Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.06.2012, 16:52   #1
Kickme
 
Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv. - Standard

Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.



Hallo,
Avira findet immer wieder 1 bis 2 versteckte Objekte wie folgt:
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.

zudem findet Avira immer wieder neue Trojaner wie diesen:
Beginne mit der Suche in 'C:\Users\Kicky\AppData\Roaming\AcroIEHelpe148.dll'
C:\Users\Kicky\AppData\Roaming\AcroIEHelpe148.dll
[FUND] Ist das Trojanische Pferd TR/Rogue.kdv.657604
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54c92941.qua' verschoben!

Habe Malwarebytes Anti-Malware scannen lassen:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.25.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kicky :: KICKY-PC [Administrator]

Schutz: Aktiviert

25.06.2012 13:39:02
mbam-log-2012-06-25 (13-39-02).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 374535
Laufzeit: 1 Stunde(n), 19 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\Kicky\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\$Recycle.Bin\S-1-5-21-3390966134-1382135305-2836735314-1000\$R8EER90.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\mozjs.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\nsldap32v60.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\nsldappr32v60.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\nsldif32v60.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kicky\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart.

(Ende)

Danach wurde neugestartet und Avira erneut gestartet:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 25. Juni 2012 15:22

Es wird nach 3868291 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Kicky
Computername : KICKY-PC

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 01.05.2012 22:48:48
AVSCAN.DLL : 12.3.0.15 66256 Bytes 02.05.2012 00:02:50
LUKE.DLL : 12.3.0.15 68304 Bytes 01.05.2012 23:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01.05.2012 22:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 23.06.2012 14:28:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:43:53
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 14:28:36
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 14:28:36
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 14:28:36
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 14:28:36
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 14:28:36
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 14:28:36
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 14:28:36
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 14:28:36
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 14:28:36
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 14:28:37
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 14:28:37
VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 14:28:38
VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 14:28:38
VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 14:28:39
VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 14:28:39
VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 14:28:40
VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 14:28:40
VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 14:28:40
VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 14:28:41
VBASE024.VDF : 7.11.32.133 127488 Bytes 11.06.2012 14:28:41
VBASE025.VDF : 7.11.32.171 182784 Bytes 12.06.2012 14:28:42
VBASE026.VDF : 7.11.32.251 119296 Bytes 14.06.2012 14:28:42
VBASE027.VDF : 7.11.33.83 159232 Bytes 18.06.2012 14:28:42
VBASE028.VDF : 7.11.33.195 200192 Bytes 22.06.2012 14:28:43
VBASE029.VDF : 7.11.33.196 2048 Bytes 22.06.2012 14:28:43
VBASE030.VDF : 7.11.33.197 2048 Bytes 22.06.2012 14:28:43
VBASE031.VDF : 7.11.33.234 84480 Bytes 25.06.2012 11:24:50
Engineversion : 8.2.10.96
AEVDF.DLL : 8.1.2.8 106867 Bytes 23.06.2012 14:28:51
AESCRIPT.DLL : 8.1.4.28 455035 Bytes 23.06.2012 14:28:51
AESCN.DLL : 8.1.8.2 131444 Bytes 16.02.2012 16:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 23.06.2012 14:28:52
AERDL.DLL : 8.1.9.15 639348 Bytes 20.01.2012 23:21:32
AEPACK.DLL : 8.2.16.22 807288 Bytes 23.06.2012 14:28:51
AEOFFICE.DLL : 8.1.2.38 201083 Bytes 23.06.2012 14:28:49
AEHEUR.DLL : 8.1.4.52 4923767 Bytes 23.06.2012 14:28:49
AEHELP.DLL : 8.1.21.0 254326 Bytes 23.06.2012 14:28:45
AEGEN.DLL : 8.1.5.30 422261 Bytes 23.06.2012 14:28:44
AEEXP.DLL : 8.1.0.54 82293 Bytes 23.06.2012 14:28:52
AEEMU.DLL : 8.1.3.0 393589 Bytes 20.01.2012 23:21:29
AECORE.DLL : 8.1.25.10 201080 Bytes 23.06.2012 14:28:44
AEBB.DLL : 8.1.1.0 53618 Bytes 20.01.2012 23:21:28
AVWINLL.DLL : 12.3.0.15 27344 Bytes 01.05.2012 22:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 01.05.2012 22:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 01.05.2012 22:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 01.05.2012 22:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01.05.2012 22:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 16.04.2012 21:11:02
AVSMTP.DLL : 12.3.0.15 63440 Bytes 01.05.2012 22:51:35
NETNT.DLL : 12.3.0.15 17104 Bytes 01.05.2012 23:33:29
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 02.05.2012 00:03:51
RCTEXT.DLL : 12.3.0.15 98512 Bytes 02.05.2012 00:03:51

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Festplatten
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\alldiscs.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Montag, 25. Juni 2012 15:22

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RunDll32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winampa.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mini_WMCore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PsiService_2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Windows\Sysnative\drivers\sptd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
Die Registry wurde durchsucht ( '1734' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\alter rechner\Music\hörbuch\***\JAd-OlS.part1.rar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Music\hörbuch\***\JAd-OlS.part2.rar
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
C:\alter rechner\Music\hörbuch\***\JAd-OlS.part3.rar
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
C:\alter rechner\Music\hörbuch\***\JAd-OlS.part4.rar
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
C:\alter rechner\Music\hörbuch\***\JKDR.part1.rar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Music\hörbuch\***\JKDR.part2.rar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Music\hörbuch\***\JKDR.part3.rar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Music\hörbuch\***\JKDR.part4.rar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Software\office\FILES\OSP\1033\IE5\EN\IENT_S1.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Software\office\FILES\OSP\1033\IE5\EN\IENT_S2.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Software\office\FILES\OSP\1033\IE5\EN\IENT_S3.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Software\office\FILES\OSP\1033\IE5\EN\IENT_S4.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Software\office\FILES\OSP\1033\IE5\EN\IE_S1.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Software\office\FILES\OSP\1033\IE5\EN\IE_S2.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Software\office\FILES\OSP\1033\IE5\EN\IE_S3.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Users\Kicky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CWRXVDZ\theme[1].zip
[WARNUNG] Unerwartetes Dateiende erreicht


Ende des Suchlaufs: Montag, 25. Juni 2012 16:34
Benötigte Zeit: 1:11:38 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

34731 Verzeichnisse wurden überprüft
835513 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
1 Dateien konnten nicht durchsucht werden
835512 Dateien ohne Befall
19618 Archive wurden durchsucht
17 Warnungen
0 Hinweise


Als nächstes habe ich defogger benutzt:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:11 on 25/06/2012 (Kicky)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

Neustart wurde durchgeführt, danach hab ich habe ich Schritt 2 der Anleitung für Hilfesuchende befolgt:
OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.06.2012 17:57:00 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Kicky\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 67,58% Memory free
7,60 Gb Paging File | 5,96 Gb Available in Paging File | 78,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,56 Gb Total Space | 93,11 Gb Free Space | 41,65% Space Free | Partition Type: NTFS
 
Computer Name: KICKY-PC | User Name: Kicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.25 17:55:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Kicky\Desktop\OTL.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.11 23:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.01.28 15:53:54 | 000,453,120 | R--- | M] () -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
PRC - [2009.07.24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 15:42:54 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll
MOD - [2012.06.14 12:27:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 12:27:45 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.15 08:39:46 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012.05.15 08:37:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.15 08:37:04 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.15 08:36:59 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.15 08:36:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.15 08:36:54 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.15 08:36:49 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.08.25 13:49:58 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.07.22 03:19:24 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.07.19 19:08:30 | 001,429,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010.07.19 18:46:54 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010.06.29 16:12:20 | 000,158,720 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.28 15:53:54 | 000,453,120 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2010.01.10 13:01:38 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009.07.24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.06.21 11:55:00 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2012.06.21 11:55:00 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.06.21 11:55:00 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.06.21 11:55:00 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.06.21 11:55:00 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 18:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.05.26 10:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.01 22:18:40 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2010.12.01 19:09:30 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.15 08:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.03 10:40:24 | 000,104,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2010.07.22 03:19:24 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.07.14 05:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.27 00:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.18 08:56:26 | 000,026,160 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010.01.18 08:56:26 | 000,021,040 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdfltn.sys -- (stdflt)
DRV:64bit: - [2009.12.03 17:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 7E CF 19 4A 51 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {0552F62B-0DC6-4AFC-9C33-005511CA711E}
IE - HKCU\..\SearchScopes\{0552F62B-0DC6-4AFC-9C33-005511CA711E}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php"
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:2.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 16:36:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\components [2011.07.01 11:57:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\plugins [2012.06.23 18:08:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Kicky\AppData\Roaming\13001.011 [2012.06.25 15:03:48 | 000,000,000 | ---D | M]
 
