Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Security shield - Logs von Malwarebytes

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.06.2012, 19:25   #1
ralphholger
 
Security shield - Logs von Malwarebytes - Standard

Security shield - Logs von Malwarebytes



Ich hatte Fenster von diesem security shield auf meinem Rechner.
Was ich gemacht habe, ist "rkill.com" laufen zu lassen (hatte ich hier gelesen) und dann mit Malwarebytes zu prüfen. Einmal voll, einmal Quick und einmal im abgesicherten Modus. Die entsprechenden Logs finden sich anbei.

Alle Symptome von security shield sind verschwunden.
Was kann/muss ich noch tun?

Ich habe über die reine Anwendung hinaus leider keine große Ahnung.

Herzlichen Dank.

Ralph

Alt 29.06.2012, 15:09   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security shield - Logs von Malwarebytes - Standard

Security shield - Logs von Malwarebytes



Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
ATTFilter
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
         
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
ATTFilter
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
         
Poste nun den Inhalt der log.txt.
__________________

__________________

Alt 01.07.2012, 20:41   #3
ralphholger
 
Security shield - Logs von Malwarebytes - Standard

Security shield - Logs von Malwarebytes



Anbei...Danke und Grüße, Ralph

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ed9c22e262aa25438d745e6b82028df2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-01 06:52:53
# local_time=2012-07-01 08:52:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 22027847 22027847 0 0
# compatibility_mode=4096 16777215 100 0 39826339 39826339 0 0
# compatibility_mode=5893 16776574 100 94 35876864 92780885 0 0
# compatibility_mode=8192 67108863 100 0 76 76 0 0
# scanned=231964
# found=6
# cleaned=0
# scan_time=17738
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\...\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\513a7591-3df31646 a variant of Java/Exploit.CVE-2012-0507.CD trojan (unable to clean) 00000000000000000000000000000000 I
__________________

Alt 02.07.2012, 11:09   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security shield - Logs von Malwarebytes - Standard

Security shield - Logs von Malwarebytes



Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.07.2012, 13:26   #5
ralphholger
 
Security shield - Logs von Malwarebytes - Standard

Security shield - Logs von Malwarebytes



1.
Funktioniert ganz normal
2.
Alles vorhanden. Zwei leere Ordner waren da, aber das waren Programme, die ich mit Sicherheit selbst deinstalliert hatte. Offensichtlich war nur der Ordner nicht entfernt worden.

Übrigens hatte ich nie sichtbare Einschränkungen. Zum Beispiel funktionierte auch mein Webzugang immer. Die Security Shield-Meldungen waren irgendwann auf dem Bildschirm, ein kleines Symbol in der Taskleiste. Irgendwann wars wieder weg. Aber es war nie irgend etwas blockiert.


Alt 02.07.2012, 14:15   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security shield - Logs von Malwarebytes - Standard

Security shield - Logs von Malwarebytes



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> Security shield - Logs von Malwarebytes

Alt 02.07.2012, 15:56   #7
ralphholger
 
Security shield - Logs von Malwarebytes - Standard

Security shield - Logs von Malwarebytes



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.07.2012 16:22:08 - Run 2
OTL by OldTimer - Version 3.2.53.1     Folder = C:\Users\***\Desktop\security
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 75,58% Memory free
11,98 Gb Paging File | 10,16 Gb Available in Paging File | 84,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,76 Gb Total Space | 703,94 Gb Free Space | 76,79% Space Free | Partition Type: NTFS
 
Computer Name: ARBEITSZIMMER | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\security\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:64bit: - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1131466703-3347830685-1441675820-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110819&tt=290412_3_ctrl&babsrc=HP_ss&mntrId=8cec732b0000000000000022683b0975
IE - HKU\S-1-5-21-1131466703-3347830685-1441675820-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1131466703-3347830685-1441675820-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1131466703-3347830685-1441675820-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 EF 03 F5 90 54 CA 01  [binary data]
IE - HKU\S-1-5-21-1131466703-3347830685-1441675820-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1131466703-3347830685-1441675820-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1131466703-3347830685-1441675820-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=290412_3_ctrl&babsrc=SP_ss&mntrId=8cec732b0000000000000022683b0975
IE - HKU\S-1-5-21-1131466703-3347830685-1441675820-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1131466703-3347830685-1441675820-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "file:///C:/Users/*****/Documents/5_Schule/3000%20Unterricht%20RK%20Schule/Website/Unterrichtsmaterial_neu_2.htm|about:addons"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.3.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110819&tt=290412_3_ctrl&babsrc=KW_ss&mntrId=8cec732b0000000000000022683b0975&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\***\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.20 09:10:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.01 15:41:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.20 09:10:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.01 15:41:19 | 000,000,000 | ---D | M]
 
[2010.02.23 19:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.02.23 19:14:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2009.12.12 14:09:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2012.06.20 09:12:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ehzit7aa.default\extensions
[2012.03.20 08:30:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.04.22 16:28:39 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2012.06.20 09:10:14 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.11 18:04:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.20 09:10:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.07 14:08:39 | 000,002,356 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.06.20 09:10:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.20 09:10:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.20 09:10:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.20 09:10:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.20 09:10:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.25 16:41:10 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1131466703-3347830685-1441675820-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1131466703-3347830685-1441675820-1001..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKU\S-1-5-21-1131466703-3347830685-1441675820-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1131466703-3347830685-1441675820-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1131466703-3347830685-1441675820-1001..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1131466703-3347830685-1441675820-1001\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-1131466703-3347830685-1441675820-1001\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACCF6450-8FDA-4AD5-A494-4D2B6C35FC84}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.01 15:55:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.25 20:15:28 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\security
[2012.06.25 14:17:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.06.25 14:17:51 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.25 14:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.25 14:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.25 14:17:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.19 14:59:25 | 004,518,720 | ---- | C] (FileZilla Project) -- C:\Users\***\Desktop\FileZilla_3.5.3_win32-setup.exe
[13 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.02 15:59:05 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.02 14:12:09 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.02 14:12:09 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.02 14:09:00 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.02 14:09:00 | 000,658,988 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.02 14:09:00 | 000,620,174 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.02 14:09:00 | 000,132,558 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.02 14:09:00 | 000,108,356 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.02 14:04:48 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.02 14:04:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.02 14:04:39 | 529,928,191 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.25 14:17:51 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.25 09:33:28 | 001,846,422 | ---- | M] () -- C:\Users\***\Desktop\Look.dav
[2012.06.23 15:00:06 | 000,002,004 | ---- | M] () -- C:\Users\***\Desktop\FileZilla Client.lnk
[2012.06.19 15:00:11 | 004,518,720 | ---- | M] (FileZilla Project) -- C:\Users\***\Desktop\FileZilla_3.5.3_win32-setup.exe
[2012.06.15 13:03:30 | 000,434,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[13 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.25 14:17:51 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.23 15:00:06 | 000,002,004 | ---- | C] () -- C:\Users\***\Desktop\FileZilla Client.lnk
[2012.06.20 07:02:59 | 001,846,422 | ---- | C] () -- C:\Users\***\Desktop\Look.dav
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.10.27 09:32:34 | 000,022,046 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.10.04 21:19:04 | 000,000,275 | ---- | C] () -- C:\Users\***\AppData\Local\HamsterVideoConverterSettings.cfg
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.06.07 12:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.06.07 12:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.06.07 12:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.06.07 12:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
 
