	cdrom - ok
00:23:35.0692 5820	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:23:35.0723 5820	CertPropSvc - ok
00:23:35.0723 5820	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
00:23:35.0739 5820	circlass - ok
00:23:35.0754 5820	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:23:35.0770 5820	CLFS - ok
00:23:35.0770 5820	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:23:35.0786 5820	clr_optimization_v2.0.50727_32 - ok
00:23:35.0786 5820	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:23:35.0801 5820	clr_optimization_v2.0.50727_64 - ok
00:23:35.0817 5820	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:23:35.0848 5820	clr_optimization_v4.0.30319_32 - ok
00:23:35.0879 5820	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:23:35.0879 5820	clr_optimization_v4.0.30319_64 - ok
00:23:35.0895 5820	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
00:23:35.0910 5820	CmBatt - ok
00:23:35.0926 5820	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:23:35.0942 5820	cmdide - ok
00:23:35.0988 5820	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:23:36.0004 5820	CNG - ok
00:23:36.0004 5820	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
00:23:36.0020 5820	Compbatt - ok
00:23:36.0035 5820	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:23:36.0082 5820	CompositeBus - ok
00:23:36.0082 5820	COMSysApp - ok
00:23:36.0098 5820	CrashPlanService (e2cec73b4d221b9ffe906748d1f5fc54) C:\Program Files\CrashPlan\CrashPlanService.exe
00:23:36.0113 5820	CrashPlanService ( UnsignedFile.Multi.Generic ) - warning
00:23:36.0113 5820	CrashPlanService - detected UnsignedFile.Multi.Generic (1)
00:23:36.0113 5820	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
00:23:36.0129 5820	crcdisk - ok
00:23:36.0160 5820	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
00:23:36.0176 5820	CryptSvc - ok
00:23:36.0222 5820	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
00:23:36.0238 5820	CSC - ok
00:23:36.0316 5820	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
00:23:36.0347 5820	CscService - ok
00:23:36.0363 5820	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:23:36.0410 5820	DcomLaunch - ok
00:23:36.0425 5820	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:23:36.0456 5820	defragsvc - ok
00:23:36.0472 5820	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:23:36.0503 5820	DfsC - ok
00:23:36.0503 5820	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:23:36.0534 5820	Dhcp - ok
00:23:36.0550 5820	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:23:36.0581 5820	discache - ok
00:23:36.0581 5820	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
00:23:36.0581 5820	Disk - ok
00:23:36.0597 5820	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:23:36.0612 5820	Dnscache - ok
00:23:36.0628 5820	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:23:36.0659 5820	dot3svc - ok
00:23:36.0659 5820	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:23:36.0690 5820	DPS - ok
00:23:36.0690 5820	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:23:36.0706 5820	drmkaud - ok
00:23:36.0737 5820	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:23:36.0768 5820	DXGKrnl - ok
00:23:36.0784 5820	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:23:36.0815 5820	EapHost - ok
00:23:36.0956 5820	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
00:23:37.0049 5820	ebdrv - ok
00:23:37.0080 5820	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:23:37.0096 5820	EFS - ok
00:23:37.0127 5820	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:23:37.0158 5820	ehRecvr - ok
00:23:37.0174 5820	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:23:37.0190 5820	ehSched - ok
00:23:37.0221 5820	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
00:23:37.0236 5820	elxstor - ok
00:23:37.0252 5820	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:23:37.0252 5820	ErrDev - ok
00:23:37.0283 5820	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:23:37.0314 5820	EventSystem - ok
00:23:37.0361 5820	EvtEng          (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
00:23:37.0408 5820	EvtEng - ok
00:23:37.0439 5820	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:23:37.0470 5820	exfat - ok
00:23:37.0486 5820	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:23:37.0517 5820	fastfat - ok
00:23:37.0533 5820	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:23:37.0548 5820	Fax - ok
00:23:37.0564 5820	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
00:23:37.0564 5820	fdc - ok
00:23:37.0580 5820	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:23:37.0595 5820	fdPHost - ok
00:23:37.0611 5820	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:23:37.0642 5820	FDResPub - ok
00:23:37.0642 5820	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:23:37.0642 5820	FileInfo - ok
00:23:37.0658 5820	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:23:37.0673 5820	Filetrace - ok
00:23:37.0704 5820	FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:23:37.0720 5820	FLEXnet Licensing Service - ok
00:23:37.0720 5820	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
00:23:37.0736 5820	flpydisk - ok
00:23:37.0751 5820	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:23:37.0751 5820	FltMgr - ok
00:23:37.0798 5820	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:23:37.0829 5820	FontCache - ok
00:23:37.0829 5820	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:23:37.0845 5820	FontCache3.0.0.0 - ok
00:23:37.0845 5820	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:23:37.0860 5820	FsDepends - ok
00:23:37.0860 5820	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:23:37.0876 5820	Fs_Rec - ok
00:23:37.0892 5820	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:23:37.0892 5820	fvevol - ok
00:23:37.0907 5820	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
00:23:37.0907 5820	gagp30kx - ok
00:23:37.0938 5820	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:23:37.0985 5820	gpsvc - ok
00:23:38.0001 5820	gupdate         (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:23:38.0001 5820	gupdate - ok
00:23:38.0001 5820	gupdatem        (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:23:38.0016 5820	gupdatem - ok
00:23:38.0016 5820	gusvc           (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:23:38.0032 5820	gusvc - ok