[2011.02.01 12:24:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kicky\AppData\Roaming\Mozilla\Extensions
[2010.12.11 11:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kicky\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.24 23:07:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kicky\AppData\Roaming\Mozilla\Firefox\Profiles\u80ghfrw.default\extensions
[2011.07.19 14:24:13 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Kicky\AppData\Roaming\Mozilla\Firefox\Profiles\u80ghfrw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.24 23:07:42 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Kicky\AppData\Roaming\Mozilla\Firefox\Profiles\u80ghfrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.06.23 16:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.06.25 15:03:48 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\KICKY\APPDATA\ROAMING\13001.011
[2012.02.15 10:39:30 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\KICKY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U80GHFRW.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll File not found
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll File not found
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0CC7E1D-6F22-44C9-8D54-C27011D13830}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\Shell\FDInfo\command - "" = write DOCS\INFO.TXT
O33 - MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\Shell\Installdoc\command - "" = write DOCS\INSTALL3.TXT
O33 - MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\Shell\InstReadme\command - "" = write DOCS\README.TXT
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.25 17:55:49 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Kicky\Desktop\OTL.exe
[2012.06.25 15:03:47 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\13001.011
[2012.06.25 13:38:02 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\Malwarebytes
[2012.06.25 13:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.25 13:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.25 13:37:39 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.25 13:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.24 23:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012.06.24 23:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.06.24 23:09:26 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\QuickScan
[2012.06.24 23:07:53 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\13001.009
[2012.06.23 21:49:11 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\13001.008
[2012.06.23 18:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.06.23 16:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.06.23 16:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.06.23 16:33:30 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\Avira
[2012.06.23 16:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.23 16:28:11 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.06.23 16:28:10 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.06.23 16:28:10 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.06.23 16:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.23 16:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.06.23 15:58:01 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12001.023
[2012.06.23 15:23:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kicky\Desktop\HiJackThis204.exe
[2012.06.23 15:17:43 | 000,000,000 | ---D | C] -- C:\79d2d89de1bf34f42e21
[2012.06.23 15:16:21 | 000,000,000 | ---D | C] -- C:\12ae3b4214f3964fe27868
[2012.06.22 09:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2012.06.22 09:18:48 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Local\PC_Drivers_Headquarters
[2012.06.22 09:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
[2012.06.22 09:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
[2012.06.21 11:40:47 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12022
[2012.06.15 10:33:00 | 000,000,000 | ---D | C] -- C:\Windows\{8D66B53E-07E4-45E0-B29F-D3285859C9EF}
[2012.06.14 15:25:50 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12016
[2012.06.13 11:29:47 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12015
[2012.06.12 15:17:50 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12014
[2012.06.12 15:17:31 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\xmldm
[2012.06.12 15:17:30 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\kock
[2012.05.28 21:15:21 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\dvdcss
[2012.05.28 09:57:18 | 000,000,000 | ---D | C] -- C:\Users\Kicky\Desktop\Filme
[2011.07.01 11:57:06 | 015,141,040 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xul.dll
[2011.07.01 11:57:06 | 000,399,536 | ---- | C] (Mozilla Messaging) -- C:\Program Files (x86)\thunderbird.exe
[2011.07.01 11:57:06 | 000,016,048 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\plugin-container.exe
[2011.07.01 11:57:05 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\D3DCompiler_42.dll
[2011.07.01 11:57:05 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\d3dx9_42.dll
[2011.07.01 11:57:05 | 000,514,224 | ---- | C] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll
[2011.07.01 11:57:05 | 000,469,168 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libGLESv2.dll
[2011.07.01 11:57:05 | 000,268,464 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\freebl3.dll
[2011.07.01 11:57:05 | 000,125,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\crashreporter.exe
[2011.07.01 11:57:05 | 000,092,336 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libEGL.dll
[2011.07.01 11:57:05 | 000,018,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\AccessibleMarshal.dll
[2011.07.01 11:57:05 | 000,015,024 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozalloc.dll
[2010.12.11 11:56:09 | 000,059,568 | ---- | C] (Mozilla.org) -- C:\Program Files (x86)\mozMapi32_InUse.dll
[2010.12.11 11:56:09 | 000,018,096 | ---- | C] (Mozilla.org) -- C:\Program Files (x86)\MapiProxy_InUse.dll
[2010.12.11 11:56:07 | 000,719,024 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozcpp19.dll
[2010.12.11 11:56:07 | 000,714,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozcrt19.dll
[2010.12.11 11:56:07 | 000,645,296 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nss3.dll
[2010.12.11 11:56:07 | 000,342,192 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssckbi.dll
[2010.12.11 11:56:07 | 000,174,256 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nspr4.dll
[2010.12.11 11:56:07 | 000,166,064 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\softokn3.dll
[2010.12.11 11:56:07 | 000,141,488 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\ssl3.dll
[2010.12.11 11:56:07 | 000,104,624 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\smime3.dll
[2010.12.11 11:56:07 | 000,104,624 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssdbm3.dll
[2010.12.11 11:56:07 | 000,088,240 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssutil3.dll
[2010.12.11 11:56:07 | 000,059,568 | ---- | C] (Mozilla.org) -- C:\Program Files (x86)\mozMapi32.dll
[2010.12.11 11:56:07 | 000,021,168 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plc4.dll
[2010.12.11 11:56:07 | 000,018,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xpcom.dll
[2010.12.11 11:56:07 | 000,018,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\WSEnable.exe
[2010.12.11 11:56:07 | 000,018,096 | ---- | C] (Mozilla.org) -- C:\Program Files (x86)\MapiProxy.dll
[2010.12.11 11:56:07 | 000,018,096 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plds4.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Kicky\AppData\Roaming\*.tmp files -> C:\Users\Kicky\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.25 17:55:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Kicky\Desktop\OTL.exe
[2012.06.25 17:19:48 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.25 17:19:48 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.25 17:16:32 | 001,505,390 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.25 17:16:32 | 000,656,528 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.25 17:16:32 | 000,618,370 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.25 17:16:32 | 000,131,268 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.25 17:16:32 | 000,107,650 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.25 17:12:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.25 17:11:58 | 3062,247,424 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.25 17:11:01 | 000,000,020 | ---- | M] () -- C:\Users\Kicky\defogger_reenable
[2012.06.25 17:09:19 | 000,050,477 | ---- | M] () -- C:\Users\Kicky\Desktop\Defogger.exe
[2012.06.25 15:03:43 | 000,000,032 | ---- | M] () -- C:\Users\Kicky\AppData\Roaming\blckdom.res
[2012.06.24 23:49:26 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.06.24 23:49:07 | 001,527,912 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.23 15:45:46 | 000,010,337 | ---- | M] () -- C:\Users\Kicky\Desktop\bookmarks-2012-06-23.json
[2012.06.23 15:23:02 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kicky\Desktop\HiJackThis204.exe
[2012.06.23 15:10:34 | 002,077,422 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012.06.22 09:18:01 | 000,002,455 | ---- | M] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2012.06.22 09:09:52 | 000,376,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.21 15:19:54 | 000,000,013 | ---- | M] () -- C:\Users\Kicky\AppData\Roaming\urhtps.dat
[2012.06.21 12:00:30 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Kicky\AppData\Roaming\*.tmp files -> C:\Users\Kicky\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.25 17:11:01 | 000,000,020 | ---- | C] () -- C:\Users\Kicky\defogger_reenable
[2012.06.25 17:09:18 | 000,050,477 | ---- | C] () -- C:\Users\Kicky\Desktop\Defogger.exe
[2012.06.24 23:49:26 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.06.24 23:49:15 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.06.24 23:49:07 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.23 18:08:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.06.23 16:36:34 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.23 15:45:46 | 000,010,337 | ---- | C] () -- C:\Users\Kicky\Desktop\bookmarks-2012-06-23.json
[2012.06.22 10:25:58 | 000,000,032 | ---- | C] () -- C:\Users\Kicky\AppData\Roaming\blckdom.res
[2012.06.22 09:18:01 | 000,002,455 | ---- | C] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2012.06.21 15:19:54 | 000,000,013 | ---- | C] () -- C:\Users\Kicky\AppData\Roaming\urhtps.dat
[2012.03.06 19:21:36 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll
[2011.08.09 18:22:10 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.08.09 18:22:09 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.08.09 18:22:09 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011.08.09 18:22:09 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.07.01 11:57:06 | 000,017,900 | ---- | C] () -- C:\Program Files (x86)\removed-files
[2011.07.01 11:57:06 | 000,001,664 | ---- | C] () -- C:\Program Files (x86)\precomplete
[2011.07.01 11:57:05 | 005,859,911 | ---- | C] () -- C:\Program Files (x86)\omni.jar
[2011.07.01 11:57:05 | 000,004,276 | ---- | C] () -- C:\Program Files (x86)\crashreporter.ini
[2011.07.01 11:57:05 | 000,003,518 | ---- | C] () -- C:\Program Files (x86)\blocklist.xml
[2011.07.01 11:57:05 | 000,002,056 | ---- | C] () -- C:\Program Files (x86)\application.ini
[2011.07.01 11:57:05 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\freebl3.chk
[2011.06.27 18:22:43 | 000,000,025 | ---- | C] () -- C:\Windows\CDED68PE.ini
[2010.12.11 11:56:09 | 000,000,709 | ---- | C] () -- C:\Program Files (x86)\updater.ini
[2010.12.11 11:56:09 | 000,000,003 | ---- | C] () -- C:\Program Files (x86)\update.locale
[2010.12.11 11:56:07 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\softokn3.chk
[2010.12.11 11:56:07 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\nssdbm3.chk
[2010.12.11 11:56:07 | 000,000,139 | ---- | C] () -- C:\Program Files (x86)\platform.ini
[2010.12.11 11:35:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.01 20:15:15 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.01 19:15:17 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0828.old
[2010.12.01 19:15:17 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.11.29 23:42:52 | 000,001,734 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== LOP Check ==========
 
[2012.06.23 15:58:02 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12001.023
[2012.06.12 15:17:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12014
[2012.06.13 11:29:47 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12015
[2012.06.14 15:25:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12016
[2012.06.21 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12022
[2012.06.23 21:49:13 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\13001.008
[2012.06.24 23:07:53 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\13001.009
[2012.06.25 15:03:48 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\13001.011
[2011.12.22 10:29:28 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Canneverbe Limited
[2012.03.08 17:45:09 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\DAEMON Tools Lite
[2011.09.13 14:55:14 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\DVDVideoSoft
[2011.07.19 14:24:13 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.03 14:53:22 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\EndNote
[2011.02.02 13:09:05 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\GHISLER
[2011.03.29 19:38:34 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\gnupg
[2012.06.12 15:17:30 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\kock
[2011.02.02 11:29:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Local
[2011.12.22 10:27:52 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\OpenCandy
[2010.11.29 23:23:09 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Opera
[2011.04.02 13:39:49 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\PlayFirst
[2012.06.24 23:09:30 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\QuickScan
[2010.12.11 11:56:31 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Thunderbird
[2010.11.29 23:48:04 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\WirelessManager
[2012.06.21 15:20:33 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\xmldm
[2012.03.11 21:32:18 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >
         
--- --- ---


Extra.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 25.06.2012 17:57:00 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Kicky\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 67,58% Memory free
7,60 Gb Paging File | 5,96 Gb Available in Paging File | 78,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,56 Gb Total Space | 93,11 Gb Free Space | 41,65% Space Free | Partition Type: NTFS
 
Computer Name: KICKY-PC | User Name: Kicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4CD5FA09-ED7A-413C-9CC3-2516C3B17C7B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{B1022CEB-3683-4532-8891-356EB4AF8BBD}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{45867D65-4937-40F2-BFBF-D7A66457ECEF}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{5786245E-48DB-4DFF-8D54-264D4CDF48FB}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{5CE56AB5-DBC9-4CB7-9574-15B191B2C2C1}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{0572BAA0-054B-4410-BF90-C6E8332A3BA2}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{848318AE-8639-4905-AB2D-8FACE13CFCFA}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{E3D931D1-315B-448E-87EB-3FDEAA187A19}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel(R) PROSet/Wireless WiFi-Software
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64973F6A-8754-43D1-BDD0-FC6F0546347B}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{0637819B-C154-4AAE-B4E4-07B89860C20E}" = Dell Backup and Recovery Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{368FCA18-C510-4F87-B60E-192B9BDBAE3D}" = CorelDRAW Graphics Suite X5
"{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}" = Driver Detective
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{94FA9FA6-5294-494D-A8F1-1E654CBB5736}" = Epson Easy Photo Print 2
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"7-Zip" = 7-Zip 9.20
"Avira AntiVir Desktop" = Avira Free Antivirus
"Browser Defender_is1" = Browser Defender 3.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Totalcmd" = Total Commander (Remove or Repair)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.06.2012 03:53:17 | Computer Name = Kicky-PC | Source = MsiInstaller | ID = 11730
Description = 
 
Error - 23.06.2012 10:11:32 | Computer Name = Kicky-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000cea18  ID des fehlerhaften
 Prozesses: 0xc70  Startzeit der fehlerhaften Anwendung: 0x01cd514a1280849a  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 54dcc505-bd3d-11e1-a046-835c36c60e72
 
Error - 23.06.2012 12:40:49 | Computer Name = Kicky-PC | Source = VSS | ID = 12310
Description = 
 
Error - 23.06.2012 12:40:50 | Computer Name = Kicky-PC | Source = VSS | ID = 12298
Description = 
 
Error - 24.06.2012 16:18:12 | Computer Name = Kicky-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 24.06.2012 17:24:00 | Computer Name = Kicky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Kicky\Desktop\SoftonicDownloader_fuer_microsoft-security-essentials.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 24.06.2012 17:24:05 | Computer Name = Kicky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Kicky\Desktop\SoftonicDownloader_fuer_microsoft-security-essentials.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 24.06.2012 17:25:31 | Computer Name = Kicky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Kicky\Desktop\SoftonicDownloader_fuer_microsoft-security-essentials.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 24.06.2012 17:25:36 | Computer Name = Kicky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Kicky\Desktop\SoftonicDownloader_fuer_microsoft-security-essentials.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 24.06.2012 17:26:16 | Computer Name = Kicky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Kicky\Desktop\SoftonicDownloader_fuer_microsoft-security-essentials.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
[ System Events ]
Error - 22.06.2012 04:13:27 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PC Tools Security Service" wurde unerwartet beendet. Dies 
ist bereits 2 Mal passiert.
 