========== LOP Check ==========
 
[2009.10.26 10:10:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2009.10.25 10:26:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2012.05.07 14:08:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2010.10.05 12:25:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2010.01.29 19:05:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Facebook
[2012.06.25 15:11:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.10.04 17:40:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeCommander
[2012.01.13 15:46:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IPACS
[2011.08.14 12:00:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Keseling
[2010.02.18 19:09:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2010.07.31 11:17:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MindVisualizer
[2009.12.24 20:23:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.09.29 15:19:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011.12.10 22:12:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2011.04.13 18:07:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.12.16 15:55:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2010.02.23 19:14:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2012.02.25 11:14:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinFF
[2009.12.13 10:47:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zimbra
[2011.03.23 19:31:03 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.06.29 09:50:23 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.08 11:40:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2009.10.26 10:10:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.04.28 20:54:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2009.10.25 10:26:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2011.09.04 14:41:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI
[2011.10.20 17:06:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2012.05.07 14:08:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Babylon
[2010.10.05 12:25:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2012.07.02 15:11:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2010.01.29 19:05:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Facebook
[2012.06.25 15:11:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.10.04 17:40:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeCommander
[2009.12.04 14:16:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hewlett-Packard
[2009.12.02 23:14:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HpUpdate
[2009.10.24 11:50:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2012.01.13 15:46:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield Installation Information
[2012.01.13 15:46:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IPACS
[2011.08.14 12:00:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Keseling
[2009.10.25 08:29:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2010.02.18 19:09:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.06.25 14:17:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.12.10 22:17:54 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2010.07.31 11:17:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MindVisualizer
[2009.10.24 14:36:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2009.12.24 20:23:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.09.29 15:19:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2011.12.10 22:12:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2011.08.06 10:53:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2011.08.04 16:58:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2011.04.13 18:07:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.12.16 15:55:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2010.02.23 19:14:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2012.07.02 16:09:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2012.02.25 11:14:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinFF
[2009.10.31 15:46:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
[2009.12.12 14:09:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yahoo!
[2009.12.12 14:09:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Yahoo! Inc
[2009.12.13 10:47:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zimbra
 
< %APPDATA%\*.exe /s >
[2010.01.29 19:05:08 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\***\AppData\Roaming\Facebook\uninstall.exe
[2010.10.20 17:20:18 | 000,802,816 | ---- | M] (Acresso Software Inc.                                        ) -- C:\Users\***\AppData\Roaming\InstallShield Installation Information\{09696666-CB70-4056-A504-D916D92933E2}\setup.exe
[2010.10.19 10:40:30 | 002,423,296 | ---- | M] (IPACS) -- C:\Users\***\AppData\Roaming\IPACS\easyFly 4 Starter Edition\easyfly4.exe
[2010.08.04 18:47:24 | 000,332,800 | ---- | M] (IPACS (hxxp://www.ipacs.de)) -- C:\Users\***\AppData\Roaming\IPACS\easyFly 4 Starter Edition\flyrun.exe
[2010.02.05 17:51:32 | 000,007,358 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}\_24c89c8.exe
[2010.02.05 17:51:32 | 000,007,358 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{5C79D312-F68F-4B04-8A4F-E28A0AE1ECBB}\_39fe3610.exe
[2011.06.28 07:32:22 | 081,122,288 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
[2011.12.08 03:33:38 | 000,392,080 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2011.12.08 03:33:38 | 000,392,080 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
--- --- ---
[/code]

Alt 03.07.2012, 10:23   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security shield - Logs von Malwarebytes - Standard

Security shield - Logs von Malwarebytes



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-1131466703-3347830685-1441675820-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=290412_3_ctrl&babsrc=SP_ss&mntrId=8cec732b0000000000000022683b0975
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=110819&tt=290412_3_ctrl&babsrc=KW_ss&mntrId=8cec732b0000000000000022683b0975&q="
[2012.05.07 14:08:39 | 000,002,356 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
:Files
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Users\***\AppData\Roaming\Babylon
C:\Program Files (x86)\BabylonToolbar
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.07.2012, 13:59   #9
ralphholger
 
Security shield - Logs von Malwarebytes - Standard

Security shield - Logs von Malwarebytes



Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1131466703-3347830685-1441675820-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "hxxp://search.babylon.com/?affID=110819&tt=290412_3_ctrl&babsrc=KW_ss&mntrId=8cec732b0000000000000022683b0975&q=" removed from keyword.URL
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== FILES ==========
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\759e98ee-7e1ebc5c-n folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\14e5d595-53f32044-n folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
C:\Users\****\AppData\Roaming\Babylon folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17 folder moved successfully.
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Program Files (x86)\BabylonToolbar folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ****
->Temp folder emptied: 1045182 bytes
->Temporary Internet Files folder emptied: 338745 bytes
->FireFox cache emptied: 73113787 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1238 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 6616064 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 2522792977 bytes
 
Total Files Cleaned = 2.483,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: ****
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07032012_145415

Files\Folders moved on Reboot...
C:\Users\****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\****\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
         

Alt 03.07.2012, 15:05   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security shield - Logs von Malwarebytes - Standard

Security shield - Logs von Malwarebytes



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.07.2012, 15:47   #11
ralphholger
 