00:23:38.0032 5820	hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
00:23:38.0032 5820	hamachi - ok
00:23:38.0126 5820	Hamachi2Svc     (d483dbaef409e8ab7477c28615fcd853) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
00:23:38.0188 5820	Hamachi2Svc - ok
00:23:38.0204 5820	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:23:38.0219 5820	hcw85cir - ok
00:23:38.0235 5820	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:23:38.0250 5820	HdAudAddService - ok
00:23:38.0266 5820	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:23:38.0266 5820	HDAudBus - ok
00:23:38.0282 5820	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
00:23:38.0282 5820	HECIx64 - ok
00:23:38.0282 5820	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
00:23:38.0297 5820	HidBatt - ok
00:23:38.0297 5820	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
00:23:38.0313 5820	HidBth - ok
00:23:38.0328 5820	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
00:23:38.0328 5820	HidIr - ok
00:23:38.0344 5820	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
00:23:38.0360 5820	hidserv - ok
00:23:38.0375 5820	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
00:23:38.0375 5820	HidUsb - ok
00:23:38.0391 5820	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:23:38.0406 5820	hkmsvc - ok
00:23:38.0422 5820	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:23:38.0438 5820	HomeGroupListener - ok
00:23:38.0438 5820	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:23:38.0453 5820	HomeGroupProvider - ok
00:23:38.0453 5820	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:23:38.0469 5820	HpSAMD - ok
00:23:38.0469 5820	htcnprot        (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
00:23:38.0484 5820	htcnprot - ok
00:23:38.0500 5820	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:23:38.0547 5820	HTTP - ok
00:23:38.0547 5820	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:23:38.0547 5820	hwpolicy - ok
00:23:38.0562 5820	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
00:23:38.0578 5820	i8042prt - ok
00:23:38.0594 5820	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:23:38.0609 5820	iaStorV - ok
00:23:38.0625 5820	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:23:38.0656 5820	idsvc - ok
00:23:39.0046 5820	igfx            (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:23:39.0202 5820	igfx - ok
00:23:39.0218 5820	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
00:23:39.0233 5820	iirsp - ok
00:23:39.0264 5820	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:23:39.0296 5820	IKEEXT - ok
00:23:39.0311 5820	Impcd           (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
00:23:39.0311 5820	Impcd - ok
00:23:39.0405 5820	IntcAzAudAddService (06b774e74f7e2b8ae903a70c45a03d61) C:\Windows\system32\drivers\RTKVHD64.sys
00:23:39.0467 5820	IntcAzAudAddService - ok
00:23:39.0483 5820	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:23:39.0498 5820	intelide - ok
00:23:39.0904 5820	intelkmd        (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdpmd64.sys
00:23:40.0060 5820	intelkmd - ok
00:23:40.0091 5820	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:23:40.0107 5820	intelppm - ok
00:23:40.0107 5820	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:23:40.0154 5820	IPBusEnum - ok
00:23:40.0154 5820	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:23:40.0185 5820	IpFilterDriver - ok
00:23:40.0200 5820	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:23:40.0232 5820	iphlpsvc - ok
00:23:40.0247 5820	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:23:40.0247 5820	IPMIDRV - ok
00:23:40.0263 5820	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:23:40.0278 5820	IPNAT - ok
00:23:40.0294 5820	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:23:40.0310 5820	IRENUM - ok
00:23:40.0310 5820	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:23:40.0325 5820	isapnp - ok
00:23:40.0325 5820	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:23:40.0341 5820	iScsiPrt - ok
00:23:40.0356 5820	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
00:23:40.0356 5820	kbdclass - ok
00:23:40.0356 5820	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
00:23:40.0372 5820	kbdhid - ok
00:23:40.0372 5820	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:23:40.0388 5820	KeyIso - ok
00:23:40.0388 5820	KMService - ok
00:23:40.0388 5820	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:23:40.0403 5820	KSecDD - ok
00:23:40.0419 5820	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:23:40.0419 5820	KSecPkg - ok
00:23:40.0434 5820	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:23:40.0450 5820	ksthunk - ok
00:23:40.0466 5820	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:23:40.0497 5820	KtmRm - ok
00:23:40.0512 5820	L1C             (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
00:23:40.0512 5820	L1C - ok
00:23:40.0528 5820	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
00:23:40.0559 5820	LanmanServer - ok
00:23:40.0559 5820	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:23:40.0590 5820	LanmanWorkstation - ok
00:23:40.0606 5820	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:23:40.0622 5820	lltdio - ok
00:23:40.0637 5820	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:23:40.0668 5820	lltdsvc - ok
00:23:40.0668 5820	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:23:40.0700 5820	lmhosts - ok
00:23:40.0715 5820	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
00:23:40.0715 5820	LSI_FC - ok
00:23:40.0731 5820	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
00:23:40.0731 5820	LSI_SAS - ok
00:23:40.0746 5820	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:23:40.0746 5820	LSI_SAS2 - ok
00:23:40.0762 5820	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:23:40.0762 5820	LSI_SCSI - ok
00:23:40.0778 5820	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:23:40.0793 5820	luafv - ok
00:23:40.0809 5820	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:23:40.0809 5820	Mcx2Svc - ok
00:23:40.0824 5820	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
00:23:40.0824 5820	megasas - ok
00:23:40.0840 5820	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
00:23:40.0856 5820	MegaSR - ok
00:23:40.0856 5820	Microsoft SharePoint Workspace Audit Service - ok
00:23:40.0856 5820	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:23:40.0887 5820	MMCSS - ok