Error - 22.06.2012 04:19:13 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PC Tools Security Service" wurde unerwartet beendet. Dies 
ist bereits 3 Mal passiert.
 
Error - 22.06.2012 04:25:00 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PC Tools Security Service" wurde unerwartet beendet. Dies 
ist bereits 4 Mal passiert.
 
Error - 22.06.2012 04:30:46 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PC Tools Security Service" wurde unerwartet beendet. Dies 
ist bereits 5 Mal passiert.
 
Error - 23.06.2012 09:06:24 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "PC Tools Security Service" wurde nicht richtig gestartet.
 
Error - 23.06.2012 09:11:35 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PC Tools Security Service" wurde unerwartet beendet. Dies 
ist bereits 1 Mal passiert.
 
Error - 23.06.2012 09:59:13 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:   %%-2147467243
 
Error - 23.06.2012 10:05:00 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "PC Tools Security Service" wurde nicht richtig gestartet.
 
Error - 23.06.2012 10:07:19 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PC Tools Security Service" wurde unerwartet beendet. Dies 
ist bereits 1 Mal passiert.
 
Error - 23.06.2012 15:49:34 | Computer Name = Kicky-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
--- --- ---

und jetzt weiß ich nicht wie ich weiter vorgehen soll? Muss/kann ich den defogger wieder aktivieren? Ist der fertig?

Lieben Dank im Voraus!
Schöne Grüße
Kickme

Geändert von Kickme (25.06.2012 um 17:30 Uhr)

Alt 28.06.2012, 11:38   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv. - Standard

Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.



Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
         
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
ATTFilter
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
         
Poste nun den Inhalt der log.txt.
__________________

__________________

Alt 28.06.2012, 16:40   #3
Kickme
 
Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv. - Standard

Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.



Danke für die Antwort, hier der log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9cbc046c4bb0ae4595ae7835309ae646
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-28 10:52:28
# local_time=2012-06-28 12:52:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 419035 419035 0 0
# compatibility_mode=5893 16776574 100 94 421001 92510575 0 0
# compatibility_mode=8192 67108863 100 0 170 170 0 0
# scanned=1389
# found=0
# cleaned=0
# scan_time=22
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9cbc046c4bb0ae4595ae7835309ae646
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-28 10:53:56
# local_time=2012-06-28 12:53:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 419109 419109 0 0
# compatibility_mode=5893 16776574 100 94 421075 92510649 0 0
# compatibility_mode=8192 67108863 100 0 244 244 0 0
# scanned=2519
# found=0
# cleaned=0
# scan_time=37
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9cbc046c4bb0ae4595ae7835309ae646
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-28 03:35:11
# local_time=2012-06-28 05:35:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 419205 419205 0 0
# compatibility_mode=5893 16776574 100 94 421171 92510745 0 0
# compatibility_mode=8192 67108863 100 0 340 340 0 0
# scanned=179434
# found=1
# cleaned=0
# scan_time=16816
C:\Users\Kicky\AppData\Roaming\13001.009\components\AcroFF009.dll a variant of Win32/Spy.Banker.YAH trojan (unable to clean) 00000000000000000000000000000000 I
__________________

Alt 02.07.2012, 11:26   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv. - Standard

Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.07.2012, 14:17   #5
Kickme
 
Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv. - Standard

Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.



hier der log. hätte ich bei dem programm nach dem scan bereinigen oder so klicken sollen?

Code:
ATTFilter
OTL logfile created on: 02.07.2012 14:56:38 - Run 2
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\Kicky\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 60,08% Memory free
7,60 Gb Paging File | 5,81 Gb Available in Paging File | 76,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,56 Gb Total Space | 93,90 Gb Free Space | 42,00% Space Free | Partition Type: NTFS
 
Computer Name: KICKY-PC | User Name: Kicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.02 14:53:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kicky\Desktop\OTL(1).exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.11 23:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.01.28 15:53:54 | 000,453,120 | R--- | M] () -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
PRC - [2009.07.24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 15:42:54 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll
MOD - [2012.06.14 12:27:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 12:27:45 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.15 08:39:46 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012.05.15 08:37:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.15 08:37:04 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.15 08:36:59 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.15 08:36:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.15 08:36:54 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.15 08:36:49 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.08.25 13:49:58 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.07.22 03:19:24 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.07.19 19:08:30 | 001,429,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010.07.19 18:46:54 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010.06.29 16:12:20 | 000,158,720 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.28 15:53:54 | 000,453,120 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2010.01.10 13:01:38 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009.07.24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.06.21 11:55:00 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2012.06.21 11:55:00 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.06.21 11:55:00 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.06.21 11:55:00 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.06.21 11:55:00 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 18:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.05.26 10:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.01 22:18:40 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2010.12.01 19:09:30 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.15 08:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.03 10:40:24 | 000,104,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2010.07.22 03:19:24 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.07.14 05:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.27 00:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.18 08:56:26 | 000,026,160 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010.01.18 08:56:26 | 000,021,040 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdfltn.sys -- (stdflt)
DRV:64bit: - [2009.12.03 17:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3390966134-1382135305-2836735314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3390966134-1382135305-2836735314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3390966134-1382135305-2836735314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 7E CF 19 4A 51 CD 01  [binary data]
IE - HKU\S-1-5-21-3390966134-1382135305-2836735314-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\InprocServer32 File not found
IE - HKU\S-1-5-21-3390966134-1382135305-2836735314-1000\..\SearchScopes,DefaultScope = {0552F62B-0DC6-4AFC-9C33-005511CA711E}
IE - HKU\S-1-5-21-3390966134-1382135305-2836735314-1000\..\SearchScopes\{0552F62B-0DC6-4AFC-9C33-005511CA711E}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3390966134-1382135305-2836735314-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3390966134-1382135305-2836735314-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php"
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:2.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 16:36:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\components [2011.07.01 11:57:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\plugins [2012.06.23 18:08:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Kicky\AppData\Roaming\13001.011 [2012.06.25 15:03:48 | 000,000,000 | ---D | M]
 
[2011.02.01 12:24:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kicky\AppData\Roaming\Mozilla\Extensions
[2010.12.11 11:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kicky\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.24 23:07:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kicky\AppData\Roaming\Mozilla\Firefox\Profiles\u80ghfrw.default\extensions
[2011.07.19 14:24:13 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Kicky\AppData\Roaming\Mozilla\Firefox\Profiles\u80ghfrw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.24 23:07:42 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Kicky\AppData\Roaming\Mozilla\Firefox\Profiles\u80ghfrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.06.23 16:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.06.25 15:03:48 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\KICKY\APPDATA\ROAMING\13001.011
[2012.02.15 10:39:30 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\KICKY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U80GHFRW.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll File not found
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll File not found
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-3390966134-1382135305-2836735314-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll File not found
O3 - HKU\S-1-5-21-3390966134-1382135305-2836735314-1000\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0CC7E1D-6F22-44C9-8D54-C27011D13830}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\Shell\FDInfo\command - "" = write DOCS\INFO.TXT
O33 - MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\Shell\Installdoc\command - "" = write DOCS\INSTALL3.TXT
O33 - MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\Shell\InstReadme\command - "" = write DOCS\README.TXT
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.02 14:53:46 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Kicky\Desktop\OTL(1).exe
[2012.06.28 12:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.28 12:48:03 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Kicky\Desktop\esetsmartinstaller_enu.exe
[2012.06.25 15:03:47 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\13001.011
[2012.06.25 13:38:02 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\Malwarebytes
[2012.06.25 13:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.25 13:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.25 13:37:39 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.25 13:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.24 23:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012.06.24 23:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.06.24 23:09:26 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\QuickScan
[2012.06.24 23:07:53 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\13001.009
[2012.06.23 21:49:11 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\13001.008
[2012.06.23 18:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.06.23 16:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.06.23 16:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.06.23 16:33:30 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\Avira
[2012.06.23 16:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.23 16:28:11 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.06.23 16:28:10 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.06.23 16:28:10 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.06.23 16:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.23 16:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.06.23 15:58:01 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12001.023
[2012.06.23 15:23:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kicky\Desktop\HiJackThis204.exe
[2012.06.23 15:17:43 | 000,000,000 | ---D | C] -- C:\79d2d89de1bf34f42e21
[2012.06.23 15:16:21 | 000,000,000 | ---D | C] -- C:\12ae3b4214f3964fe27868
[2012.06.22 09:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2012.06.22 09:18:48 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Local\PC_Drivers_Headquarters
[2012.06.22 09:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
[2012.06.22 09:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
[2012.06.21 11:40:47 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12022
[2012.06.15 10:33:00 | 000,000,000 | ---D | C] -- C:\Windows\{8D66B53E-07E4-45E0-B29F-D3285859C9EF}
[2012.06.14 15:25:50 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12016
[2012.06.13 11:29:47 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12015
[2012.06.12 15:17:50 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12014
[2012.06.12 15:17:31 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\xmldm
[2012.06.12 15:17:30 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\kock
[2011.07.01 11:57:06 | 015,141,040 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xul.dll
[2011.07.01 11:57:06 | 000,399,536 | ---- | C] (Mozilla Messaging) -- C:\Program Files (x86)\thunderbird.exe
[2011.07.01 11:57:06 | 000,016,048 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\plugin-container.exe
[2011.07.01 11:57:05 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\D3DCompiler_42.dll
[2011.07.01 11:57:05 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\d3dx9_42.dll
[2011.07.01 11:57:05 | 000,514,224 | ---- | C] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll
[2011.07.01 11:57:05 | 000,469,168 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libGLESv2.dll
[2011.07.01 11:57:05 | 000,268,464 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\freebl3.dll
[2011.07.01 11:57:05 | 000,125,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\crashreporter.exe
[2011.07.01 11:57:05 | 000,092,336 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libEGL.dll
[2011.07.01 11:57:05 | 000,018,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\AccessibleMarshal.dll
[2011.07.01 11:57:05 | 000,015,024 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozalloc.dll
[2010.12.11 11:56:09 | 000,059,568 | ---- | C] (Mozilla.org) -- C:\Program Files (x86)\mozMapi32_InUse.dll
[2010.12.11 11:56:09 | 000,018,096 | ---- | C] (Mozilla.org) -- C:\Program Files (x86)\MapiProxy_InUse.dll
[2010.12.11 11:56:07 | 000,719,024 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozcpp19.dll
[2010.12.11 11:56:07 | 000,714,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozcrt19.dll
[2010.12.11 11:56:07 | 000,645,296 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nss3.dll
[2010.12.11 11:56:07 | 000,342,192 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssckbi.dll
[2010.12.11 11:56:07 | 000,174,256 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nspr4.dll
[2010.12.11 11:56:07 | 000,166,064 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\softokn3.dll
[2010.12.11 11:56:07 | 000,141,488 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\ssl3.dll
[2010.12.11 11:56:07 | 000,104,624 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\smime3.dll
[2010.12.11 11:56:07 | 000,104,624 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssdbm3.dll
[2010.12.11 11:56:07 | 000,088,240 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssutil3.dll
[2010.12.11 11:56:07 | 000,059,568 | ---- | C] (Mozilla.org) -- C:\Program Files (x86)\mozMapi32.dll
[2010.12.11 11:56:07 | 000,021,168 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plc4.dll
[2010.12.11 11:56:07 | 000,018,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xpcom.dll
[2010.12.11 11:56:07 | 000,018,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\WSEnable.exe
[2010.12.11 11:56:07 | 000,018,096 | ---- | C] (Mozilla.org) -- C:\Program Files (x86)\MapiProxy.dll
[2010.12.11 11:56:07 | 000,018,096 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plds4.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Kicky\AppData\Roaming\*.tmp files -> C:\Users\Kicky\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.02 14:53:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kicky\Desktop\OTL(1).exe
[2012.07.02 14:50:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.28 17:45:44 | 001,505,390 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.28 17:45:44 | 000,656,528 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.28 17:45:44 | 000,618,370 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.28 17:45:44 | 000,131,268 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.28 17:45:44 | 000,107,650 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.28 12:54:30 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 12:54:30 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 12:54:23 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Kicky\Desktop\esetsmartinstaller_enu.exe
[2012.06.28 12:45:17 | 3062,247,424 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.25 17:11:01 | 000,000,020 | ---- | M] () -- C:\Users\Kicky\defogger_reenable
[2012.06.25 17:09:19 | 000,050,477 | ---- | M] () -- C:\Users\Kicky\Desktop\Defogger.exe
[2012.06.25 15:03:43 | 000,000,032 | ---- | M] () -- C:\Users\Kicky\AppData\Roaming\blckdom.res
[2012.06.24 23:49:26 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.06.24 23:49:07 | 001,527,912 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.23 15:45:46 | 000,010,337 | ---- | M] () -- C:\Users\Kicky\Desktop\bookmarks-2012-06-23.json
[2012.06.23 15:23:02 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kicky\Desktop\HiJackThis204.exe
[2012.06.23 15:10:34 | 002,077,422 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012.06.22 09:18:01 | 000,002,455 | ---- | M] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2012.06.22 09:09:52 | 000,376,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.21 15:19:54 | 000,000,013 | ---- | M] () -- C:\Users\Kicky\AppData\Roaming\urhtps.dat
[2012.06.21 12:00:30 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Kicky\AppData\Roaming\*.tmp files -> C:\Users\Kicky\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.25 17:11:01 | 000,000,020 | ---- | C] () -- C:\Users\Kicky\defogger_reenable
[2012.06.25 17:09:18 | 000,050,477 | ---- | C] () -- C:\Users\Kicky\Desktop\Defogger.exe
[2012.06.24 23:49:26 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.06.24 23:49:15 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.06.24 23:49:07 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.23 18:08:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.06.23 16:36:34 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.23 15:45:46 | 000,010,337 | ---- | C] () -- C:\Users\Kicky\Desktop\bookmarks-2012-06-23.json
[2012.06.22 10:25:58 | 000,000,032 | ---- | C] () -- C:\Users\Kicky\AppData\Roaming\blckdom.res
[2012.06.22 09:18:01 | 000,002,455 | ---- | C] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2012.06.21 15:19:54 | 000,000,013 | ---- | C] () -- C:\Users\Kicky\AppData\Roaming\urhtps.dat
[2012.03.06 19:21:36 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll
[2011.08.09 18:22:10 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.08.09 18:22:09 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.08.09 18:22:09 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011.08.09 18:22:09 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.07.01 11:57:06 | 000,017,900 | ---- | C] () -- C:\Program Files (x86)\removed-files
[2011.07.01 11:57:06 | 000,001,664 | ---- | C] () -- C:\Program Files (x86)\precomplete
[2011.07.01 11:57:05 | 005,859,911 | ---- | C] () -- C:\Program Files (x86)\omni.jar
[2011.07.01 11:57:05 | 000,004,276 | ---- | C] () -- C:\Program Files (x86)\crashreporter.ini
[2011.07.01 11:57:05 | 000,003,518 | ---- | C] () -- C:\Program Files (x86)\blocklist.xml
[2011.07.01 11:57:05 | 000,002,056 | ---- | C] () -- C:\Program Files (x86)\application.ini
[2011.07.01 11:57:05 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\freebl3.chk
[2011.06.27 18:22:43 | 000,000,025 | ---- | C] () -- C:\Windows\CDED68PE.ini
[2010.12.11 11:56:09 | 000,000,709 | ---- | C] () -- C:\Program Files (x86)\updater.ini
[2010.12.11 11:56:09 | 000,000,003 | ---- | C] () -- C:\Program Files (x86)\update.locale
[2010.12.11 11:56:07 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\softokn3.chk
[2010.12.11 11:56:07 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\nssdbm3.chk
[2010.12.11 11:56:07 | 000,000,139 | ---- | C] () -- C:\Program Files (x86)\platform.ini
[2010.12.11 11:35:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.01 20:15:15 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.01 19:15:17 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0828.old
[2010.12.01 19:15:17 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.11.29 23:42:52 | 000,001,734 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== LOP Check ==========
 