Security shield - Logs von Malwarebytes - Standard

Security shield - Logs von Malwarebytes



Code:
ATTFilter
16:42:45.0345 3620	TDSS rootkit removing tool 2.7.44.0 Jul  2 2012 20:01:08
16:42:45.0410 3620	============================================================
16:42:45.0410 3620	Current date / time: 2012/07/03 16:42:45.0410
16:42:45.0410 3620	SystemInfo:
16:42:45.0410 3620	
16:42:45.0410 3620	OS Version: 6.1.7601 ServicePack: 1.0
16:42:45.0410 3620	Product type: Workstation
16:42:45.0410 3620	ComputerName: ARBEITSZIMMER
16:42:45.0410 3620	UserName: ***
16:42:45.0410 3620	Windows directory: C:\Windows
16:42:45.0410 3620	System windows directory: C:\Windows
16:42:45.0410 3620	Running under WOW64
16:42:45.0410 3620	Processor architecture: Intel x64
16:42:45.0410 3620	Number of processors: 8
16:42:45.0410 3620	Page size: 0x1000
16:42:45.0410 3620	Boot type: Normal boot
16:42:45.0410 3620	============================================================
16:42:46.0295 3620	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:42:46.0311 3620	============================================================
16:42:46.0311 3620	\Device\Harddisk0\DR0:
16:42:46.0311 3620	MBR partitions:
16:42:46.0311 3620	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1D4F800, BlocksNum 0x32000
16:42:46.0311 3620	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D81800, BlocksNum 0x72984800
16:42:46.0311 3620	============================================================
16:42:46.0332 3620	C: <-> \Device\Harddisk0\DR0\Partition1
16:42:46.0332 3620	============================================================
16:42:46.0332 3620	Initialize success
16:42:46.0332 3620	============================================================
16:43:24.0660 1132	============================================================
16:43:24.0660 1132	Scan started
16:43:24.0660 1132	Mode: Manual; SigCheck; TDLFS; 
16:43:24.0660 1132	============================================================
16:43:25.0237 1132	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:43:25.0315 1132	1394ohci - ok
16:43:25.0362 1132	61883           (e0a8525a951addb4655bc2068566407d) C:\Windows\system32\DRIVERS\61883.sys
16:43:25.0440 1132	61883 - ok
16:43:25.0486 1132	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:43:25.0502 1132	ACPI - ok
16:43:25.0533 1132	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:43:25.0596 1132	AcpiPmi - ok
16:43:25.0674 1132	AdobeActiveFileMonitor5.0 (177ff6608b48638d4066726f3a3f8444) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
16:43:25.0689 1132	AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - warning
16:43:25.0689 1132	AdobeActiveFileMonitor5.0 - detected UnsignedFile.Multi.Generic (1)
16:43:25.0767 1132	AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:43:25.0783 1132	AdobeARMservice - ok
16:43:25.0830 1132	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:43:25.0861 1132	adp94xx - ok
16:43:25.0908 1132	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:43:25.0923 1132	adpahci - ok
16:43:25.0939 1132	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:43:25.0954 1132	adpu320 - ok
16:43:25.0986 1132	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:43:26.0095 1132	AeLookupSvc - ok
16:43:26.0173 1132	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:43:26.0220 1132	AFD - ok
16:43:26.0251 1132	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:43:26.0251 1132	agp440 - ok
16:43:26.0282 1132	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:43:26.0313 1132	ALG - ok
16:43:26.0329 1132	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:43:26.0344 1132	aliide - ok
16:43:26.0391 1132	AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
16:43:26.0454 1132	AMD External Events Utility - ok
16:43:26.0485 1132	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:43:26.0485 1132	amdide - ok
16:43:26.0516 1132	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:43:26.0563 1132	AmdK8 - ok
16:43:27.0062 1132	amdkmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
16:43:27.0312 1132	amdkmdag - ok
16:43:27.0452 1132	amdkmdap        (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
16:43:27.0483 1132	amdkmdap - ok
16:43:27.0514 1132	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:43:27.0546 1132	AmdPPM - ok
16:43:27.0592 1132	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:43:27.0608 1132	amdsata - ok
16:43:27.0624 1132	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:43:27.0639 1132	amdsbs - ok
16:43:27.0655 1132	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:43:27.0670 1132	amdxata - ok
16:43:27.0764 1132	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:43:27.0780 1132	AntiVirSchedulerService - ok
16:43:27.0811 1132	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:43:27.0826 1132	AntiVirService - ok
16:43:27.0873 1132	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:43:28.0014 1132	AppID - ok
16:43:28.0029 1132	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:43:28.0092 1132	AppIDSvc - ok
16:43:28.0123 1132	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:43:28.0170 1132	Appinfo - ok
16:43:28.0248 1132	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:43:28.0263 1132	Apple Mobile Device - ok
16:43:28.0294 1132	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:43:28.0310 1132	arc - ok
16:43:28.0326 1132	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:43:28.0341 1132	arcsas - ok
16:43:28.0357 1132	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:43:28.0404 1132	AsyncMac - ok
16:43:28.0435 1132	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:43:28.0450 1132	atapi - ok
16:43:28.0497 1132	AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
16:43:28.0513 1132	AtiHDAudioService - ok
16:43:29.0059 1132	atikmdag        (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
16:43:29.0152 1132	atikmdag - ok
16:43:29.0277 1132	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:43:29.0324 1132	AudioEndpointBuilder - ok
16:43:29.0340 1132	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:43:29.0371 1132	AudioSrv - ok
16:43:29.0433 1132	Avc             (16fabe84916623d0607e4a975544032c) C:\Windows\system32\DRIVERS\avc.sys
16:43:29.0464 1132	Avc - ok
16:43:29.0511 1132	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
16:43:29.0511 1132	avgntflt - ok
16:43:29.0558 1132	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
16:43:29.0574 1132	avipbb - ok
16:43:29.0605 1132	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
16:43:29.0620 1132	avkmgr - ok
16:43:29.0667 1132	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:43:29.0698 1132	AxInstSV - ok
16:43:29.0745 1132	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:43:29.0792 1132	b06bdrv - ok
16:43:29.0823 1132	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:43:29.0870 1132	b57nd60a - ok
16:43:29.0901 1132	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:43:29.0948 1132	BDESVC - ok
16:43:29.0948 1132	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:43:30.0026 1132	Beep - ok
16:43:30.0120 1132	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:43:30.0166 1132	BFE - ok
16:43:30.0260 1132	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:43:30.0322 1132	BITS - ok
16:43:30.0385 1132	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:43:30.0400 1132	blbdrive - ok
16:43:30.0525 1132	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:43:30.0541 1132	Bonjour Service - ok
16:43:30.0556 1132	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:43:30.0603 1132	bowser - ok
16:43:30.0619 1132	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:43:30.0666 1132	BrFiltLo - ok
16:43:30.0681 1132	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:43:30.0697 1132	BrFiltUp - ok
16:43:30.0744 1132	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:43:30.0790 1132	Browser - ok
16:43:30.0806 1132	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:43:30.0853 1132	Brserid - ok
16:43:30.0853 1132	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:43:30.0884 1132	BrSerWdm - ok
16:43:30.0900 1132	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:43:30.0931 1132	BrUsbMdm - ok
16:43:30.0946 1132	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:43:30.0962 1132	BrUsbSer - ok
16:43:30.0978 1132	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:43:31.0009 1132	BTHMODEM - ok
16:43:31.0040 1132	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:43:31.0087 1132	bthserv - ok
16:43:31.0196 1132	BUNAgentSvc     (09e6affae6c0e9158bf05c7d08d0107a) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
16:43:31.0196 1132	BUNAgentSvc ( UnsignedFile.Multi.Generic ) - warning
16:43:31.0196 1132	BUNAgentSvc - detected UnsignedFile.Multi.Generic (1)
16:43:31.0227 1132	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:43:31.0290 1132	cdfs - ok
16:43:31.0321 1132	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:43:31.0352 1132	cdrom - ok
16:43:31.0399 1132	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:43:31.0446 1132	CertPropSvc - ok
16:43:31.0477 1132	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:43:31.0508 1132	circlass - ok
16:43:31.0555 1132	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:43:31.0586 1132	CLFS - ok
16:43:31.0633 1132	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:43:31.0648 1132	clr_optimization_v2.0.50727_32 - ok
16:43:31.0680 1132	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:43:31.0695 1132	clr_optimization_v2.0.50727_64 - ok
16:43:31.0789 1132	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:43:31.0804 1132	clr_optimization_v4.0.30319_32 - ok
16:43:31.0851 1132	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:43:31.0851 1132	clr_optimization_v4.0.30319_64 - ok
16:43:31.0882 1132	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:43:31.0914 1132	CmBatt - ok
16:43:31.0945 1132	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:43:31.0960 1132	cmdide - ok
16:43:31.0992 1132	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:43:32.0023 1132	CNG - ok
16:43:32.0038 1132	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:43:32.0038 1132	Compbatt - ok
16:43:32.0085 1132	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:43:32.0116 1132	CompositeBus - ok
16:43:32.0132 1132	COMSysApp - ok
16:43:32.0148 1132	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:43:32.0163 1132	crcdisk - ok
16:43:32.0210 1132	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
16:43:32.0241 1132	CryptSvc - ok
16:43:32.0288 1132	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:43:32.0319 1132	DcomLaunch - ok
16:43:32.0366 1132	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:43:32.0397 1132	defragsvc - ok
16:43:32.0460 1132	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:43:32.0522 1132	DfsC - ok
16:43:32.0553 1132	dgderdrv        (def365f0f6e017888c4b869d3ba4b8e0) C:\Windows\system32\drivers\dgderdrv.sys
16:43:32.0553 1132	dgderdrv - ok
16:43:32.0616 1132	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:43:32.0647 1132	Dhcp - ok
16:43:32.0678 1132	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:43:32.0694 1132	discache - ok
16:43:32.0740 1132	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:43:32.0756 1132	Disk - ok
16:43:32.0787 1132	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:43:32.0818 1132	Dnscache - ok
16:43:32.0850 1132	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:43:32.0928 1132	dot3svc - ok
16:43:32.0959 1132	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:43:33.0006 1132	DPS - ok
16:43:33.0037 1132	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:43:33.0037 1132	drmkaud - ok
16:43:33.0115 1132	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:43:33.0146 1132	DXGKrnl - ok