00:23:40.0902 5820	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:23:40.0918 5820	Modem - ok
00:23:40.0934 5820	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:23:40.0934 5820	monitor - ok
00:23:40.0949 5820	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
00:23:40.0949 5820	mouclass - ok
00:23:40.0965 5820	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
00:23:40.0965 5820	mouhid - ok
00:23:40.0965 5820	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:23:40.0980 5820	mountmgr - ok
00:23:40.0996 5820	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:23:40.0996 5820	MozillaMaintenance - ok
00:23:41.0012 5820	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:23:41.0027 5820	mpio - ok
00:23:41.0027 5820	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:23:41.0058 5820	mpsdrv - ok
00:23:41.0090 5820	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:23:41.0121 5820	MpsSvc - ok
00:23:41.0121 5820	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:23:41.0136 5820	MRxDAV - ok
00:23:41.0152 5820	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:23:41.0168 5820	mrxsmb - ok
00:23:41.0168 5820	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:23:41.0183 5820	mrxsmb10 - ok
00:23:41.0199 5820	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:23:41.0199 5820	mrxsmb20 - ok
00:23:41.0199 5820	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:23:41.0214 5820	msahci - ok
00:23:41.0214 5820	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:23:41.0230 5820	msdsm - ok
00:23:41.0246 5820	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:23:41.0246 5820	MSDTC - ok
00:23:41.0261 5820	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:23:41.0292 5820	Msfs - ok
00:23:41.0292 5820	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:23:41.0308 5820	mshidkmdf - ok
00:23:41.0324 5820	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:23:41.0324 5820	msisadrv - ok
00:23:41.0339 5820	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:23:41.0370 5820	MSiSCSI - ok
00:23:41.0370 5820	msiserver - ok
00:23:41.0370 5820	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:23:41.0402 5820	MSKSSRV - ok
00:23:41.0402 5820	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:23:41.0433 5820	MSPCLOCK - ok
00:23:41.0433 5820	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:23:41.0464 5820	MSPQM - ok
00:23:41.0464 5820	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:23:41.0480 5820	MsRPC - ok
00:23:41.0495 5820	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:23:41.0495 5820	mssmbios - ok
00:23:41.0495 5820	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:23:41.0526 5820	MSTEE - ok
00:23:41.0542 5820	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
00:23:41.0542 5820	MTConfig - ok
00:23:41.0558 5820	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:23:41.0558 5820	Mup - ok
00:23:41.0573 5820	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:23:41.0636 5820	napagent - ok
00:23:41.0636 5820	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:23:41.0651 5820	NativeWifiP - ok
00:23:41.0682 5820	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
00:23:41.0714 5820	NDIS - ok
00:23:41.0729 5820	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:23:41.0760 5820	NdisCap - ok
00:23:41.0776 5820	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:23:41.0792 5820	NdisTapi - ok
00:23:41.0807 5820	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:23:41.0838 5820	Ndisuio - ok
00:23:41.0838 5820	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:23:41.0870 5820	NdisWan - ok
00:23:41.0870 5820	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:23:41.0901 5820	NDProxy - ok
00:23:41.0901 5820	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:23:41.0932 5820	NetBIOS - ok
00:23:41.0948 5820	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:23:41.0979 5820	NetBT - ok
00:23:41.0979 5820	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:23:41.0994 5820	Netlogon - ok
00:23:42.0010 5820	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:23:42.0041 5820	Netman - ok
00:23:42.0057 5820	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:23:42.0088 5820	netprofm - ok
00:23:42.0104 5820	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:23:42.0104 5820	NetTcpPortSharing - ok
00:23:42.0119 5820	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
00:23:42.0119 5820	nfrd960 - ok
00:23:42.0135 5820	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:23:42.0166 5820	NlaSvc - ok
00:23:42.0166 5820	npf             (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
00:23:42.0182 5820	npf - ok
00:23:42.0182 5820	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:23:42.0213 5820	Npfs - ok
00:23:42.0213 5820	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:23:42.0244 5820	nsi - ok
00:23:42.0244 5820	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:23:42.0275 5820	nsiproxy - ok
00:23:42.0338 5820	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:23:42.0384 5820	Ntfs - ok
00:23:42.0416 5820	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:23:42.0447 5820	Null - ok
00:23:42.0447 5820	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:23:42.0462 5820	nvraid - ok
00:23:42.0462 5820	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:23:42.0478 5820	nvstor - ok
00:23:42.0478 5820	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:23:42.0494 5820	nv_agp - ok
00:23:42.0494 5820	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:23:42.0509 5820	ohci1394 - ok
00:23:42.0525 5820	ose64           (4965b005492cba7719e82b71e3245495) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:23:42.0540 5820	ose64 - ok
00:23:42.0743 5820	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:23:42.0868 5820	osppsvc - ok
00:23:42.0899 5820	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:23:42.0915 5820	p2pimsvc - ok
00:23:42.0930 5820	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:23:42.0946 5820	p2psvc - ok
00:23:42.0962 5820	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
00:23:42.0977 5820	Parport - ok
00:23:42.0977 5820	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
00:23:42.0977 5820	partmgr - ok
00:23:42.0993 5820	PassThru Service (afada8b97be3c9398dc6c770409c3544) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