[2012.06.23 15:58:02 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12001.023
[2012.06.12 15:17:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12014
[2012.06.13 11:29:47 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12015
[2012.06.14 15:25:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12016
[2012.06.21 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12022
[2012.06.23 21:49:13 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\13001.008
[2012.06.24 23:07:53 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\13001.009
[2012.06.25 15:03:48 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\13001.011
[2011.12.22 10:29:28 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Canneverbe Limited
[2012.03.08 17:45:09 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\DAEMON Tools Lite
[2011.09.13 14:55:14 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\DVDVideoSoft
[2011.07.19 14:24:13 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.03 14:53:22 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\EndNote
[2011.02.02 13:09:05 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\GHISLER
[2011.03.29 19:38:34 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\gnupg
[2012.06.12 15:17:30 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\kock
[2011.02.02 11:29:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Local
[2011.12.22 10:27:52 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\OpenCandy
[2010.11.29 23:23:09 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Opera
[2011.04.02 13:39:49 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\PlayFirst
[2012.06.24 23:09:30 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\QuickScan
[2010.12.11 11:56:31 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Thunderbird
[2010.11.29 23:48:04 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\WirelessManager
[2012.06.21 15:20:33 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\xmldm
[2012.03.11 21:32:18 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.06.23 15:58:02 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12001.023
[2012.06.12 15:17:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12014
[2012.06.13 11:29:47 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12015
[2012.06.14 15:25:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12016
[2012.06.21 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12022
[2012.06.23 21:49:13 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\13001.008
[2012.06.24 23:07:53 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\13001.009
[2012.06.25 15:03:48 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\13001.011
[2010.12.12 12:18:44 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Adobe
[2012.06.23 16:33:30 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Avira
[2011.12.22 10:29:28 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Canneverbe Limited
[2011.08.09 11:37:25 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Corel
[2012.03.08 17:45:09 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\DAEMON Tools Lite
[2010.11.29 23:44:48 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Dell
[2012.05.28 21:15:21 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\dvdcss
[2011.09.13 14:55:14 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\DVDVideoSoft
[2011.07.19 14:24:13 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.03 14:53:22 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\EndNote
[2011.02.02 13:09:05 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\GHISLER
[2011.03.29 19:38:34 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\gnupg
[2010.11.29 21:29:03 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Identities
[2010.11.29 22:36:28 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\InstallShield
[2010.11.29 21:59:41 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Intel
[2010.11.30 00:04:46 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Intel Corporation
[2012.06.12 15:17:30 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\kock
[2011.02.02 11:29:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Local
[2010.12.01 20:41:33 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Macromedia
[2012.06.25 13:38:02 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Media Center Programs
[2011.11.18 12:02:31 | 000,000,000 | --SD | M] -- C:\Users\Kicky\AppData\Roaming\Microsoft
[2011.02.01 12:23:53 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Mozilla
[2011.12.22 10:27:52 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\OpenCandy
[2010.11.29 23:23:09 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Opera
[2011.04.02 13:39:49 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\PlayFirst
[2012.06.24 23:09:30 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\QuickScan
[2012.06.25 08:58:27 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Skype
[2011.01.11 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\skypePM
[2010.12.11 11:56:31 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Thunderbird
[2011.07.12 20:36:42 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\vlc
[2011.07.19 19:24:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Winamp
[2010.11.29 23:48:04 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\WirelessManager
[2012.06.21 15:20:33 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\xmldm
 
< %APPDATA%\*.exe /s >
[2011.12.13 02:33:00 | 036,965,680 | ---- | M] (Microsoft Corporation) -- C:\Users\Kicky\AppData\Roaming\OpenCandy\15BBAA40BD5E421DA87173AF69D7646F\IE9-Windows7-x64-deu.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >
         


Alt 02.07.2012, 14:23   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv. - Standard

Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4:64bit: - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\Shell\FDInfo\command - "" = write DOCS\INFO.TXT
O33 - MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\Shell\Installdoc\command - "" = write DOCS\INSTALL3.TXT
O33 - MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\Shell\InstReadme\command - "" = write DOCS\README.TXT
[2012.06.25 15:03:47 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\13001.011
[2012.06.24 23:07:53 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\13001.009
[2012.06.23 21:49:11 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\13001.008
[2012.06.23 15:58:01 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12001.023
[2012.06.23 15:23:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kicky\Desktop\HiJackThis204.exe
[2012.06.23 15:17:43 | 000,000,000 | ---D | C] -- C:\79d2d89de1bf34f42e21
[2012.06.23 15:16:21 | 000,000,000 | ---D | C] -- C:\12ae3b4214f3964fe27868
[2012.06.21 11:40:47 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12022
[2012.06.15 10:33:00 | 000,000,000 | ---D | C] -- C:\Windows\{8D66B53E-07E4-45E0-B29F-D3285859C9EF}
[2012.06.14 15:25:50 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12016
[2012.06.13 11:29:47 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12015
[2012.06.12 15:17:50 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12014
[2012.06.12 15:17:31 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\xmldm
[2012.06.12 15:17:30 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\kock
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C31F31E6
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.

Alt 02.07.2012, 14:55   #7
Kickme
 
Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv. - Standard

Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.



ich weiß ich soll nichts ohne anweisung löschen, aber avira hat eigenleben entwickelt und ließ sich nicht deaktivieren. hab es deinstalliert bevor ich OTL erneut gestartet habe.

Code:
ATTFilter
 All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCTools FGuard deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
C:\Program Files (x86)\Winamp\winampa.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\ not found.
File write DOCS\INFO.TXT not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\ not found.
File write DOCS\INSTALL3.TXT not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\ not found.
File write DOCS\README.TXT not found.
C:\Users\Kicky\AppData\Roaming\13001.011\components folder moved successfully.
C:\Users\Kicky\AppData\Roaming\13001.011 folder moved successfully.
C:\Users\Kicky\AppData\Roaming\13001.009\components folder moved successfully.
C:\Users\Kicky\AppData\Roaming\13001.009 folder moved successfully.
C:\Users\Kicky\AppData\Roaming\13001.008\components folder moved successfully.
C:\Users\Kicky\AppData\Roaming\13001.008 folder moved successfully.
C:\Users\Kicky\AppData\Roaming\12001.023\components folder moved successfully.
C:\Users\Kicky\AppData\Roaming\12001.023 folder moved successfully.
C:\Users\Kicky\Desktop\HiJackThis204.exe moved successfully.
C:\79d2d89de1bf34f42e21 folder moved successfully.
C:\12ae3b4214f3964fe27868 folder moved successfully.
C:\Users\Kicky\AppData\Roaming\12022\components folder moved successfully.
C:\Users\Kicky\AppData\Roaming\12022 folder moved successfully.
C:\Windows\{8D66B53E-07E4-45E0-B29F-D3285859C9EF} folder moved successfully.
C:\Users\Kicky\AppData\Roaming\12016\components folder moved successfully.
C:\Users\Kicky\AppData\Roaming\12016 folder moved successfully.
C:\Users\Kicky\AppData\Roaming\12015\components folder moved successfully.
C:\Users\Kicky\AppData\Roaming\12015 folder moved successfully.
C:\Users\Kicky\AppData\Roaming\12014\components folder moved successfully.
C:\Users\Kicky\AppData\Roaming\12014 folder moved successfully.
C:\Users\Kicky\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Kicky\AppData\Roaming\kock folder moved successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:C31F31E6 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Kicky
->Temp folder emptied: 382873029 bytes
->Temporary Internet Files folder emptied: 59314232 bytes
->Java cache emptied: 1640925 bytes
->FireFox cache emptied: 680253155 bytes
->Flash cache emptied: 160448 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1533399 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1350892515 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85230 bytes
RecycleBin emptied: 59398824 bytes
 
Total Files Cleaned = 2.419,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Kicky
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07022012_154447

Files\Folders moved on Reboot...
C:\Users\Kicky\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Kicky\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         

Alt 02.07.2012, 16:20   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv. - Standard

Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.



Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.07.2012, 17:27   #9
Kickme
 
Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv. - Standard

Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.



Hm, habe jetzt deine Angaben befolgt und die Zip-Datei hochgeladen. Müsste ich dann eine Benachrichtigung bekommen oder ist das jetzt einfach so drin, da ich wieder am Ausgangspunkt des Uploaders bin.

Alt 03.07.2012, 11:16   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv. - Standard

Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.



Ich seh die Datei dadrin leider nicht.
Wie groß ist deine ZIP?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.07.2012, 12:01   #11
Kickme
 
Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv. - Standard

Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.



die ist 14.414 kb groß

habs nochmal probiert. hats diesmal geklappt?

Alt 03.07.2012, 14:30   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv. - Standard

Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.



14 MB ist zuviel. Lad diese ZIP bitte hier hoch => File-Upload.net - Ihr kostenloser File Hoster!
und verlink die Datei hier
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.07.2012, 14:40   #13
Kickme
 
Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv. - Standard

Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.



hxxp://www.file-upload.net/download-4505136/MovedFiles.zip.html

Alt 03.07.2012, 15:37   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv. - Standard

Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.07.2012, 18:24   #15
Kickme
 
Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv. - Standard

Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.



Hier der Log:

Code:
ATTFilter
 17:28:00.0066 3796	TDSS rootkit removing tool 2.7.44.0 Jul  2 2012 20:01:08
17:28:00.0581 3796	============================================================
17:28:00.0581 3796	Current date / time: 2012/07/03 17:28:00.0581
17:28:00.0581 3796	SystemInfo:
17:28:00.0581 3796	
17:28:00.0581 3796	OS Version: 6.1.7601 ServicePack: 1.0
17:28:00.0581 3796	Product type: Workstation
17:28:00.0581 3796	ComputerName: KICKY-PC
17:28:00.0581 3796	UserName: Kicky
17:28:00.0581 3796	Windows directory: C:\Windows
17:28:00.0581 3796	System windows directory: C:\Windows
17:28:00.0581 3796	Running under WOW64
17:28:00.0581 3796	Processor architecture: Intel x64
17:28:00.0581 3796	Number of processors: 4
17:28:00.0581 3796	Page size: 0x1000
17:28:00.0581 3796	Boot type: Normal boot
17:28:00.0581 3796	============================================================
17:28:01.0330 3796	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:28:01.0408 3796	============================================================
17:28:01.0408 3796	\Device\Harddisk0\DR0:
17:28:01.0408 3796	MBR partitions:
17:28:01.0408 3796	\Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x14000, BlocksNum 0x94FB0B0
17:28:01.0408 3796	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x950F800, BlocksNum 0x1BF1E800
17:28:01.0408 3796	============================================================
17:28:01.0454 3796	C: <-> \Device\Harddisk0\DR0\Partition1
17:28:01.0454 3796	============================================================
17:28:01.0454 3796	Initialize success
17:28:01.0454 3796	============================================================
17:28:26.0711 3296	============================================================
17:28:26.0711 3296	Scan started
17:28:26.0711 3296	Mode: Manual; SigCheck; TDLFS; 
17:28:26.0711 3296	============================================================
17:28:27.0038 3296	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:28:27.0194 3296	1394ohci - ok
17:28:27.0226 3296	Acceler         (627371b2d48f64cecc4d019114fb140d) C:\Windows\system32\DRIVERS\Accelern.sys
17:28:27.0241 3296	Acceler - ok
17:28:27.0288 3296	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:28:27.0319 3296	ACPI - ok
17:28:27.0350 3296	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:28:27.0460 3296	AcpiPmi - ok
17:28:27.0600 3296	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:28:27.0616 3296	AdobeARMservice - ok
17:28:27.0678 3296	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:28:27.0756 3296	adp94xx - ok
17:28:27.0803 3296	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:28:27.0850 3296	adpahci - ok
17:28:27.0881 3296	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:28:27.0912 3296	adpu320 - ok
17:28:27.0943 3296	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:28:28.0084 3296	AeLookupSvc - ok
17:28:28.0130 3296	AESTFilters     (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
17:28:28.0177 3296	AESTFilters - ok
17:28:28.0255 3296	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:28:28.0349 3296	AFD - ok
17:28:28.0411 3296	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:28:28.0427 3296	agp440 - ok
17:28:28.0458 3296	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:28:28.0505 3296	ALG - ok
17:28:28.0536 3296	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:28:28.0552 3296	aliide - ok
17:28:28.0567 3296	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:28:28.0583 3296	amdide - ok
17:28:28.0598 3296	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:28:28.0676 3296	AmdK8 - ok
17:28:28.0692 3296	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:28:28.0754 3296	AmdPPM - ok
17:28:28.0770 3296	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:28:28.0786 3296	amdsata - ok
17:28:28.0817 3296	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:28:28.0848 3296	amdsbs - ok
17:28:28.0864 3296	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:28:28.0879 3296	amdxata - ok
17:28:28.0957 3296	ApfiltrService  (6d4cb1f46a0ac05326f834fd6b822479) C:\Windows\system32\DRIVERS\Apfiltr.sys
17:28:28.0988 3296	ApfiltrService - ok
17:28:29.0051 3296	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:28:29.0207 3296	AppID - ok
17:28:29.0238 3296	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:28:29.0285 3296	AppIDSvc - ok
17:28:29.0332 3296	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:28:29.0410 3296	Appinfo - ok
17:28:29.0456 3296	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:28:29.0503 3296	AppMgmt - ok
17:28:29.0550 3296	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:28:29.0566 3296	arc - ok
17:28:29.0597 3296	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:28:29.0612 3296	arcsas - ok
17:28:29.0659 3296	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:28:29.0737 3296	AsyncMac - ok
17:28:29.0784 3296	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:28:29.0784 3296	atapi - ok
17:28:29.0846 3296	ATSwpWDF        (ea512f43f4a28d18b52cafe8c93984fb) C:\Windows\system32\Drivers\ATSwpWDF.sys
17:28:29.0878 3296	ATSwpWDF - ok
17:28:29.0971 3296	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:28:30.0065 3296	AudioEndpointBuilder - ok
17:28:30.0080 3296	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:28:30.0112 3296	AudioSrv - ok
17:28:30.0174 3296	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:28:30.0268 3296	AxInstSV - ok
17:28:30.0346 3296	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:28:30.0408 3296	b06bdrv - ok
17:28:30.0502 3296	b57nd60a        (bfd70bea3f8398f6b8b44e5cded3249c) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:28:30.0533 3296	b57nd60a - ok
17:28:30.0564 3296	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:28:30.0626 3296	BDESVC - ok
17:28:30.0658 3296	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:28:30.0736 3296	Beep - ok
17:28:30.0829 3296	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:28:30.0907 3296	BFE - ok
17:28:31.0001 3296	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:28:31.0094 3296	BITS - ok
17:28:31.0141 3296	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:28:31.0172 3296	blbdrive - ok
17:28:31.0219 3296	Blfp            (228086f7ed08e8f1f8622e8f0ded7b6e) C:\Windows\system32\DRIVERS\basp.sys
17:28:31.0250 3296	Blfp - ok
17:28:31.0313 3296	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:28:31.0344 3296	bowser - ok
17:28:31.0453 3296	BrcmMgmtAgent   (96afb6d33247fe90421a5b2e76f4ed59) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
17:28:31.0469 3296	BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - warning
17:28:31.0469 3296	BrcmMgmtAgent - detected UnsignedFile.Multi.Generic (1)
17:28:31.0500 3296	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:28:31.0594 3296	BrFiltLo - ok
17:28:31.0594 3296	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:28:31.0625 3296	BrFiltUp - ok
17:28:31.0672 3296	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:28:31.0765 3296	Browser - ok
17:28:31.0796 3296	Browser Defender Update Service - ok
17:28:31.0828 3296	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:28:31.0874 3296	Brserid - ok
17:28:31.0890 3296	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:28:31.0921 3296	BrSerWdm - ok
17:28:31.0937 3296	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:28:31.0968 3296	BrUsbMdm - ok
17:28:31.0984 3296	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:28:32.0015 3296	BrUsbSer - ok
17:28:32.0062 3296	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
17:28:32.0108 3296	BthEnum - ok
17:28:32.0140 3296	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:28:32.0171 3296	BTHMODEM - ok
17:28:32.0202 3296	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:28:32.0233 3296	BthPan - ok
17:28:32.0296 3296	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
17:28:32.0358 3296	BTHPORT - ok
17:28:32.0405 3296	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:28:32.0483 3296	bthserv - ok
17:28:32.0514 3296	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
17:28:32.0545 3296	BTHUSB - ok
17:28:32.0608 3296	BTWAMPFL        (a0dfb69ade3444c78b17636fcf28e898) C:\Windows\system32\DRIVERS\btwampfl.sys
17:28:32.0654 3296	BTWAMPFL - ok
17:28:32.0701 3296	btwaudio        (7cf028ce78696882b327ff13d2dfa534) C:\Windows\system32\drivers\btwaudio.sys
17:28:32.0717 3296	btwaudio - ok
17:28:32.0764 3296	btwavdt         (3def2370e414b4e299673558ba171a51) C:\Windows\system32\DRIVERS\btwavdt.sys
17:28:32.0779 3296	btwavdt - ok
17:28:32.0935 3296	btwdins         (ade88dfc9049b2842e7ec2f14b85fb79) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:28:32.0982 3296	btwdins - ok
17:28:32.0998 3296	btwl2cap        (346b4051b3d7ff70e8f027869b8eca6e) C:\Windows\system32\DRIVERS\btwl2cap.sys
17:28:33.0013 3296	btwl2cap - ok
17:28:33.0044 3296	btwrchid        (9937e0e4dfc0030560a6dfe9d3a94b39) C:\Windows\system32\DRIVERS\btwrchid.sys
17:28:33.0060 3296	btwrchid - ok
17:28:33.0091 3296	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:28:33.0138 3296	cdfs - ok
17:28:33.0200 3296	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:28:33.0247 3296	cdrom - ok
17:28:33.0310 3296	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:28:33.0388 3296	CertPropSvc - ok
17:28:33.0419 3296	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:28:33.0466 3296	circlass - ok
17:28:33.0528 3296	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:28:33.0575 3296	CLFS - ok
17:28:33.0622 3296	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:28:33.0637 3296	clr_optimization_v2.0.50727_32 - ok
17:28:33.0700 3296	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:28:33.0715 3296	clr_optimization_v2.0.50727_64 - ok
17:28:33.0793 3296	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:28:33.0809 3296	clr_optimization_v4.0.30319_32 - ok
17:28:33.0840 3296	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:28:33.0856 3296	clr_optimization_v4.0.30319_64 - ok
17:28:33.0887 3296	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:28:33.0902 3296	CmBatt - ok
17:28:33.0949 3296	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:28:33.0965 3296	cmdide - ok
17:28:34.0058 3296	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:28:34.0105 3296	CNG - ok
17:28:34.0121 3296	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:28:34.0136 3296	Compbatt - ok
17:28:34.0152 3296	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:28:34.0183 3296	CompositeBus - ok
17:28:34.0199 3296	COMSysApp - ok
17:28:34.0214 3296	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:28:34.0214 3296	crcdisk - ok
17:28:34.0277 3296	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
17:28:34.0324 3296	CryptSvc - ok
17:28:34.0386 3296	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:28:34.0464 3296	CSC - ok
17:28:34.0542 3296	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:28:34.0604 3296	CscService - ok
17:28:34.0651 3296	CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
17:28:34.0667 3296	CVirtA - ok
17:28:34.0807 3296	CVPND           (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
17:28:35.0088 3296	CVPND - ok
17:28:35.0197 3296	CVPNDRVA        (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
17:28:35.0260 3296	CVPNDRVA - ok
17:28:35.0338 3296	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:28:35.0416 3296	DcomLaunch - ok
17:28:35.0462 3296	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:28:35.0540 3296	defragsvc - ok
17:28:35.0806 3296	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:28:35.0868 3296	DfsC - ok
17:28:35.0915 3296	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:28:36.0008 3296	Dhcp - ok
17:28:36.0024 3296	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:28:36.0071 3296	discache - ok
17:28:36.0102 3296	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:28:36.0133 3296	Disk - ok
17:28:36.0211 3296	DNE             (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
17:28:36.0227 3296	DNE - ok
17:28:36.0289 3296	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:28:36.0336 3296	Dnscache - ok
17:28:36.0398 3296	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:28:36.0476 3296	dot3svc - ok
17:28:36.0492 3296	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:28:36.0539 3296	DPS - ok
17:28:36.0570 3296	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:28:36.0601 3296	drmkaud - ok
17:28:36.0695 3296	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:28:36.0757 3296	DXGKrnl - ok
17:28:36.0788 3296	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:28:36.0851 3296	EapHost - ok
17:28:37.0069 3296	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:28:37.0178 3296	ebdrv - ok
17:28:37.0303 3296	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:28:37.0334 3296	EFS - ok
17:28:37.0397 3296	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:28:37.0444 3296	ehRecvr - ok
17:28:37.0475 3296	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:28:37.0522 3296	ehSched - ok
17:28:37.0600 3296	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:28:37.0646 3296	elxstor - ok
17:28:37.0693 3296	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:28:37.0724 3296	ErrDev - ok
17:28:37.0771 3296	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:28:37.0834 3296	EventSystem - ok
17:28:37.0990 3296	EvtEng          (bdfcb7e8c108d042b213957d2b044e7e) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
17:28:38.0021 3296	EvtEng - ok
17:28:38.0130 3296	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:28:38.0192 3296	exfat - ok
17:28:38.0224 3296	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:28:38.0270 3296	fastfat - ok
17:28:38.0380 3296	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:28:38.0442 3296	Fax - ok
17:28:38.0458 3296	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:28:38.0473 3296	fdc - ok
17:28:38.0504 3296	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:28:38.0567 3296	fdPHost - ok
17:28:38.0582 3296	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:28:38.0629 3296	FDResPub - ok
17:28:38.0645 3296	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:28:38.0660 3296	FileInfo - ok
17:28:38.0676 3296	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:28:38.0707 3296	Filetrace - ok
17:28:38.0723 3296	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:28:38.0738 3296	flpydisk - ok
17:28:38.0801 3296	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:28:38.0832 3296	FltMgr - ok
17:28:38.0941 3296	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:28:39.0004 3296	FontCache - ok
17:28:39.0082 3296	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:28:39.0097 3296	FontCache3.0.0.0 - ok
17:28:39.0128 3296	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:28:39.0160 3296	FsDepends - ok