16:43:33.0177 1132	e1yexpress      (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
16:43:33.0208 1132	e1yexpress - ok
16:43:33.0240 1132	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:43:33.0286 1132	EapHost - ok
16:43:33.0489 1132	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:43:33.0552 1132	ebdrv - ok
16:43:33.0645 1132	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:43:33.0692 1132	EFS - ok
16:43:33.0754 1132	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:43:33.0786 1132	elxstor - ok
16:43:33.0817 1132	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:43:33.0848 1132	ErrDev - ok
16:43:33.0895 1132	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:43:33.0957 1132	EventSystem - ok
16:43:33.0973 1132	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:43:34.0020 1132	exfat - ok
16:43:34.0129 1132	Fabs - ok
16:43:34.0160 1132	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:43:34.0207 1132	fastfat - ok
16:43:34.0285 1132	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:43:34.0332 1132	Fax - ok
16:43:34.0347 1132	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:43:34.0363 1132	fdc - ok
16:43:34.0394 1132	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:43:34.0456 1132	fdPHost - ok
16:43:34.0456 1132	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:43:34.0503 1132	FDResPub - ok
16:43:34.0519 1132	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:43:34.0534 1132	FileInfo - ok
16:43:34.0534 1132	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:43:34.0566 1132	Filetrace - ok
16:43:34.0800 1132	FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
16:43:34.0862 1132	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
16:43:34.0862 1132	FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
16:43:34.0956 1132	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:43:34.0971 1132	flpydisk - ok
16:43:35.0002 1132	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:43:35.0034 1132	FltMgr - ok
16:43:35.0112 1132	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:43:35.0252 1132	FontCache - ok
16:43:35.0408 1132	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:43:35.0424 1132	FontCache3.0.0.0 - ok
16:43:35.0455 1132	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:43:35.0470 1132	FsDepends - ok
16:43:35.0517 1132	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:43:35.0533 1132	Fs_Rec - ok
16:43:35.0580 1132	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:43:35.0595 1132	fvevol - ok
16:43:35.0626 1132	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:43:35.0626 1132	gagp30kx - ok
16:43:35.0673 1132	GearAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\drivers\GEARAspiWDM.sys
16:43:35.0673 1132	GearAspiWDM - ok
16:43:35.0767 1132	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:43:35.0814 1132	gpsvc - ok
16:43:35.0907 1132	gupdate         (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:43:35.0907 1132	gupdate - ok
16:43:35.0923 1132	gupdatem        (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:43:35.0938 1132	gupdatem - ok
16:43:35.0954 1132	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:43:36.0001 1132	hcw85cir - ok
16:43:36.0079 1132	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:43:36.0110 1132	HdAudAddService - ok
16:43:36.0188 1132	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:43:36.0204 1132	HDAudBus - ok
16:43:36.0219 1132	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:43:36.0235 1132	HidBatt - ok
16:43:36.0250 1132	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:43:36.0266 1132	HidBth - ok
16:43:36.0282 1132	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:43:36.0313 1132	HidIr - ok
16:43:36.0328 1132	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:43:36.0375 1132	hidserv - ok
16:43:36.0422 1132	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:43:36.0438 1132	HidUsb - ok
16:43:36.0469 1132	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:43:36.0516 1132	hkmsvc - ok
16:43:36.0562 1132	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:43:36.0594 1132	HomeGroupListener - ok
16:43:36.0625 1132	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:43:36.0640 1132	HomeGroupProvider - ok
16:43:36.0672 1132	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:43:36.0687 1132	HpSAMD - ok
16:43:36.0765 1132	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:43:36.0812 1132	HTTP - ok
16:43:36.0859 1132	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:43:36.0859 1132	hwpolicy - ok
16:43:36.0890 1132	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:43:36.0890 1132	i8042prt - ok
16:43:36.0937 1132	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:43:36.0968 1132	iaStorV - ok
16:43:37.0077 1132	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:43:37.0108 1132	idsvc - ok
16:43:37.0124 1132	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:43:37.0140 1132	iirsp - ok
16:43:37.0218 1132	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:43:37.0280 1132	IKEEXT - ok
16:43:37.0311 1132	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:43:37.0327 1132	intelide - ok
16:43:37.0342 1132	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:43:37.0358 1132	intelppm - ok
16:43:37.0389 1132	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:43:37.0420 1132	IPBusEnum - ok
16:43:37.0452 1132	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:43:37.0498 1132	IpFilterDriver - ok
16:43:37.0561 1132	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:43:37.0623 1132	iphlpsvc - ok
16:43:37.0654 1132	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:43:37.0670 1132	IPMIDRV - ok
16:43:37.0701 1132	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:43:37.0748 1132	IPNAT - ok
16:43:37.0857 1132	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
16:43:37.0888 1132	iPod Service - ok
16:43:37.0904 1132	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:43:37.0935 1132	IRENUM - ok
16:43:37.0951 1132	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:43:37.0966 1132	isapnp - ok
16:43:37.0998 1132	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:43:38.0013 1132	iScsiPrt - ok
16:43:38.0044 1132	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:43:38.0060 1132	kbdclass - ok
16:43:38.0091 1132	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:43:38.0122 1132	kbdhid - ok
16:43:38.0154 1132	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:43:38.0169 1132	KeyIso - ok
16:43:38.0185 1132	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:43:38.0200 1132	KSecDD - ok
16:43:38.0247 1132	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:43:38.0263 1132	KSecPkg - ok
16:43:38.0278 1132	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:43:38.0325 1132	ksthunk - ok
16:43:38.0372 1132	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:43:38.0419 1132	KtmRm - ok
16:43:38.0466 1132	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:43:38.0512 1132	LanmanServer - ok
16:43:38.0559 1132	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:43:38.0622 1132	LanmanWorkstation - ok
16:43:38.0700 1132	Lavasoft Kernexplorer - ok
16:43:38.0700 1132	Lbd - ok
16:43:38.0746 1132	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:43:38.0793 1132	lltdio - ok
16:43:38.0824 1132	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:43:38.0918 1132	lltdsvc - ok
16:43:38.0934 1132	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:43:38.0965 1132	lmhosts - ok
16:43:38.0996 1132	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:43:39.0012 1132	LSI_FC - ok
16:43:39.0027 1132	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:43:39.0058 1132	LSI_SAS - ok
16:43:39.0074 1132	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:43:39.0074 1132	LSI_SAS2 - ok
16:43:39.0090 1132	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:43:39.0105 1132	LSI_SCSI - ok
16:43:39.0121 1132	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:43:39.0152 1132	luafv - ok
16:43:39.0214 1132	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
16:43:39.0230 1132	MBAMProtector - ok
16:43:39.0292 1132	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:43:39.0324 1132	MBAMService - ok
16:43:39.0324 1132	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:43:39.0339 1132	megasas - ok
16:43:39.0370 1132	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:43:39.0386 1132	MegaSR - ok
16:43:39.0464 1132	Microsoft SharePoint Workspace Audit Service - ok
16:43:39.0480 1132	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:43:39.0542 1132	MMCSS - ok
16:43:39.0573 1132	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:43:39.0604 1132	Modem - ok
16:43:39.0620 1132	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:43:39.0636 1132	monitor - ok
16:43:39.0682 1132	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:43:39.0698 1132	mouclass - ok
16:43:39.0698 1132	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:43:39.0714 1132	mouhid - ok
16:43:39.0745 1132	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:43:39.0760 1132	mountmgr - ok
16:43:39.0838 1132	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:43:39.0854 1132	MozillaMaintenance - ok
16:43:39.0885 1132	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:43:39.0901 1132	mpio - ok
16:43:39.0916 1132	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:43:39.0963 1132	mpsdrv - ok
16:43:40.0026 1132	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:43:40.0088 1132	MpsSvc - ok
16:43:40.0135 1132	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:43:40.0166 1132	MRxDAV - ok
16:43:40.0197 1132	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:43:40.0228 1132	mrxsmb - ok
16:43:40.0275 1132	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:43:40.0291 1132	mrxsmb10 - ok
16:43:40.0322 1132	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:43:40.0322 1132	mrxsmb20 - ok
16:43:40.0353 1132	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:43:40.0369 1132	msahci - ok
16:43:40.0431 1132	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:43:40.0462 1132	msdsm - ok
16:43:40.0494 1132	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:43:40.0525 1132	MSDTC - ok
16:43:40.0572 1132	MSDV            (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
16:43:40.0587 1132	MSDV - ok
16:43:40.0618 1132	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:43:40.0650 1132	Msfs - ok
16:43:40.0665 1132	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:43:40.0712 1132	mshidkmdf - ok
16:43:40.0743 1132	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:43:40.0759 1132	msisadrv - ok
16:43:40.0774 1132	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:43:40.0821 1132	MSiSCSI - ok
16:43:40.0821 1132	msiserver - ok
16:43:40.0837 1132	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:43:40.0868 1132	MSKSSRV - ok
16:43:40.0868 1132	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:43:40.0915 1132	MSPCLOCK - ok
16:43:40.0930 1132	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:43:40.0993 1132	MSPQM - ok
16:43:41.0024 1132	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:43:41.0040 1132	MsRPC - ok
16:43:41.0071 1132	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:43:41.0086 1132	mssmbios - ok
16:43:41.0102 1132	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:43:41.0149 1132	MSTEE - ok
16:43:41.0164 1132	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:43:41.0180 1132	MTConfig - ok
16:43:41.0196 1132	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:43:41.0211 1132	Mup - ok
16:43:41.0258 1132	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:43:41.0305 1132	napagent - ok
16:43:41.0352 1132	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:43:41.0383 1132	NativeWifiP - ok