00:23:42.0993 5820	PassThru Service ( UnsignedFile.Multi.Generic ) - warning
00:23:42.0993 5820	PassThru Service - detected UnsignedFile.Multi.Generic (1)
00:23:43.0008 5820	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:23:43.0024 5820	PcaSvc - ok
00:23:43.0024 5820	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:23:43.0040 5820	pci - ok
00:23:43.0040 5820	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:23:43.0055 5820	pciide - ok
00:23:43.0055 5820	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
00:23:43.0071 5820	pcmcia - ok
00:23:43.0071 5820	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:23:43.0086 5820	pcw - ok
00:23:43.0102 5820	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:23:43.0149 5820	PEAUTH - ok
00:23:43.0196 5820	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
00:23:43.0227 5820	PeerDistSvc - ok
00:23:43.0258 5820	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:23:43.0274 5820	PerfHost - ok
00:23:43.0367 5820	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:23:43.0430 5820	pla - ok
00:23:43.0461 5820	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:23:43.0476 5820	PlugPlay - ok
00:23:43.0476 5820	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:23:43.0492 5820	PNRPAutoReg - ok
00:23:43.0508 5820	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:23:43.0508 5820	PNRPsvc - ok
00:23:43.0539 5820	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:23:43.0570 5820	PolicyAgent - ok
00:23:43.0570 5820	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:23:43.0601 5820	Power - ok
00:23:43.0617 5820	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:23:43.0648 5820	PptpMiniport - ok
00:23:43.0648 5820	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
00:23:43.0664 5820	Processor - ok
00:23:43.0664 5820	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
00:23:43.0679 5820	ProfSvc - ok
00:23:43.0679 5820	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:23:43.0695 5820	ProtectedStorage - ok
00:23:43.0695 5820	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:23:43.0726 5820	Psched - ok
00:23:43.0788 5820	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
00:23:43.0835 5820	ql2300 - ok
00:23:43.0866 5820	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
00:23:43.0866 5820	ql40xx - ok
00:23:43.0882 5820	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:23:43.0898 5820	QWAVE - ok
00:23:43.0898 5820	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:23:43.0913 5820	QWAVEdrv - ok
00:23:43.0913 5820	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:23:43.0944 5820	RasAcd - ok
00:23:43.0960 5820	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:23:43.0976 5820	RasAgileVpn - ok
00:23:43.0991 5820	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:23:44.0022 5820	RasAuto - ok
00:23:44.0022 5820	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:23:44.0054 5820	Rasl2tp - ok
00:23:44.0069 5820	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:23:44.0100 5820	RasMan - ok
00:23:44.0100 5820	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:23:44.0132 5820	RasPppoe - ok
00:23:44.0147 5820	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:23:44.0178 5820	RasSstp - ok
00:23:44.0178 5820	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:23:44.0225 5820	rdbss - ok
00:23:44.0225 5820	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
00:23:44.0225 5820	rdpbus - ok
00:23:44.0241 5820	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:23:44.0256 5820	RDPCDD - ok
00:23:44.0272 5820	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
00:23:44.0288 5820	RDPDR - ok
00:23:44.0288 5820	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:23:44.0319 5820	RDPENCDD - ok
00:23:44.0319 5820	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:23:44.0350 5820	RDPREFMP - ok
00:23:44.0350 5820	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
00:23:44.0366 5820	RDPWD - ok
00:23:44.0381 5820	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:23:44.0397 5820	rdyboost - ok
00:23:44.0428 5820	RegSrvc         (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
00:23:44.0444 5820	RegSrvc - ok
00:23:44.0459 5820	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:23:44.0490 5820	RemoteAccess - ok
00:23:44.0490 5820	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:23:44.0522 5820	RemoteRegistry - ok
00:23:44.0537 5820	RimUsb          (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
00:23:44.0537 5820	RimUsb - ok
00:23:44.0537 5820	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:23:44.0568 5820	RpcEptMapper - ok
00:23:44.0584 5820	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:23:44.0584 5820	RpcLocator - ok
00:23:44.0600 5820	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:23:44.0631 5820	RpcSs - ok
00:23:44.0646 5820	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:23:44.0678 5820	rspndr - ok
00:23:44.0678 5820	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
00:23:44.0678 5820	s3cap - ok
00:23:44.0693 5820	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:23:44.0693 5820	SamSs - ok
00:23:44.0709 5820	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:23:44.0709 5820	sbp2port - ok
00:23:44.0724 5820	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:23:44.0756 5820	SCardSvr - ok
00:23:44.0756 5820	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:23:44.0787 5820	scfilter - ok
00:23:44.0818 5820	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:23:44.0865 5820	Schedule - ok
00:23:44.0880 5820	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:23:44.0912 5820	SCPolicySvc - ok
00:23:44.0912 5820	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:23:44.0927 5820	SDRSVC - ok
00:23:44.0943 5820	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:23:44.0974 5820	secdrv - ok
00:23:44.0974 5820	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:23:45.0005 5820	seclogon - ok
00:23:45.0005 5820	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
00:23:45.0036 5820	SENS - ok
00:23:45.0036 5820	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:23:45.0052 5820	SensrSvc - ok
00:23:45.0052 5820	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
00:23:45.0052 5820	Serenum - ok
00:23:45.0068 5820	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
00:23:45.0068 5820	Serial - ok