17:28:39.0206 3296	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:28:39.0222 3296	Fs_Rec - ok
17:28:39.0253 3296	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:28:39.0300 3296	fvevol - ok
17:28:39.0316 3296	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:28:39.0331 3296	gagp30kx - ok
17:28:39.0409 3296	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:28:39.0503 3296	gpsvc - ok
17:28:39.0503 3296	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:28:39.0581 3296	hcw85cir - ok
17:28:39.0643 3296	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:28:39.0690 3296	HdAudAddService - ok
17:28:39.0721 3296	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:28:39.0737 3296	HDAudBus - ok
17:28:39.0752 3296	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:28:39.0784 3296	HidBatt - ok
17:28:39.0799 3296	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:28:39.0815 3296	HidBth - ok
17:28:39.0846 3296	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:28:39.0877 3296	HidIr - ok
17:28:39.0908 3296	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:28:39.0971 3296	hidserv - ok
17:28:40.0002 3296	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:28:40.0018 3296	HidUsb - ok
17:28:40.0064 3296	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:28:40.0142 3296	hkmsvc - ok
17:28:40.0205 3296	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:28:40.0267 3296	HomeGroupListener - ok
17:28:40.0314 3296	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:28:40.0392 3296	HomeGroupProvider - ok
17:28:40.0423 3296	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:28:40.0439 3296	HpSAMD - ok
17:28:40.0517 3296	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:28:40.0579 3296	HTTP - ok
17:28:40.0626 3296	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:28:40.0626 3296	hwpolicy - ok
17:28:40.0766 3296	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:28:40.0782 3296	i8042prt - ok
17:28:41.0094 3296	iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
17:28:41.0110 3296	iaStor - ok
17:28:41.0219 3296	IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:28:41.0219 3296	IAStorDataMgrSvc - ok
17:28:41.0312 3296	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:28:41.0328 3296	iaStorV - ok
17:28:41.0437 3296	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:28:41.0468 3296	idsvc - ok
17:28:42.0170 3296	igfx            (9937600a1584ff00565d5379eb4c9edb) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:28:42.0514 3296	igfx - ok
17:28:42.0623 3296	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:28:42.0654 3296	iirsp - ok
17:28:42.0732 3296	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:28:42.0826 3296	IKEEXT - ok
17:28:42.0872 3296	Impcd           (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
17:28:42.0919 3296	Impcd - ok
17:28:42.0982 3296	InstallFilterService (a4a87c2f228dd2ac93dae94e103792d3) C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
17:28:43.0013 3296	InstallFilterService ( UnsignedFile.Multi.Generic ) - warning
17:28:43.0013 3296	InstallFilterService - detected UnsignedFile.Multi.Generic (1)
17:28:43.0060 3296	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:28:43.0122 3296	IntcDAud - ok
17:28:43.0169 3296	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:28:43.0184 3296	intelide - ok
17:28:43.0216 3296	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:28:43.0247 3296	intelppm - ok
17:28:43.0278 3296	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:28:43.0325 3296	IPBusEnum - ok
17:28:43.0372 3296	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:28:43.0418 3296	IpFilterDriver - ok
17:28:43.0496 3296	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:28:43.0574 3296	iphlpsvc - ok
17:28:43.0652 3296	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:28:43.0668 3296	IPMIDRV - ok
17:28:43.0730 3296	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:28:43.0793 3296	IPNAT - ok
17:28:43.0824 3296	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:28:43.0902 3296	IRENUM - ok
17:28:43.0918 3296	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:28:43.0933 3296	isapnp - ok
17:28:43.0949 3296	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:28:43.0980 3296	iScsiPrt - ok
17:28:44.0011 3296	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:28:44.0011 3296	kbdclass - ok
17:28:44.0042 3296	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:28:44.0074 3296	kbdhid - ok
17:28:44.0152 3296	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:28:44.0167 3296	KeyIso - ok
17:28:44.0183 3296	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:28:44.0214 3296	KSecDD - ok
17:28:44.0230 3296	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:28:44.0245 3296	KSecPkg - ok
17:28:44.0261 3296	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:28:44.0308 3296	ksthunk - ok
17:28:44.0354 3296	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:28:44.0432 3296	KtmRm - ok
17:28:44.0479 3296	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:28:44.0542 3296	LanmanServer - ok
17:28:44.0588 3296	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:28:44.0666 3296	LanmanWorkstation - ok
17:28:44.0713 3296	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:28:44.0776 3296	lltdio - ok
17:28:44.0822 3296	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:28:44.0916 3296	lltdsvc - ok
17:28:44.0947 3296	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:28:44.0978 3296	lmhosts - ok
17:28:45.0010 3296	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:28:45.0025 3296	LSI_FC - ok
17:28:45.0041 3296	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:28:45.0041 3296	LSI_SAS - ok
17:28:45.0072 3296	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:28:45.0088 3296	LSI_SAS2 - ok
17:28:45.0103 3296	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:28:45.0119 3296	LSI_SCSI - ok
17:28:45.0134 3296	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:28:45.0212 3296	luafv - ok
17:28:45.0275 3296	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
17:28:45.0337 3296	MBAMProtector - ok
17:28:45.0462 3296	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:28:45.0509 3296	MBAMService - ok
17:28:45.0556 3296	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:28:45.0602 3296	Mcx2Svc - ok
17:28:45.0618 3296	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:28:45.0634 3296	megasas - ok
17:28:45.0665 3296	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:28:45.0696 3296	MegaSR - ok
17:28:45.0727 3296	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:28:45.0790 3296	MMCSS - ok
17:28:45.0821 3296	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:28:45.0852 3296	Modem - ok
17:28:45.0883 3296	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:28:45.0899 3296	monitor - ok
17:28:45.0961 3296	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:28:45.0977 3296	mouclass - ok
17:28:46.0008 3296	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:28:46.0024 3296	mouhid - ok
17:28:46.0070 3296	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:28:46.0086 3296	mountmgr - ok
17:28:46.0180 3296	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:28:46.0195 3296	MozillaMaintenance - ok
17:28:46.0242 3296	MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
17:28:46.0273 3296	MpFilter - ok
17:28:46.0304 3296	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:28:46.0336 3296	mpio - ok
17:28:46.0351 3296	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:28:46.0382 3296	mpsdrv - ok
17:28:46.0460 3296	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:28:46.0554 3296	MpsSvc - ok
17:28:46.0616 3296	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:28:46.0648 3296	MRxDAV - ok
17:28:46.0694 3296	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:28:46.0741 3296	mrxsmb - ok
17:28:46.0804 3296	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:28:46.0850 3296	mrxsmb10 - ok
17:28:46.0866 3296	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:28:46.0882 3296	mrxsmb20 - ok
17:28:46.0928 3296	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:28:46.0944 3296	msahci - ok
17:28:46.0975 3296	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:28:46.0991 3296	msdsm - ok
17:28:47.0022 3296	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:28:47.0038 3296	MSDTC - ok
17:28:47.0084 3296	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:28:47.0131 3296	Msfs - ok
17:28:47.0147 3296	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:28:47.0178 3296	mshidkmdf - ok
17:28:47.0178 3296	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:28:47.0194 3296	msisadrv - ok
17:28:47.0240 3296	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:28:47.0287 3296	MSiSCSI - ok
17:28:47.0287 3296	msiserver - ok
17:28:47.0318 3296	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:28:47.0365 3296	MSKSSRV - ok
17:28:47.0459 3296	MsMpSvc         (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:28:47.0474 3296	MsMpSvc - ok
17:28:47.0490 3296	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:28:47.0552 3296	MSPCLOCK - ok
17:28:47.0584 3296	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:28:47.0615 3296	MSPQM - ok
17:28:47.0677 3296	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:28:47.0708 3296	MsRPC - ok
17:28:47.0771 3296	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:28:47.0786 3296	mssmbios - ok
17:28:47.0802 3296	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:28:47.0849 3296	MSTEE - ok
17:28:47.0864 3296	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:28:47.0880 3296	MTConfig - ok
17:28:47.0896 3296	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:28:47.0911 3296	Mup - ok
17:28:47.0974 3296	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:28:48.0052 3296	napagent - ok
17:28:48.0083 3296	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:28:48.0145 3296	NativeWifiP - ok
17:28:48.0223 3296	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:28:48.0286 3296	NDIS - ok
17:28:48.0301 3296	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:28:48.0332 3296	NdisCap - ok
17:28:48.0348 3296	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:28:48.0395 3296	NdisTapi - ok
17:28:48.0426 3296	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:28:48.0473 3296	Ndisuio - ok
17:28:48.0520 3296	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:28:48.0582 3296	NdisWan - ok
17:28:48.0629 3296	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:28:48.0707 3296	NDProxy - ok
17:28:48.0722 3296	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:28:48.0785 3296	NetBIOS - ok
17:28:48.0847 3296	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:28:48.0925 3296	NetBT - ok
17:28:48.0956 3296	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:28:48.0988 3296	Netlogon - ok
17:28:49.0019 3296	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:28:49.0097 3296	Netman - ok
17:28:49.0144 3296	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:28:49.0222 3296	netprofm - ok
17:28:49.0300 3296	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:28:49.0315 3296	NetTcpPortSharing - ok
17:28:49.0768 3296	NETwNs64        (eb43840babf5589e33186d094de7381d) C:\Windows\system32\DRIVERS\NETwNs64.sys
17:28:49.0986 3296	NETwNs64 - ok
17:28:50.0095 3296	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:28:50.0111 3296	nfrd960 - ok
17:28:50.0189 3296	NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:28:50.0204 3296	NisDrv - ok
17:28:50.0298 3296	NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
17:28:50.0345 3296	NisSrv - ok
17:28:50.0407 3296	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:28:50.0470 3296	NlaSvc - ok
17:28:50.0501 3296	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:28:50.0532 3296	Npfs - ok
17:28:50.0563 3296	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:28:50.0594 3296	nsi - ok
17:28:50.0610 3296	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:28:50.0657 3296	nsiproxy - ok
17:28:50.0782 3296	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:28:50.0875 3296	Ntfs - ok
17:28:50.0984 3296	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:28:51.0047 3296	Null - ok
17:28:51.0125 3296	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:28:51.0140 3296	nvraid - ok
17:28:51.0172 3296	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:28:51.0187 3296	nvstor - ok
17:28:51.0203 3296	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:28:51.0234 3296	nv_agp - ok
17:28:51.0250 3296	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:28:51.0281 3296	ohci1394 - ok
17:28:51.0359 3296	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:28:51.0374 3296	ose - ok
17:28:51.0421 3296	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:28:51.0484 3296	p2pimsvc - ok
17:28:51.0530 3296	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:28:51.0562 3296	p2psvc - ok
17:28:51.0593 3296	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:28:51.0624 3296	Parport - ok
17:28:51.0655 3296	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:28:51.0671 3296	partmgr - ok
17:28:51.0702 3296	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:28:51.0749 3296	PcaSvc - ok
17:28:51.0796 3296	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:28:51.0827 3296	pci - ok
17:28:51.0842 3296	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:28:51.0858 3296	pciide - ok
17:28:51.0889 3296	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:28:51.0920 3296	pcmcia - ok
17:28:51.0936 3296	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:28:51.0952 3296	pcw - ok
17:28:51.0998 3296	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:28:52.0092 3296	PEAUTH - ok
17:28:52.0186 3296	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:28:52.0264 3296	PeerDistSvc - ok
17:28:52.0326 3296	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:28:52.0357 3296	PerfHost - ok
17:28:52.0544 3296	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:28:52.0654 3296	pla - ok
17:28:52.0716 3296	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:28:52.0763 3296	PlugPlay - ok
17:28:52.0794 3296	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:28:52.0825 3296	PNRPAutoReg - ok
17:28:52.0872 3296	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:28:52.0903 3296	PNRPsvc - ok
17:28:52.0934 3296	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:28:52.0997 3296	PolicyAgent - ok
17:28:53.0028 3296	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:28:53.0090 3296	Power - ok
17:28:53.0153 3296	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:28:53.0215 3296	PptpMiniport - ok
17:28:53.0246 3296	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:28:53.0278 3296	Processor - ok
17:28:53.0324 3296	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
17:28:53.0371 3296	ProfSvc - ok
17:28:53.0402 3296	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:28:53.0434 3296	ProtectedStorage - ok
17:28:53.0480 3296	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:28:53.0558 3296	Psched - ok
17:28:53.0636 3296	PSI_SVC_2       (0b6dea0a1662cab8f2bf339dc0752ef4) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
17:28:53.0714 3296	PSI_SVC_2 - ok
17:28:53.0824 3296	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:28:53.0902 3296	ql2300 - ok
17:28:54.0011 3296	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:28:54.0042 3296	ql40xx - ok
17:28:54.0073 3296	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:28:54.0136 3296	QWAVE - ok
17:28:54.0151 3296	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:28:54.0167 3296	QWAVEdrv - ok
17:28:54.0182 3296	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:28:54.0229 3296	RasAcd - ok
17:28:54.0276 3296	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:28:54.0338 3296	RasAgileVpn - ok
17:28:54.0370 3296	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:28:54.0401 3296	RasAuto - ok
17:28:54.0432 3296	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:28:54.0479 3296	Rasl2tp - ok
17:28:54.0510 3296	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:28:54.0588 3296	RasMan - ok
17:28:54.0604 3296	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:28:54.0650 3296	RasPppoe - ok
17:28:54.0666 3296	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:28:54.0697 3296	RasSstp - ok
17:28:54.0791 3296	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:28:54.0853 3296	rdbss - ok
17:28:54.0884 3296	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:28:54.0900 3296	rdpbus - ok