16:43:41.0445 1132	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:43:41.0492 1132	NDIS - ok
16:43:41.0523 1132	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:43:41.0554 1132	NdisCap - ok
16:43:41.0586 1132	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:43:41.0632 1132	NdisTapi - ok
16:43:41.0664 1132	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:43:41.0710 1132	Ndisuio - ok
16:43:41.0742 1132	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:43:41.0788 1132	NdisWan - ok
16:43:41.0820 1132	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:43:41.0866 1132	NDProxy - ok
16:43:41.0929 1132	Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
16:43:41.0944 1132	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:43:41.0944 1132	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:43:41.0960 1132	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:43:42.0007 1132	NetBIOS - ok
16:43:42.0054 1132	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:43:42.0116 1132	NetBT - ok
16:43:42.0147 1132	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:43:42.0163 1132	Netlogon - ok
16:43:42.0210 1132	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:43:42.0256 1132	Netman - ok
16:43:42.0288 1132	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:43:42.0334 1132	netprofm - ok
16:43:42.0381 1132	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:43:42.0397 1132	NetTcpPortSharing - ok
16:43:42.0428 1132	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:43:42.0444 1132	nfrd960 - ok
16:43:42.0490 1132	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:43:42.0537 1132	NlaSvc - ok
16:43:42.0537 1132	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:43:42.0568 1132	Npfs - ok
16:43:42.0584 1132	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:43:42.0631 1132	nsi - ok
16:43:42.0631 1132	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:43:42.0662 1132	nsiproxy - ok
16:43:42.0787 1132	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:43:42.0834 1132	Ntfs - ok
16:43:42.0943 1132	NTIBackupSvc    (a2b6583a5652a385dff5e4f49ad48761) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
16:43:42.0943 1132	NTIBackupSvc ( UnsignedFile.Multi.Generic ) - warning
16:43:42.0943 1132	NTIBackupSvc - detected UnsignedFile.Multi.Generic (1)
16:43:43.0052 1132	NTIDrvr         (7d397449aaf52b0e7c79b64f6ad4473e) C:\Windows\system32\Drivers\NTIDrvr.sys
16:43:43.0068 1132	NTIDrvr - ok
16:43:43.0099 1132	NTISchedulerSvc (40b87fe8a1a9a5ac9e5a91d96f212bcd) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
16:43:43.0114 1132	NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - warning
16:43:43.0114 1132	NTISchedulerSvc - detected UnsignedFile.Multi.Generic (1)
16:43:43.0146 1132	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:43:43.0208 1132	Null - ok
16:43:43.0255 1132	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:43:43.0286 1132	nvraid - ok
16:43:43.0333 1132	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:43:43.0348 1132	nvstor - ok
16:43:43.0380 1132	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:43:43.0395 1132	nv_agp - ok
16:43:43.0473 1132	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:43:43.0489 1132	odserv - ok
16:43:43.0520 1132	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:43:43.0551 1132	ohci1394 - ok
16:43:43.0582 1132	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:43:43.0598 1132	ose - ok
16:43:43.0894 1132	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:43:43.0957 1132	osppsvc - ok
16:43:44.0050 1132	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:43:44.0082 1132	p2pimsvc - ok
16:43:44.0113 1132	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:43:44.0144 1132	p2psvc - ok
16:43:44.0175 1132	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:43:44.0191 1132	Parport - ok
16:43:44.0206 1132	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:43:44.0222 1132	partmgr - ok
16:43:44.0253 1132	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:43:44.0269 1132	PcaSvc - ok
16:43:44.0300 1132	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:43:44.0316 1132	pci - ok
16:43:44.0331 1132	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:43:44.0347 1132	pciide - ok
16:43:44.0362 1132	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:43:44.0394 1132	pcmcia - ok
16:43:44.0409 1132	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:43:44.0425 1132	pcw - ok
16:43:44.0472 1132	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:43:44.0518 1132	PEAUTH - ok
16:43:44.0581 1132	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:43:44.0612 1132	PerfHost - ok
16:43:44.0706 1132	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:43:44.0799 1132	pla - ok
16:43:44.0846 1132	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:43:44.0877 1132	PlugPlay - ok
16:43:44.0924 1132	Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
16:43:44.0924 1132	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:43:44.0924 1132	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:43:44.0940 1132	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:43:44.0971 1132	PNRPAutoReg - ok
16:43:45.0002 1132	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:43:45.0018 1132	PNRPsvc - ok
16:43:45.0064 1132	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:43:45.0142 1132	PolicyAgent - ok
16:43:45.0174 1132	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:43:45.0220 1132	Power - ok
16:43:45.0283 1132	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:43:45.0330 1132	PptpMiniport - ok
16:43:45.0345 1132	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:43:45.0361 1132	Processor - ok
16:43:45.0392 1132	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
16:43:45.0470 1132	ProfSvc - ok
16:43:45.0548 1132	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:43:45.0564 1132	ProtectedStorage - ok
16:43:45.0610 1132	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:43:45.0642 1132	Psched - ok
16:43:45.0735 1132	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:43:45.0782 1132	ql2300 - ok
16:43:45.0876 1132	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:43:45.0891 1132	ql40xx - ok
16:43:45.0922 1132	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:43:45.0954 1132	QWAVE - ok
16:43:45.0985 1132	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:43:46.0000 1132	QWAVEdrv - ok
16:43:46.0016 1132	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:43:46.0063 1132	RasAcd - ok
16:43:46.0094 1132	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:43:46.0141 1132	RasAgileVpn - ok
16:43:46.0156 1132	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:43:46.0188 1132	RasAuto - ok
16:43:46.0219 1132	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:43:46.0266 1132	Rasl2tp - ok
16:43:46.0312 1132	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:43:46.0359 1132	RasMan - ok
16:43:46.0390 1132	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:43:46.0422 1132	RasPppoe - ok
16:43:46.0437 1132	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:43:46.0484 1132	RasSstp - ok
16:43:46.0515 1132	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:43:46.0562 1132	rdbss - ok
16:43:46.0578 1132	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:43:46.0609 1132	rdpbus - ok
16:43:46.0624 1132	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:43:46.0640 1132	RDPCDD - ok
16:43:46.0656 1132	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:43:46.0687 1132	RDPENCDD - ok
16:43:46.0687 1132	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:43:46.0718 1132	RDPREFMP - ok
16:43:46.0749 1132	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
16:43:46.0812 1132	RDPWD - ok
16:43:46.0858 1132	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:43:46.0874 1132	rdyboost - ok
16:43:46.0890 1132	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:43:46.0921 1132	RemoteAccess - ok
16:43:46.0968 1132	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:43:46.0999 1132	RemoteRegistry - ok
16:43:47.0014 1132	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:43:47.0046 1132	RpcEptMapper - ok
16:43:47.0061 1132	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:43:47.0077 1132	RpcLocator - ok
16:43:47.0124 1132	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:43:47.0170 1132	RpcSs - ok
16:43:47.0202 1132	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:43:47.0248 1132	rspndr - ok
16:43:47.0264 1132	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:43:47.0280 1132	SamSs - ok
16:43:47.0311 1132	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:43:47.0311 1132	sbp2port - ok
16:43:47.0342 1132	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:43:47.0404 1132	SCardSvr - ok
16:43:47.0436 1132	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:43:47.0482 1132	scfilter - ok
16:43:47.0576 1132	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:43:47.0607 1132	Schedule - ok
16:43:47.0638 1132	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:43:47.0670 1132	SCPolicySvc - ok
16:43:47.0716 1132	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:43:47.0748 1132	SDRSVC - ok
16:43:47.0779 1132	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:43:47.0841 1132	secdrv - ok
16:43:47.0872 1132	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:43:47.0919 1132	seclogon - ok
16:43:47.0935 1132	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:43:47.0982 1132	SENS - ok
16:43:47.0997 1132	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:43:48.0013 1132	SensrSvc - ok
16:43:48.0028 1132	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:43:48.0028 1132	Serenum - ok
16:43:48.0044 1132	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:43:48.0075 1132	Serial - ok
16:43:48.0106 1132	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:43:48.0106 1132	sermouse - ok
16:43:48.0153 1132	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:43:48.0200 1132	SessionEnv - ok
16:43:48.0231 1132	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:43:48.0247 1132	sffdisk - ok
16:43:48.0262 1132	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:43:48.0294 1132	sffp_mmc - ok
16:43:48.0309 1132	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:43:48.0340 1132	sffp_sd - ok
16:43:48.0356 1132	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:43:48.0372 1132	sfloppy - ok
16:43:48.0403 1132	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:43:48.0450 1132	SharedAccess - ok
16:43:48.0496 1132	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:43:48.0528 1132	ShellHWDetection - ok
16:43:48.0559 1132	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:43:48.0559 1132	SiSRaid2 - ok
16:43:48.0574 1132	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:43:48.0590 1132	SiSRaid4 - ok
16:43:48.0606 1132	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:43:48.0637 1132	Smb - ok
16:43:48.0668 1132	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:43:48.0699 1132	SNMPTRAP - ok
16:43:48.0699 1132	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:43:48.0715 1132	spldr - ok
16:43:48.0762 1132	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:43:48.0808 1132	Spooler - ok
16:43:48.0996 1132	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:43:49.0074 1132	sppsvc - ok
16:43:49.0152 1132	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:43:49.0183 1132	sppuinotify - ok
16:43:49.0230 1132	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:43:49.0261 1132	srv - ok
16:43:49.0292 1132	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:43:49.0323 1132	srv2 - ok
16:43:49.0339 1132	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:43:49.0370 1132	srvnet - ok
16:43:49.0386 1132	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:43:49.0448 1132	SSDPSRV - ok