00:23:45.0083 5820	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
00:23:45.0083 5820	sermouse - ok
00:23:45.0099 5820	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:23:45.0130 5820	SessionEnv - ok
00:23:45.0130 5820	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:23:45.0146 5820	sffdisk - ok
00:23:45.0146 5820	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:23:45.0161 5820	sffp_mmc - ok
00:23:45.0161 5820	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:23:45.0177 5820	sffp_sd - ok
00:23:45.0177 5820	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
00:23:45.0177 5820	sfloppy - ok
00:23:45.0192 5820	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:23:45.0224 5820	SharedAccess - ok
00:23:45.0239 5820	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:23:45.0270 5820	ShellHWDetection - ok
00:23:45.0286 5820	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:23:45.0286 5820	SiSRaid2 - ok
00:23:45.0302 5820	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
00:23:45.0302 5820	SiSRaid4 - ok
00:23:45.0317 5820	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:23:45.0348 5820	Smb - ok
00:23:45.0348 5820	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:23:45.0364 5820	SNMPTRAP - ok
00:23:45.0364 5820	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:23:45.0364 5820	spldr - ok
00:23:45.0395 5820	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:23:45.0426 5820	Spooler - ok
00:23:45.0567 5820	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:23:45.0660 5820	sppsvc - ok
00:23:45.0692 5820	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:23:45.0723 5820	sppuinotify - ok
00:23:45.0723 5820	sptd - ok
00:23:45.0738 5820	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:23:45.0754 5820	srv - ok
00:23:45.0770 5820	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:23:45.0785 5820	srv2 - ok
00:23:45.0801 5820	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:23:45.0801 5820	srvnet - ok
00:23:45.0816 5820	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:23:45.0848 5820	SSDPSRV - ok
00:23:45.0848 5820	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:23:45.0879 5820	SstpSvc - ok
00:23:45.0894 5820	Steam Client Service - ok
00:23:45.0894 5820	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
00:23:45.0894 5820	stexstor - ok
00:23:45.0926 5820	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:23:45.0941 5820	stisvc - ok
00:23:45.0941 5820	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
00:23:45.0957 5820	storflt - ok
00:23:45.0957 5820	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
00:23:45.0972 5820	StorSvc - ok
00:23:45.0972 5820	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
00:23:45.0988 5820	storvsc - ok
00:23:45.0988 5820	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:23:45.0988 5820	swenum - ok
00:23:46.0019 5820	SwitchBoard     (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
00:23:46.0035 5820	SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
00:23:46.0035 5820	SwitchBoard - detected UnsignedFile.Multi.Generic (1)
00:23:46.0050 5820	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:23:46.0082 5820	swprv - ok
00:23:46.0160 5820	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:23:46.0191 5820	SysMain - ok
00:23:46.0238 5820	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:23:46.0253 5820	TabletInputService - ok
00:23:46.0269 5820	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:23:46.0300 5820	TapiSrv - ok
00:23:46.0300 5820	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:23:46.0331 5820	TBS - ok
00:23:46.0394 5820	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
00:23:46.0456 5820	Tcpip - ok
00:23:46.0768 5820	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
00:23:46.0815 5820	TCPIP6 - ok
00:23:46.0908 5820	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:23:46.0940 5820	tcpipreg - ok
00:23:46.0955 5820	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:23:46.0971 5820	TDPIPE - ok
00:23:46.0971 5820	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:23:46.0986 5820	TDTCP - ok
00:23:47.0002 5820	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:23:47.0033 5820	tdx - ok
00:23:47.0111 5820	TeamViewer7     (33966a658ff37e0c65d46e59f37e2380) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
00:23:47.0174 5820	TeamViewer7 - ok
00:23:47.0189 5820	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:23:47.0205 5820	TermDD - ok
00:23:47.0236 5820	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:23:47.0283 5820	TermService - ok
00:23:47.0283 5820	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:23:47.0298 5820	Themes - ok
00:23:47.0298 5820	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:23:47.0330 5820	THREADORDER - ok
00:23:47.0330 5820	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:23:47.0361 5820	TrkWks - ok
00:23:47.0376 5820	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:23:47.0408 5820	TrustedInstaller - ok
00:23:47.0408 5820	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:23:47.0439 5820	tssecsrv - ok
00:23:47.0439 5820	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:23:47.0454 5820	TsUsbFlt - ok
00:23:47.0454 5820	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:23:47.0486 5820	tunnel - ok
00:23:47.0486 5820	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
00:23:47.0501 5820	uagp35 - ok
00:23:47.0517 5820	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:23:47.0548 5820	udfs - ok
00:23:47.0548 5820	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:23:47.0564 5820	UI0Detect - ok
00:23:47.0564 5820	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:23:47.0579 5820	uliagpkx - ok
00:23:47.0579 5820	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
00:23:47.0595 5820	umbus - ok
00:23:47.0595 5820	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
00:23:47.0610 5820	UmPass - ok
00:23:47.0610 5820	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
00:23:47.0626 5820	UmRdpService - ok
00:23:47.0642 5820	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:23:47.0673 5820	upnphost - ok
00:23:47.0673 5820	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:23:47.0688 5820	usbccgp - ok
00:23:47.0688 5820	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:23:47.0704 5820	usbcir - ok