17:28:54.0916 3296	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:28:54.0978 3296	RDPCDD - ok
17:28:55.0025 3296	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:28:55.0072 3296	RDPDR - ok
17:28:55.0103 3296	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:28:55.0165 3296	RDPENCDD - ok
17:28:55.0181 3296	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:28:55.0212 3296	RDPREFMP - ok
17:28:55.0259 3296	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
17:28:55.0306 3296	RDPWD - ok
17:28:55.0368 3296	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:28:55.0399 3296	rdyboost - ok
17:28:55.0508 3296	RegSrvc         (a6baea839cc888d4961ab5fe16bb8c4a) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
17:28:55.0540 3296	RegSrvc - ok
17:28:55.0571 3296	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:28:55.0633 3296	RemoteAccess - ok
17:28:55.0664 3296	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:28:55.0696 3296	RemoteRegistry - ok
17:28:55.0774 3296	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:28:55.0820 3296	RFCOMM - ok
17:28:55.0836 3296	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:28:55.0914 3296	RpcEptMapper - ok
17:28:55.0930 3296	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:28:55.0976 3296	RpcLocator - ok
17:28:56.0242 3296	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:28:56.0288 3296	RpcSs - ok
17:28:56.0320 3296	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:28:56.0382 3296	rspndr - ok
17:28:56.0413 3296	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:28:56.0460 3296	s3cap - ok
17:28:56.0507 3296	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:28:56.0522 3296	SamSs - ok
17:28:56.0554 3296	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:28:56.0569 3296	sbp2port - ok
17:28:56.0600 3296	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:28:56.0678 3296	SCardSvr - ok
17:28:56.0725 3296	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:28:56.0772 3296	scfilter - ok
17:28:56.0866 3296	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:28:56.0928 3296	Schedule - ok
17:28:56.0975 3296	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:28:57.0022 3296	SCPolicySvc - ok
17:28:57.0053 3296	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
17:28:57.0068 3296	sdbus - ok
17:28:57.0115 3296	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:28:57.0178 3296	SDRSVC - ok
17:28:57.0209 3296	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:28:57.0256 3296	secdrv - ok
17:28:57.0287 3296	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:28:57.0365 3296	seclogon - ok
17:28:57.0396 3296	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:28:57.0443 3296	SENS - ok
17:28:57.0443 3296	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:28:57.0474 3296	SensrSvc - ok
17:28:57.0490 3296	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:28:57.0505 3296	Serenum - ok
17:28:57.0552 3296	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:28:57.0599 3296	Serial - ok
17:28:57.0677 3296	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:28:57.0692 3296	sermouse - ok
17:28:57.0770 3296	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:28:57.0833 3296	SessionEnv - ok
17:28:57.0848 3296	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:28:57.0880 3296	sffdisk - ok
17:28:57.0895 3296	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:28:57.0926 3296	sffp_mmc - ok
17:28:57.0926 3296	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:28:57.0973 3296	sffp_sd - ok
17:28:57.0973 3296	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:28:58.0004 3296	sfloppy - ok
17:28:58.0067 3296	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:28:58.0129 3296	SharedAccess - ok
17:28:58.0192 3296	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:28:58.0270 3296	ShellHWDetection - ok
17:28:58.0301 3296	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:28:58.0316 3296	SiSRaid2 - ok
17:28:58.0332 3296	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:28:58.0348 3296	SiSRaid4 - ok
17:28:58.0379 3296	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:28:58.0457 3296	Smb - ok
17:28:58.0504 3296	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:28:58.0535 3296	SNMPTRAP - ok
17:28:58.0550 3296	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:28:58.0582 3296	spldr - ok
17:28:58.0613 3296	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:28:58.0691 3296	Spooler - ok
17:28:58.0909 3296	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:28:59.0050 3296	sppsvc - ok
17:28:59.0143 3296	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:28:59.0221 3296	sppuinotify - ok
17:28:59.0315 3296	sptd            (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
17:28:59.0377 3296	sptd - ok
17:28:59.0440 3296	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:28:59.0486 3296	srv - ok
17:28:59.0518 3296	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:28:59.0564 3296	srv2 - ok
17:28:59.0596 3296	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:28:59.0627 3296	srvnet - ok
17:28:59.0642 3296	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:28:59.0736 3296	SSDPSRV - ok
17:28:59.0752 3296	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:28:59.0783 3296	SstpSvc - ok
17:28:59.0845 3296	STacSV          (b00068ba94f5f306911b14b425aaeb56) C:\Program Files\IDT\WDM\STacSV64.exe
17:28:59.0876 3296	STacSV - ok
17:28:59.0908 3296	stdflt          (c568fdb21ce77a44fd166f28f104ac46) C:\Windows\system32\DRIVERS\stdfltn.sys
17:28:59.0908 3296	stdflt - ok
17:28:59.0939 3296	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:28:59.0954 3296	stexstor - ok
17:29:00.0017 3296	STHDA           (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys
17:29:00.0064 3296	STHDA - ok
17:29:00.0157 3296	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:29:00.0220 3296	stisvc - ok
17:29:00.0266 3296	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:29:00.0282 3296	storflt - ok
17:29:00.0298 3296	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
17:29:00.0344 3296	StorSvc - ok
17:29:00.0360 3296	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:29:00.0376 3296	storvsc - ok
17:29:00.0391 3296	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:29:00.0407 3296	swenum - ok
17:29:00.0454 3296	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:29:00.0547 3296	swprv - ok
17:29:00.0672 3296	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:29:00.0766 3296	SysMain - ok
17:29:00.0875 3296	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:29:00.0906 3296	TabletInputService - ok
17:29:00.0953 3296	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:29:01.0031 3296	TapiSrv - ok
17:29:01.0046 3296	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:29:01.0078 3296	TBS - ok
17:29:01.0218 3296	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:29:01.0312 3296	Tcpip - ok
17:29:01.0468 3296	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:29:01.0514 3296	TCPIP6 - ok
17:29:01.0608 3296	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:29:01.0670 3296	tcpipreg - ok
17:29:01.0702 3296	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:29:01.0733 3296	TDPIPE - ok
17:29:01.0764 3296	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:29:01.0795 3296	TDTCP - ok
17:29:01.0842 3296	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:29:01.0904 3296	tdx - ok
17:29:01.0951 3296	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:29:01.0967 3296	TermDD - ok
17:29:02.0029 3296	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:29:02.0107 3296	TermService - ok
17:29:02.0138 3296	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:29:02.0170 3296	Themes - ok
17:29:02.0185 3296	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:29:02.0216 3296	THREADORDER - ok
17:29:02.0248 3296	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:29:02.0279 3296	TrkWks - ok
17:29:02.0341 3296	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:29:02.0404 3296	TrustedInstaller - ok
17:29:02.0435 3296	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:29:02.0466 3296	tssecsrv - ok
17:29:02.0528 3296	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:29:02.0560 3296	TsUsbFlt - ok
17:29:02.0622 3296	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:29:02.0684 3296	tunnel - ok
17:29:02.0716 3296	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:29:02.0731 3296	uagp35 - ok
17:29:02.0778 3296	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:29:02.0856 3296	udfs - ok
17:29:02.0887 3296	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:29:02.0918 3296	UI0Detect - ok
17:29:02.0965 3296	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:29:02.0996 3296	uliagpkx - ok
17:29:03.0012 3296	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:29:03.0043 3296	umbus - ok
17:29:03.0059 3296	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:29:03.0074 3296	UmPass - ok
17:29:03.0137 3296	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:29:03.0184 3296	UmRdpService - ok
17:29:03.0215 3296	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:29:03.0308 3296	upnphost - ok
17:29:03.0355 3296	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:29:03.0386 3296	usbccgp - ok
17:29:03.0418 3296	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:29:03.0449 3296	usbcir - ok
17:29:03.0464 3296	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:29:03.0480 3296	usbehci - ok
17:29:03.0527 3296	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:29:03.0574 3296	usbhub - ok
17:29:03.0605 3296	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:29:03.0620 3296	usbohci - ok
17:29:03.0667 3296	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:29:03.0698 3296	usbprint - ok
17:29:03.0730 3296	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:29:03.0745 3296	usbscan - ok
17:29:03.0776 3296	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:29:03.0808 3296	USBSTOR - ok
17:29:03.0808 3296	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:29:03.0839 3296	usbuhci - ok
17:29:03.0870 3296	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
17:29:03.0917 3296	usbvideo - ok
17:29:03.0948 3296	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:29:03.0995 3296	UxSms - ok
17:29:04.0042 3296	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:29:04.0042 3296	VaultSvc - ok
17:29:04.0073 3296	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:29:04.0088 3296	vdrvroot - ok
17:29:04.0135 3296	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:29:04.0229 3296	vds - ok
17:29:04.0276 3296	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:29:04.0291 3296	vga - ok
17:29:04.0307 3296	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:29:04.0354 3296	VgaSave - ok
17:29:04.0385 3296	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:29:04.0416 3296	vhdmp - ok
17:29:04.0432 3296	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:29:04.0432 3296	viaide - ok
17:29:04.0463 3296	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:29:04.0494 3296	vmbus - ok
17:29:04.0510 3296	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:29:04.0541 3296	VMBusHID - ok
17:29:04.0572 3296	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:29:04.0572 3296	volmgr - ok
17:29:04.0634 3296	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:29:04.0681 3296	volmgrx - ok
17:29:04.0712 3296	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:29:04.0744 3296	volsnap - ok
17:29:04.0790 3296	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:29:04.0806 3296	vsmraid - ok
17:29:04.0931 3296	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:29:05.0040 3296	VSS - ok
17:29:05.0180 3296	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:29:05.0212 3296	vwifibus - ok
17:29:05.0258 3296	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:29:05.0305 3296	vwififlt - ok
17:29:05.0336 3296	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:29:05.0368 3296	vwifimp - ok
17:29:05.0430 3296	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:29:05.0492 3296	W32Time - ok
17:29:05.0508 3296	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:29:05.0524 3296	WacomPen - ok
17:29:05.0586 3296	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:29:05.0648 3296	WANARP - ok
17:29:05.0648 3296	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:29:05.0680 3296	Wanarpv6 - ok
17:29:05.0789 3296	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:29:05.0867 3296	wbengine - ok
17:29:05.0976 3296	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:29:06.0023 3296	WbioSrvc - ok
17:29:06.0054 3296	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:29:06.0116 3296	wcncsvc - ok
17:29:06.0148 3296	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:29:06.0163 3296	WcsPlugInService - ok
17:29:06.0210 3296	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:29:06.0226 3296	Wd - ok
17:29:06.0288 3296	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:29:06.0335 3296	Wdf01000 - ok
17:29:06.0350 3296	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:29:06.0444 3296	WdiServiceHost - ok
17:29:06.0460 3296	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:29:06.0475 3296	WdiSystemHost - ok
17:29:06.0522 3296	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:29:06.0569 3296	WebClient - ok
17:29:06.0600 3296	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:29:06.0662 3296	Wecsvc - ok
17:29:06.0678 3296	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:29:06.0725 3296	wercplsupport - ok
17:29:06.0740 3296	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:29:06.0787 3296	WerSvc - ok
17:29:06.0834 3296	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:29:06.0881 3296	WfpLwf - ok
17:29:06.0896 3296	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:29:06.0912 3296	WIMMount - ok
17:29:06.0943 3296	WinDefend - ok
17:29:06.0943 3296	WinHttpAutoProxySvc - ok
17:29:07.0006 3296	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:29:07.0068 3296	Winmgmt - ok
17:29:07.0208 3296	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:29:07.0318 3296	WinRM - ok
17:29:07.0458 3296	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:29:07.0536 3296	Wlansvc - ok
17:29:07.0630 3296	WMCoreService - ok
17:29:07.0692 3296	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:29:07.0723 3296	WmiAcpi - ok
17:29:07.0801 3296	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:29:07.0848 3296	wmiApSrv - ok
17:29:07.0864 3296	WMPNetworkSvc - ok
17:29:07.0879 3296	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:29:07.0910 3296	WPCSvc - ok
17:29:07.0942 3296	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:29:08.0004 3296	WPDBusEnum - ok
17:29:08.0020 3296	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:29:08.0082 3296	ws2ifsl - ok
17:29:08.0098 3296	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
17:29:08.0129 3296	wscsvc - ok
17:29:08.0129 3296	WSearch - ok
17:29:08.0285 3296	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:29:08.0378 3296	wuauserv - ok
17:29:08.0519 3296	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:29:08.0581 3296	WudfPf - ok
17:29:08.0612 3296	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:29:08.0675 3296	WUDFRd - ok
17:29:08.0722 3296	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:29:08.0753 3296	wudfsvc - ok
17:29:08.0784 3296	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:29:08.0831 3296	WwanSvc - ok
17:29:08.0893 3296	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:29:09.0268 3296	\Device\Harddisk0\DR0 - ok
17:29:09.0268 3296	Boot (0x1200)   (ec4ad7cbe76347912db90620b58a2c5d) \Device\Harddisk0\DR0\Partition0
17:29:09.0268 3296	\Device\Harddisk0\DR0\Partition0 - ok
17:29:09.0299 3296	Boot (0x1200)   (51e9c250715d25a60c46509641b0c802) \Device\Harddisk0\DR0\Partition1
17:29:09.0299 3296	\Device\Harddisk0\DR0\Partition1 - ok
17:29:09.0299 3296	============================================================
17:29:09.0299 3296	Scan finished
17:29:09.0299 3296	============================================================
17:29:09.0314 3172	Detected object count: 2
17:29:09.0314 3172	Actual detected object count: 2
17:29:22.0684 3172	BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - skipped by user
17:29:22.0684 3172	BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:29:22.0684 3172	InstallFilterService ( UnsignedFile.Multi.Generic ) - skipped by user
17:29:22.0684 3172	InstallFilterService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Antwort