16:43:49.0448 1132	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:43:49.0495 1132	SstpSvc - ok
16:43:49.0495 1132	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:43:49.0510 1132	stexstor - ok
16:43:49.0573 1132	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:43:49.0588 1132	stisvc - ok
16:43:49.0620 1132	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:43:49.0635 1132	swenum - ok
16:43:49.0666 1132	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:43:49.0713 1132	swprv - ok
16:43:49.0807 1132	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:43:49.0869 1132	SysMain - ok
16:43:49.0947 1132	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:43:49.0994 1132	TabletInputService - ok
16:43:50.0025 1132	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:43:50.0103 1132	TapiSrv - ok
16:43:50.0119 1132	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:43:50.0150 1132	TBS - ok
16:43:50.0306 1132	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:43:50.0353 1132	Tcpip - ok
16:43:50.0540 1132	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:43:50.0571 1132	TCPIP6 - ok
16:43:50.0680 1132	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:43:50.0743 1132	tcpipreg - ok
16:43:50.0758 1132	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:43:50.0774 1132	TDPIPE - ok
16:43:50.0790 1132	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:43:50.0821 1132	TDTCP - ok
16:43:50.0852 1132	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:43:50.0914 1132	tdx - ok
16:43:51.0133 1132	TeamViewer6     (a409a5c99c29328018e1e3dce9abdc36) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
16:43:51.0164 1132	TeamViewer6 - ok
16:43:51.0273 1132	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:43:51.0289 1132	TermDD - ok
16:43:51.0367 1132	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:43:51.0429 1132	TermService - ok
16:43:51.0460 1132	TFsExDisk       (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
16:43:51.0476 1132	TFsExDisk - ok
16:43:51.0492 1132	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:43:51.0507 1132	Themes - ok
16:43:51.0523 1132	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:43:51.0570 1132	THREADORDER - ok
16:43:51.0663 1132	TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
16:43:51.0663 1132	TomTomHOMEService - ok
16:43:51.0679 1132	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:43:51.0726 1132	TrkWks - ok
16:43:51.0772 1132	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:43:51.0819 1132	TrustedInstaller - ok
16:43:51.0835 1132	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:43:51.0866 1132	tssecsrv - ok
16:43:51.0913 1132	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:43:51.0944 1132	TsUsbFlt - ok
16:43:51.0991 1132	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:43:52.0038 1132	tunnel - ok
16:43:52.0053 1132	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:43:52.0069 1132	uagp35 - ok
16:43:52.0131 1132	UBHelper        (00c8ce31657624a125fdb90efd554371) C:\Windows\system32\drivers\UBHelper.sys
16:43:52.0147 1132	UBHelper - ok
16:43:52.0178 1132	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:43:52.0225 1132	udfs - ok
16:43:52.0272 1132	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:43:52.0287 1132	UI0Detect - ok
16:43:52.0318 1132	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:43:52.0334 1132	uliagpkx - ok
16:43:52.0381 1132	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:43:52.0396 1132	umbus - ok
16:43:52.0428 1132	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:43:52.0443 1132	UmPass - ok
16:43:52.0474 1132	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:43:52.0537 1132	upnphost - ok
16:43:52.0568 1132	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
16:43:52.0584 1132	USBAAPL64 - ok
16:43:52.0630 1132	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:43:52.0662 1132	usbaudio - ok
16:43:52.0677 1132	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:43:52.0724 1132	usbccgp - ok
16:43:52.0755 1132	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:43:52.0771 1132	usbcir - ok
16:43:52.0786 1132	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:43:52.0802 1132	usbehci - ok
16:43:52.0849 1132	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:43:52.0880 1132	usbhub - ok
16:43:52.0911 1132	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:43:52.0927 1132	usbohci - ok
16:43:52.0942 1132	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:43:52.0974 1132	usbprint - ok
16:43:53.0020 1132	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:43:53.0036 1132	usbscan - ok
16:43:53.0052 1132	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:43:53.0083 1132	USBSTOR - ok
16:43:53.0098 1132	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
16:43:53.0130 1132	usbuhci - ok
16:43:53.0161 1132	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:43:53.0192 1132	usbvideo - ok
16:43:53.0208 1132	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:43:53.0254 1132	UxSms - ok
16:43:53.0286 1132	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:43:53.0286 1132	VaultSvc - ok
16:43:53.0332 1132	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:43:53.0332 1132	vdrvroot - ok
16:43:53.0379 1132	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:43:53.0457 1132	vds - ok
16:43:53.0488 1132	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:43:53.0504 1132	vga - ok
16:43:53.0520 1132	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:43:53.0551 1132	VgaSave - ok
16:43:53.0582 1132	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:43:53.0598 1132	vhdmp - ok
16:43:53.0629 1132	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:43:53.0629 1132	viaide - ok
16:43:53.0676 1132	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:43:53.0691 1132	volmgr - ok
16:43:53.0738 1132	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:43:53.0754 1132	volmgrx - ok
16:43:53.0769 1132	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:43:53.0785 1132	volsnap - ok
16:43:53.0816 1132	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:43:53.0832 1132	vsmraid - ok
16:43:53.0956 1132	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:43:54.0034 1132	VSS - ok
16:43:54.0128 1132	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:43:54.0159 1132	vwifibus - ok
16:43:54.0190 1132	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:43:54.0237 1132	W32Time - ok
16:43:54.0253 1132	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:43:54.0268 1132	WacomPen - ok
16:43:54.0315 1132	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:43:54.0362 1132	WANARP - ok
16:43:54.0362 1132	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:43:54.0393 1132	Wanarpv6 - ok
16:43:54.0518 1132	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:43:54.0565 1132	wbengine - ok
16:43:54.0658 1132	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:43:54.0690 1132	WbioSrvc - ok
16:43:54.0736 1132	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:43:54.0768 1132	wcncsvc - ok
16:43:54.0783 1132	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:43:54.0783 1132	WcsPlugInService - ok
16:43:54.0814 1132	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:43:54.0830 1132	Wd - ok
16:43:54.0877 1132	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:43:54.0892 1132	Wdf01000 - ok
16:43:54.0924 1132	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:43:54.0955 1132	WdiServiceHost - ok
16:43:54.0955 1132	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:43:54.0970 1132	WdiSystemHost - ok
16:43:55.0002 1132	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:43:55.0048 1132	WebClient - ok
16:43:55.0080 1132	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:43:55.0142 1132	Wecsvc - ok
16:43:55.0173 1132	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:43:55.0220 1132	wercplsupport - ok
16:43:55.0251 1132	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:43:55.0298 1132	WerSvc - ok
16:43:55.0345 1132	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:43:55.0376 1132	WfpLwf - ok
16:43:55.0392 1132	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:43:55.0407 1132	WIMMount - ok
16:43:55.0423 1132	WinDefend - ok
16:43:55.0423 1132	WinHttpAutoProxySvc - ok
16:43:55.0470 1132	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:43:55.0516 1132	Winmgmt - ok
16:43:55.0641 1132	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:43:55.0766 1132	WinRM - ok
16:43:55.0875 1132	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:43:55.0906 1132	WinUsb - ok
16:43:55.0984 1132	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:43:56.0031 1132	Wlansvc - ok
16:43:56.0094 1132	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:43:56.0109 1132	WmiAcpi - ok
16:43:56.0156 1132	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:43:56.0187 1132	wmiApSrv - ok
16:43:56.0218 1132	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:43:56.0218 1132	WPCSvc - ok
16:43:56.0265 1132	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:43:56.0281 1132	WPDBusEnum - ok
16:43:56.0296 1132	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:43:56.0343 1132	ws2ifsl - ok
16:43:56.0359 1132	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:43:56.0374 1132	wscsvc - ok
16:43:56.0374 1132	WSearch - ok
16:43:56.0530 1132	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
16:43:56.0577 1132	wuauserv - ok
16:43:56.0671 1132	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:43:56.0733 1132	WudfPf - ok
16:43:56.0764 1132	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:43:56.0811 1132	WUDFRd - ok
16:43:56.0842 1132	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:43:56.0889 1132	wudfsvc - ok
16:43:56.0905 1132	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:43:56.0936 1132	WwanSvc - ok
16:43:56.0967 1132	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:43:57.0217 1132	\Device\Harddisk0\DR0 - ok
16:43:57.0232 1132	Boot (0x1200)   (0d1c45c742f34b44368aa0fcf3991698) \Device\Harddisk0\DR0\Partition0
16:43:57.0232 1132	\Device\Harddisk0\DR0\Partition0 - ok
16:43:57.0248 1132	Boot (0x1200)   (c2767a98f21e2cb40d66392382f4f743) \Device\Harddisk0\DR0\Partition1
16:43:57.0248 1132	\Device\Harddisk0\DR0\Partition1 - ok
16:43:57.0248 1132	============================================================
16:43:57.0248 1132	Scan finished
16:43:57.0248 1132	============================================================
16:43:57.0264 0132	Detected object count: 7
16:43:57.0264 0132	Actual detected object count: 7
16:44:22.0224 0132	AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - skipped by user
16:44:22.0224 0132	AdobeActiveFileMonitor5.0 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:44:22.0224 0132	BUNAgentSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:44:22.0224 0132	BUNAgentSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:44:22.0224 0132	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
16:44:22.0224 0132	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:44:22.0224 0132	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:44:22.0224 0132	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:44:22.0224 0132	NTIBackupSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:44:22.0224 0132	NTIBackupSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:44:22.0224 0132	NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:44:22.0224 0132	NTISchedulerSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:44:22.0224 0132	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:44:22.0224 0132	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 03.07.2012, 16:08   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security shield - Logs von Malwarebytes - Standard