00:23:47.0704 5820	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
00:23:47.0720 5820	usbehci - ok
00:23:47.0735 5820	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
00:23:47.0751 5820	usbhub - ok
00:23:47.0751 5820	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:23:47.0766 5820	usbohci - ok
00:23:47.0766 5820	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
00:23:47.0782 5820	usbprint - ok
00:23:47.0782 5820	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
00:23:47.0798 5820	usbscan - ok
00:23:47.0798 5820	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:23:47.0813 5820	USBSTOR - ok
00:23:47.0813 5820	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:23:47.0813 5820	usbuhci - ok
00:23:47.0829 5820	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
00:23:47.0844 5820	usbvideo - ok
00:23:47.0844 5820	usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
00:23:47.0860 5820	usb_rndisx - ok
00:23:47.0860 5820	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:23:47.0891 5820	UxSms - ok
00:23:47.0891 5820	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:23:47.0907 5820	VaultSvc - ok
00:23:47.0922 5820	VBoxDrv         (b6437a7c60c817a0d7bea1d994b01612) C:\Windows\system32\DRIVERS\VBoxDrv.sys
00:23:47.0922 5820	VBoxDrv - ok
00:23:47.0938 5820	VBoxNetAdp      (9e607f6240eadc4c0b3570f3e5e0358c) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
00:23:47.0938 5820	VBoxNetAdp - ok
00:23:47.0954 5820	VBoxNetFlt      (9f7bc6d33a3aa4aff35c9dbd69c2bca0) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
00:23:47.0969 5820	VBoxNetFlt - ok
00:23:47.0969 5820	VBoxUSBMon      (84b57b85a550476456ec5ab32fa99513) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
00:23:47.0985 5820	VBoxUSBMon - ok
00:23:47.0985 5820	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:23:47.0985 5820	vdrvroot - ok
00:23:48.0016 5820	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:23:48.0047 5820	vds - ok
00:23:48.0047 5820	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:23:48.0063 5820	vga - ok
00:23:48.0063 5820	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:23:48.0094 5820	VgaSave - ok
00:23:48.0110 5820	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:23:48.0110 5820	vhdmp - ok
00:23:48.0110 5820	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:23:48.0125 5820	viaide - ok
00:23:48.0125 5820	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
00:23:48.0141 5820	vmbus - ok
00:23:48.0141 5820	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
00:23:48.0156 5820	VMBusHID - ok
00:23:48.0156 5820	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:23:48.0172 5820	volmgr - ok
00:23:48.0188 5820	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:23:48.0203 5820	volmgrx - ok
00:23:48.0219 5820	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:23:48.0219 5820	volsnap - ok
00:23:48.0234 5820	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
00:23:48.0250 5820	vsmraid - ok
00:23:48.0297 5820	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:23:48.0359 5820	VSS - ok
00:23:48.0375 5820	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:23:48.0390 5820	vwifibus - ok
00:23:48.0390 5820	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:23:48.0406 5820	vwififlt - ok
00:23:48.0422 5820	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
00:23:48.0422 5820	vwifimp - ok
00:23:48.0437 5820	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:23:48.0484 5820	W32Time - ok
00:23:48.0484 5820	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
00:23:48.0484 5820	WacomPen - ok
00:23:48.0500 5820	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:23:48.0531 5820	WANARP - ok
00:23:48.0531 5820	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:23:48.0562 5820	Wanarpv6 - ok
00:23:48.0609 5820	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:23:48.0640 5820	WatAdminSvc - ok
00:23:48.0687 5820	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:23:48.0718 5820	wbengine - ok
00:23:48.0765 5820	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:23:48.0780 5820	WbioSrvc - ok
00:23:48.0780 5820	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:23:48.0812 5820	wcncsvc - ok
00:23:48.0812 5820	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:23:48.0812 5820	WcsPlugInService - ok
00:23:48.0827 5820	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
00:23:48.0827 5820	Wd - ok
00:23:48.0858 5820	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:23:48.0874 5820	Wdf01000 - ok
00:23:48.0874 5820	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:23:48.0905 5820	WdiServiceHost - ok
00:23:48.0905 5820	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:23:48.0921 5820	WdiSystemHost - ok
00:23:48.0936 5820	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:23:48.0952 5820	WebClient - ok
00:23:48.0968 5820	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:23:48.0999 5820	Wecsvc - ok
00:23:48.0999 5820	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:23:49.0030 5820	wercplsupport - ok
00:23:49.0030 5820	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:23:49.0061 5820	WerSvc - ok
00:23:49.0077 5820	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:23:49.0092 5820	WfpLwf - ok
00:23:49.0108 5820	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:23:49.0108 5820	WIMMount - ok
00:23:49.0108 5820	WinDefend - ok
00:23:49.0124 5820	WinHttpAutoProxySvc - ok
00:23:49.0139 5820	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:23:49.0170 5820	Winmgmt - ok
00:23:49.0233 5820	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:23:49.0295 5820	WinRM - ok
00:23:49.0326 5820	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
00:23:49.0342 5820	WinUsb - ok
00:23:49.0373 5820	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:23:49.0389 5820	Wlansvc - ok
00:23:49.0404 5820	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:23:49.0404 5820	WmiAcpi - ok
00:23:49.0420 5820	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:23:49.0436 5820	wmiApSrv - ok
00:23:49.0436 5820	WMPNetworkSvc - ok
00:23:49.0436 5820	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:23:49.0451 5820	WPCSvc - ok
00:23:49.0451 5820	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:23:49.0467 5820	WPDBusEnum - ok
00:23:49.0482 5820	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:23:49.0498 5820	ws2ifsl - ok