Themen zu Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.
.dll, 7-zip, administrator, alternate, autostart, avg, avira, dateien, dateisystem, desktop, explorer, festplatte, firefox 13.0.1, free, gelöscht, heuristiks/extra, heuristiks/shuriken, install.exe, langs, löschen, malwarebytes, microsoft, msiinstaller, namen, neue, nt.dll, programm, recycle.bin, registry, required, richtlinie, rundll, rundll32.exe, scan, searchscopes, software, spyware.onlinegames, suche, trojaner, verweise, visual studio, warnung



Ähnliche Themen: Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.


  1. Avira findet seit heute 14 versteckte Dateien; weiters Probleme mit Ruhezustand
    Plagegeister aller Art und deren Bekämpfung - 18.12.2014 (3)
  2. avira findet versteckte objekte, bei neustart und erneutem scan gehen diese nicht weg
    Log-Analyse und Auswertung - 30.06.2014 (6)
  3. Avira findet immer wieder HTML/Crypted.Gen
    Plagegeister aller Art und deren Bekämpfung - 19.05.2014 (3)
  4. Win7 (x64): Avira findet TR/Rogue.1022.51, danach massig Adware und weitere Trojaner
    Log-Analyse und Auswertung - 17.04.2014 (7)
  5. Win 7 32 Bit - Avira findet immer wieder diesen Virus "HTML/Malicious.Flash.Gen"
    Log-Analyse und Auswertung - 05.10.2013 (12)
  6. Avira findet immer wieder neue Viren wie z.B. TR/Spy.ZBot.prgn und weitere
    Log-Analyse und Auswertung - 29.09.2013 (4)
  7. Trojaner BDS/ZeroAccess.Gen in Datei C:\Recycle.Bin\... von Avira Antivir erkannt und kommt immer wieder
    Log-Analyse und Auswertung - 01.06.2013 (21)
  8. PC2: Avira meldet versteckte Datei und Speichererweiterung
    Log-Analyse und Auswertung - 12.05.2013 (5)
  9. Avira meldet versteckte Datei und Speichererweiterung
    Log-Analyse und Auswertung - 07.05.2013 (5)
  10. Antivir findet und entfernt TR/Rogue.955006, bin ich wieder sicher?
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (6)
  11. Avira findet Malware "TR/ATRAPS.Gen", kann nicht gelöscht werden, kommt immer wieder?
    Plagegeister aller Art und deren Bekämpfung - 28.06.2012 (3)
  12. Avira findet TR/ATRAPS.gen kann die Datei aber nicht löschen. Wie bekomme ich die Datei vom System?
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (1)
  13. Avira findet Virus: TR/Rogue.kdv.636603/Quarantäne oder Löschen?
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)
  14. Avira findet 657 versteckte Objekte
    Log-Analyse und Auswertung - 02.08.2010 (0)
  15. Avira Antivir findet 32 versteckte Objekte und verlangt Rescue CD (?)
    Antiviren-, Firewall- und andere Schutzprogramme - 10.04.2010 (1)
  16. Avira findet 20 versteckte Objekte! Steckt dahinter ein Rootkit?
    Mülltonne - 06.04.2010 (1)
  17. Avira findet 466 versteckte Dateien, Viren???
    Plagegeister aller Art und deren Bekämpfung - 08.03.2008 (4)

Zum Thema Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv. - Hallo, Avira findet immer wieder 1 bis 2 versteckte Objekte wie folgt: Versteckter Treiber [HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte. zudem findet Avira - Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv....
Archiv
Du betrachtest: Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.