Security shield - Logs von Malwarebytes



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.07.2012, 16:32   #13
ralphholger
 
Security shield - Logs von Malwarebytes - Standard

Security shield - Logs von Malwarebytes



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-02.01 - *** 03.07.2012  17:17:21.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6135.4640 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\security\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\IsUn0407.exe
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-03 bis 2012-07-03  ))))))))))))))))))))))))))))))
.
.
2012-07-03 12:54 . 2012-07-03 12:54	--------	d-----w-	C:\_OTL
2012-07-01 13:55 . 2012-07-01 13:55	--------	d-----w-	c:\program files (x86)\ESET
2012-06-25 12:17 . 2012-06-25 12:17	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-06-25 12:17 . 2012-06-25 12:17	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-25 12:17 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-25 12:17 . 2012-06-25 12:17	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-22 12:13 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-22 12:13 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-22 12:13 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-22 12:13 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-22 12:12 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-22 12:12 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-22 12:12 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-22 12:12 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-22 12:12 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-20 07:10 . 2012-06-20 07:10	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 07:10 . 2012-06-20 07:10	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 09:20 . 2011-10-20 15:06	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 09:20 . 2011-10-20 15:06	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-04-18 18:56 . 2012-04-18 18:56	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2012-04-06 05:22 . 2012-04-06 05:22	11174400	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-07-28 21:40	909312	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2011-07-28 21:39	1067520	----a-w-	c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16	503808	----a-w-	c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16	236544	----a-w-	c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2011-07-28 21:30	6800896	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10	26181632	----a-w-	c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-07-28 21:01	64000	----a-w-	c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2009-07-13 21:59	7479296	----a-w-	c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50	19753984	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35	1120768	----a-w-	c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34	1831424	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34	4731904	----a-w-	c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-02-15 02:34	6203392	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29	16090624	----a-w-	c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25	13764096	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23	7431680	----a-w-	c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-02-15 02:29	4795904	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11	514560	----a-w-	c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	360448	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11	17408	----a-w-	c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10	343040	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-07-28 20:53	54784	----a-w-	c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2011-07-28 20:53	41984	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09	44544	----a-w-	c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-02-15 02:12	32256	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34	74752	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34	64512	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33	16457216	----a-w-	c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32	13007872	----a-w-	c:\windows\SysWow64\amdocl.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2009-06-10 462736]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"PDFPrint"="c:\program files (x86)\pdf24\pdf24.exe" [2011-12-16 220744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-25 133104]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-07-30 20552]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-25 133104]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-24 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 e1yexpress;Intel(R) Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-25 09:46]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-25 09:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=110819&tt=290412_3_ctrl&babsrc=HP_ss&mntrId=8cec732b0000000000000022683b0975
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ehzit7aa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - file:///C:/Users/***/Documents/5_Schule/3000%20Unterricht%20RK%20Schule/Website/Unterrichtsmaterial_neu_2.htm|about:addons
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=290412_3_ctrl
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 8cec732b0000000000000022683b0975
FF - user.js: extensions.BabylonToolbar_i.hardId - 8cec732b0000000000000022683b0975
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15467
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:08
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-03  17:27:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-03 15:27
.
Vor Suchlauf: 17 Verzeichnis(se), 757.908.021.248 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 757.526.757.376 Bytes frei
.
- - End Of File - - 3FC39AC45A61D4F53AD9A92AC39A73CB
         

Alt 04.07.2012, 14:32   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Security shield - Logs von Malwarebytes - Standard

Security shield - Logs von Malwarebytes



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
Firefox::
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ehzit7aa.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=290412_3_ctrl
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 8cec732b0000000000000022683b0975
FF - user.js: extensions.BabylonToolbar_i.hardId - 8cec732b0000000000000022683b0975
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15467
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:08
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.07.2012, 15:30   #15
ralphholger
 