00:23:49.0514 5820	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
00:23:49.0529 5820	wscsvc - ok
00:23:49.0529 5820	WSearch - ok
00:23:49.0607 5820	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
00:23:49.0654 5820	wuauserv - ok
00:23:49.0685 5820	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:23:49.0716 5820	WudfPf - ok
00:23:49.0716 5820	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:23:49.0748 5820	WUDFRd - ok
00:23:49.0763 5820	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:23:49.0779 5820	wudfsvc - ok
00:23:49.0794 5820	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:23:49.0810 5820	WwanSvc - ok
00:23:49.0826 5820	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
00:23:49.0950 5820	\Device\Harddisk0\DR0 - ok
00:23:49.0950 5820	MBR (0x1B8)     (61a349592c4728853f4a90ff78f7628e) \Device\Harddisk1\DR1
00:23:50.0481 5820	\Device\Harddisk1\DR1 - ok
00:23:50.0481 5820	Boot (0x1200)   (41a1bdb142e8397781a45140a3a0bd93) \Device\Harddisk0\DR0\Partition0
00:23:50.0481 5820	\Device\Harddisk0\DR0\Partition0 - ok
00:23:50.0496 5820	Boot (0x1200)   (be1641007c329927017860a3ec6e6447) \Device\Harddisk0\DR0\Partition1
00:23:50.0496 5820	\Device\Harddisk0\DR0\Partition1 - ok
00:23:50.0496 5820	Boot (0x1200)   (d6c6c3f695742d847e9f3cdc22694506) \Device\Harddisk1\DR1\Partition0
00:23:50.0496 5820	\Device\Harddisk1\DR1\Partition0 - ok
00:23:50.0496 5820	============================================================
00:23:50.0496 5820	Scan finished
00:23:50.0496 5820	============================================================
00:23:50.0512 5848	Detected object count: 3
00:23:50.0512 5848	Actual detected object count: 3
00:24:10.0371 5848	CrashPlanService ( UnsignedFile.Multi.Generic ) - skipped by user
00:24:10.0371 5848	CrashPlanService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:24:10.0371 5848	PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:24:10.0371 5848	PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:24:10.0371 5848	SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
00:24:10.0371 5848	SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
CrashPlan ist mein Backup, PassThru lässt mein HTC-Handy übern Rechner ins Netz soweit ich weiß.

Alt 02.07.2012, 14:07   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Standard

Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.07.2012, 18:35   #15
bingbot
 
Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Standard

Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.



ComboFix Log
Code:
ATTFilter
ComboFix 12-07-02.01 - Bloodhound5 02.07.2012  18:22:36.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3767.2210 [GMT 2:00]
ausgeführt von:: c:\users\Bloodhound5\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\gema
c:\users\Bloodhound5\AppData\Local\assembly\tmp
c:\users\Bloodhound5\AppData\Roaming\AcroIEHelpe.txt
c:\users\Bloodhound5\AppData\Roaming\e269720948.prf
c:\users\Bloodhound5\AppData\Roaming\gema
c:\users\Bloodhound5\AppData\Roaming\srvblck2.tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\TEMP\jna4118871093722882315.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-02 bis 2012-07-02  ))))))))))))))))))))))))))))))
.
.
2012-07-02 16:27 . 2012-07-02 16:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-30 13:21 . 2012-07-01 22:30	--------	d-----w-	c:\users\Bloodhound5\AppData\Roaming\Qaonp
2012-06-30 13:21 . 2012-07-01 22:25	--------	d-----w-	c:\users\Bloodhound5\AppData\Roaming\Unekgy
2012-06-30 13:21 . 2012-06-30 13:21	--------	d-----w-	c:\users\Bloodhound5\AppData\Roaming\Utop
2012-06-28 09:11 . 2012-06-28 09:11	--------	d-----w-	C:\_OTL
2012-06-23 22:59 . 2012-06-23 22:59	--------	d-----w-	c:\users\Bloodhound5\AppData\Local\Macromedia
2012-06-21 07:39 . 2012-06-21 07:39	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-21 07:39 . 2012-06-21 07:39	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-19 07:59 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-19 07:59 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-19 07:59 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-19 07:59 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-19 07:59 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-19 07:59 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-19 07:59 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-19 07:59 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-19 07:59 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-13 22:19 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-13 16:48 . 2012-06-13 16:48	159744	----a-w-	c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2012-06-12 15:14 . 2012-06-12 15:38	--------	d-----w-	C:\mukke tob geb
2012-06-05 11:03 . 2012-06-05 11:07	--------	d-----w-	c:\users\Bloodhound5\AppData\Local\Microsoft Games
2012-06-05 11:03 . 2012-06-05 11:03	--------	d-----w-	c:\program files\Microsoft Games
2012-06-05 01:00 . 2012-06-05 01:00	--------	d-----w-	c:\windows\SysWow64\Wat
2012-06-05 01:00 . 2012-06-05 01:00	--------	d-----w-	c:\windows\system32\Wat
2012-06-03 21:33 . 2012-06-03 21:33	--------	d-----w-	c:\program files (x86)\Spirent Communications
2012-06-03 21:32 . 2012-06-03 21:33	--------	d-----w-	c:\program files (x86)\HTC
2012-06-03 21:32 . 2012-06-03 21:32	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2012-06-02 16:58 . 2012-06-02 16:58	--------	d-----w-	c:\users\Default\AppData\Local\Google
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 21:28 . 2012-04-04 20:19	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-23 21:28 . 2011-12-26 12:51	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 02:50 . 2012-04-19 02:50	28480	----a-w-	c:\windows\system32\drivers\avgidsha.sys
2012-04-18 18:56 . 2012-04-18 18:56	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2012-04-04 13:56 . 2012-04-01 22:30	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVMUSBFernanschluss"="c:\users\Bloodhound5\AppData\Local\Apps\2.0\NQLVN0WZ.Q0W\ZW642YGV.5TM\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2012-01-06 147456]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 19549320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-13 336384]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Duden Korrektor SysTray"="c:\program files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe" [2011-07-14 332432]
.