Security shield - Logs von Malwarebytes - Standard

Security shield - Logs von Malwarebytes



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-07-04.01 - *** 04.07.2012  16:17:33.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6135.4529 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\security\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\security\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-04 bis 2012-07-04  ))))))))))))))))))))))))))))))
.
.
2012-07-04 14:21 . 2012-07-04 14:21	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-03 12:54 . 2012-07-03 12:54	--------	d-----w-	C:\_OTL
2012-07-01 13:55 . 2012-07-01 13:55	--------	d-----w-	c:\program files (x86)\ESET
2012-06-25 12:17 . 2012-06-25 12:17	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2012-06-25 12:17 . 2012-06-25 12:17	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-25 12:17 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-25 12:17 . 2012-06-25 12:17	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-22 12:13 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-22 12:13 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-22 12:13 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-22 12:13 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-22 12:12 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-22 12:12 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-22 12:12 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-22 12:12 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-22 12:12 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-20 07:10 . 2012-06-20 07:10	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-20 07:10 . 2012-06-20 07:10	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 09:20 . 2011-10-20 15:06	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-08 09:20 . 2011-10-20 15:06	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-04-18 18:56 . 2012-04-18 18:56	94208	----a-w-	c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56	69632	----a-w-	c:\windows\SysWow64\QuickTime.qts
2012-04-06 05:22 . 2012-04-06 05:22	11174400	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22	159744	----a-w-	c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-07-28 21:40	909312	----a-w-	c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2011-07-28 21:39	1067520	----a-w-	c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16	503808	----a-w-	c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16	236544	----a-w-	c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14	120320	----a-w-	c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14	21504	----a-w-	c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14	59392	----a-w-	c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2011-07-28 21:30	6800896	----a-w-	c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10	26181632	----a-w-	c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-07-28 21:01	64000	----a-w-	c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2009-07-13 21:59	7479296	----a-w-	c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50	19753984	----a-w-	c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35	1120768	----a-w-	c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34	1831424	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34	4731904	----a-w-	c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-02-15 02:34	6203392	----a-w-	c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29	16090624	----a-w-	c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25	13764096	----a-w-	c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23	7431680	----a-w-	c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-02-15 02:29	4795904	----a-w-	c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11	514560	----a-w-	c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	360448	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11	17408	----a-w-	c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	14848	----a-w-	c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11	41984	----a-w-	c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10	343040	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-07-28 20:53	54784	----a-w-	c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2011-07-28 20:53	41984	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09	44544	----a-w-	c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-02-15 02:12	32256	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06	54784	----a-w-	c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06	53760	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34	187392	----a-w-	c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34	74752	----a-w-	c:\windows\system32\OpenVideo64.dll
2012-04-05 20:34 . 2012-04-05 20:34	64512	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33	63488	----a-w-	c:\windows\system32\OVDecode64.dll
2012-04-05 20:33 . 2012-04-05 20:33	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
2012-04-05 20:33 . 2012-04-05 20:33	16457216	----a-w-	c:\windows\system32\amdocl64.dll
2012-04-05 20:32 . 2012-04-05 20:32	13007872	----a-w-	c:\windows\SysWow64\amdocl.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-07-03_15.22.42   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-24 12:12 . 2012-07-04 14:07	67054              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-04 14:07	32322              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-24 12:12 . 2012-07-04 14:07	22890              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1131466703-3347830685-1441675820-1001_UserData.bin
+ 2009-10-24 09:46 . 2012-07-04 05:46	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-24 09:46 . 2012-07-03 11:55	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-04 05:46 . 2012-07-04 05:46	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-03 11:55	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-04 05:46	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-24 11:24 . 2012-07-04 14:08	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-24 11:24 . 2012-07-03 15:01	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-24 11:24 . 2012-07-03 15:01	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-24 11:24 . 2012-07-04 14:08	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-06 19:01 . 2012-07-03 15:29	1604              c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-03 15:22 . 2012-07-03 15:22	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-04 14:22 . 2012-07-04 14:22	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-04 14:22 . 2012-07-04 14:22	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-03 15:22 . 2012-07-03 15:22	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-07-03 13:00	620174              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-04 14:10	620174              c:\windows\system32\perfh009.dat
+ 2009-07-14 17:58 . 2012-07-04 14:10	658988              c:\windows\system32\perfh007.dat
- 2009-07-14 17:58 . 2012-07-03 13:00	658988              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-07-04 14:10	108356              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-03 13:00	108356              c:\windows\system32\perfc009.dat
- 2009-07-14 17:58 . 2012-07-03 13:00	132558              c:\windows\system32\perfc007.dat
+ 2009-07-14 17:58 . 2012-07-04 14:10	132558              c:\windows\system32\perfc007.dat
+ 2009-07-14 05:01 . 2012-07-04 14:22	437504              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-03 15:21	437504              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-10-24 18:35 . 2012-07-04 14:22	3989904              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-10-24 18:35 . 2012-07-03 15:21	3989904              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-04-01 19:43 . 2012-07-03 15:21	18513512              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1131466703-3347830685-1441675820-1001-8192.dat
+ 2011-04-01 19:43 . 2012-07-04 14:22	18513512              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1131466703-3347830685-1441675820-1001-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2009-06-10 462736]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"BkupTray"="c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"PDFPrint"="c:\program files (x86)\pdf24\pdf24.exe" [2011-12-16 220744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-25 133104]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-07-30 20552]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-25 133104]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-24 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 e1yexpress;Intel(R) Gigabit-Netzwerkverbindungstreiber;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-25 09:46]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-25 09:46]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=110819&tt=290412_3_ctrl&babsrc=HP_ss&mntrId=8cec732b0000000000000022683b0975
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ehzit7aa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - file:///C:/Users/***/Documents/5_Schule/3000%20Unterricht%20RK%20Schule/Website/Unterrichtsmaterial_neu_2.htm|about:addons
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10x_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10x.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-04  16:27:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-04 14:27
ComboFix2.txt  2012-07-03 15:27
.
Vor Suchlauf: 20 Verzeichnis(se), 757.421.867.008 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 757.342.666.752 Bytes frei
.
- - End Of File - - 05509F6EC590BCF3A6BEE004C017952A
         
--- --- ---

Antwort

Themen zu Security shield - Logs von Malwarebytes
abgesicherte, abgesicherten, anwendung, fenster, große, hinaus, laufe, laufen, malwarebyte, malwarebytes, quick, rkill.com, security, security shield, shield, voll



Ähnliche Themen: Security shield - Logs von Malwarebytes


  1. security shield Windows XP entfernen - Malwarebytes bereits durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (5)
  2. Security Shield Virus und Malwarebytes findet keine Viren
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (3)
  3. Security Shield ganz weg nach Entfernen durch Malwarebytes Antimalware????
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (34)
  4. Security Shield
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (11)
  5. Security Shield eingefangen +LOGS (MB-AM,OTL,ESET)
    Log-Analyse und Auswertung - 27.07.2012 (3)
  6. Security Shield
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (15)
  7. My Security Shield
    Log-Analyse und Auswertung - 12.07.2012 (14)
  8. Security Shield 2012 Virus eingefangen - hier die Logs
    Log-Analyse und Auswertung - 03.07.2012 (3)
  9. Security Shield
    Plagegeister aller Art und deren Bekämpfung - 01.07.2012 (1)
  10. Security Shield
    Log-Analyse und Auswertung - 28.06.2012 (5)
  11. Nach Security Shield - Scan sind Kopien meiner Dateien da verursacht von Sec.Shield - Was tun ?
    Log-Analyse und Auswertung - 13.04.2012 (57)
  12. Security Shield ?
    Plagegeister aller Art und deren Bekämpfung - 25.03.2012 (17)
  13. Security shield
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (15)
  14. Production Security Services- Problem nach Security Shield Attacke
    Plagegeister aller Art und deren Bekämpfung - 18.03.2012 (14)
  15. personal shield pro - mit malwarebytes entfernt und 24 funde!
    Log-Analyse und Auswertung - 29.08.2011 (32)
  16. Security Shield
    Plagegeister aller Art und deren Bekämpfung - 27.05.2011 (1)
  17. Windows Security Alert - Malwarebytes, OTL, TDSS-Killer, Norman Logs
    Plagegeister aller Art und deren Bekämpfung - 17.08.2010 (2)

Zum Thema Security shield - Logs von Malwarebytes - Ich hatte Fenster von diesem security shield auf meinem Rechner. Was ich gemacht habe, ist "rkill.com" laufen zu lassen (hatte ich hier gelesen) und dann mit Malwarebytes zu prüfen. Einmal - Security shield - Logs von Malwarebytes...
Archiv
Du betrachtest: Security shield - Logs von Malwarebytes auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.