c:\users\Bloodhound5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 245120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-3-16 217088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R1 3002e;69p20cfih3.exe;c:\windows\system32\drivers\3002e.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 116648]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 116648]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-05 1255736]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-11-04 224048]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-11-04 130864]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-13 203264]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [2011-03-16 222720]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 2343816]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-06-14 9319424]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-06-13 303616]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2012-01-06 116096]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-08-25 10611552]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-11-04 146736]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-11-04 165680]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\6de2ed6f-0b56-4d57-b0f0-551ec8cbb27f]
2011-07-01 10:38	153232	---ha-w-	c:\programdata\Duden\DKReg.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:28]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 16:29]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-09 16:29]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2069408673-4186737391-3019578021-1000Core.job
- c:\users\Bloodhound5\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 06:15]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2069408673-4186737391-3019578021-1000UA.job
- c:\users\Bloodhound5\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-26 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	97792	----a-w-	c:\users\Bloodhound5\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-20 17:02	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-20 17:02	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-20 17:02	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-20 17:02	755224	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-23 10775072]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-04-23 2040352]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"combofix"="c:\combofix\CF10683.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Bloodhound5\AppData\Roaming\Mozilla\Firefox\Profiles\8j1poem1.default\
FF - prefs.js: browser.search.selectedEngine - YouTube-Videosuche
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-02  18:31:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-02 16:31
.
Vor Suchlauf: 14 Verzeichnis(se), 40.655.998.976 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 39.987.224.576 Bytes frei
.
- - End Of File - - A66758E214FEF7AD31CCFC3870614E6E
         

Antwort

Themen zu Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.
adobe, bho, browser, combofix, document, explorer, fehlermeldung, firefox, firefox 13.0.1, flash player, format, google, google earth, helper, hängen, igdpmd64.sys, index, internet, logfile, mozilla, programme, realtek, registry, scan, searchscopes, security, seiten, senden, software, spam, version=1.0, windows



Ähnliche Themen: Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen.


  1. Win7, Seiten ploppen auf, Weiterleitungen und nervige Werbung in allen Browsern
    Log-Analyse und Auswertung - 13.11.2014 (12)
  2. Ständige Werbung in allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 30.06.2014 (10)
  3. Pop-Up Fenster in allen Browsern - Win 7
    Log-Analyse und Auswertung - 23.06.2014 (5)
  4. Werbung in allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 27.11.2013 (12)
  5. Blaue Werbung in allen Browsern!
    Log-Analyse und Auswertung - 14.10.2013 (4)
  6. Instant Savings in allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (17)
  7. Fenster links unten in allen Browsern mit lästiger Werbung, teilweise falsche link weiterleitung, UpdatusUser in C:\Dokumente und Einstellu
    Plagegeister aller Art und deren Bekämpfung - 15.02.2013 (18)
  8. Werbung in allen Browsern
    Log-Analyse und Auswertung - 06.12.2012 (22)
  9. Ad Aware, Incredibar - mysearch auf allen 3 Browsern
    Plagegeister aller Art und deren Bekämpfung - 04.12.2012 (45)
  10. Ad.Yieldmanager.Com - Werbefenster und Weiterleitungen in allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (13)
  11. ichanti.ru als Startseite in allen Browsern
    Log-Analyse und Auswertung - 25.03.2012 (4)
  12. startsear.ch als Browserstartseite bei allen Browsern
    Log-Analyse und Auswertung - 23.01.2012 (11)
  13. Seitenladefehler bei Youtube mit allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 21.10.2011 (16)
  14. Seitenladefehler bei Youtube mit allen Browsern
    Plagegeister aller Art und deren Bekämpfung - 03.10.2011 (52)
  15. Unerwünschte Popups in allen Browsern
    Mülltonne - 06.01.2009 (0)
  16. immer werbung bei allen browsern
    Log-Analyse und Auswertung - 19.10.2008 (48)
  17. Probleme mit allen Browsern
    Log-Analyse und Auswertung - 01.10.2006 (9)

Zum Thema Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. - Hallo, seit einigen Tagen schieben sich in allen drei installierten Browsern (Chrome, FF, IE) unten rechts die gleichen Werbebanner ins Bild. Nicht auf allen Seiten, aber auf den meisten. Zudem - Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen....
Archiv
Du betrachtest: Werbeeinblendung in allen Browsern, gelegentlich Link-Weiterleitungen. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.