Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Live Security Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.07.2012, 21:49   #1
SebastianEF
 
Live Security Trojaner - Standard

Live Security Trojaner



Hallo zusammen

ich bin mal wieder betroffen von so nem sch... Trojaner Mist. Ich hatte auf einmal diesen Live Security dingens drauf. Habe das Deinstaliert und wer hätte das gedacht, das Virenprogramm schlägt Alarm.

Habe F-Secure "Kabel Deutschland Sicherheitspaket". Das schafft es aber nicht den Virus/Trojaner zu entfernen.

Habe Malewarebyte laufen lassen und OTT Logfiles gemacht. Hier sind sie.

Ich hoffe ihr könnt mir helfen. Ein großes Problem habe ich noch, ich bin nur noch bis Donnerstag Mittag in Deutschland.

Hier auch der ESET LOG

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ab2c14281f48974f84d33e949940486e
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-31 09:18:50
# local_time=2012-07-31 11:18:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=2304 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 66 94 30637942 95394471 0 0
# compatibility_mode=8192 67108863 100 0 279 279 0 0
# scanned=98124
# found=1
# cleaned=0
# scan_time=4909
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe    Win32/Toolbar.Widgi application (unable to clean)    00000000000000000000000000000000    I
         
Ich hoffe ihr könnt mir hier weiterhelfen. Danke schonmal. :-)
Angehängte Dateien
Dateityp: txt mbam-log-2012-07-31 (21-26-31).txt (3,5 KB, 162x aufgerufen)

Alt 04.08.2012, 00:58   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Trojaner - Standard

Live Security Trojaner



Was soll diese Post-Mischmasch?
Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 04.08.2012, 06:44   #3
SebastianEF
 
Live Security Trojaner - Standard

Live Security Trojaner



Sorry, ich habe mich an das gehalten was hier im Forum steht bei "was man ihr einem posting beachten soll" steht. Da steht das man die Logs Zippen soll und anhängen soll.

Ich bin jetzt bereits unterwegs, könnt ihr euch die logs bitte trotzdem anschauen.

Danke und Gruß Sebastian
__________________

Alt 04.08.2012, 15:14   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Trojaner - Standard

Live Security Trojaner



Ja leider steht das da nicht eindeutig, aber ich finde du könntest es wenigstens einheitlich posten und nicht ein Log in CODE-Tags und die anderen gezippt

Es ist immer von Vorteil, wenn die Logs direkt sichtbar in deinem Beitrag stehen also sei bitte so freundlich und poste alles in CODE-Tags
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.08.2012, 09:04   #5
SebastianEF
 
Live Security Trojaner - Standard

Live Security Trojaner



Ok kann ich aber leider erst in zwei Wochen machen :-( danke schonmal.


Alt 19.08.2012, 23:22   #6
SebastianEF
 
Live Security Trojaner - Standard

Live Security Trojaner



So. Ich bin zurück. Das Problem ist leider nicht verschwunden.

Hier mal die Logfiles in Code Tags:

Malwarebyte:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.19.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
xxxxxxx :: xxxxxxx-PC [Administrator]

Schutz: Aktiviert

19.08.2012 18:14:36
mbam-log-2012-08-19 (18-14-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 520905
Laufzeit: 1 Stunde(n), 42 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Installer\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\U\00000001.@ (RootKit.0Access.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.08.2012 23:14:04 - Run 4
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\XXXXXXXX\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
16,00 Gb Total Physical Memory | 12,22 Gb Available Physical Memory | 76,39% Memory free
31,99 Gb Paging File | 26,64 Gb Available in Paging File | 83,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 630,75 Gb Free Space | 67,72% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 1292,39 Gb Free Space | 69,37% Space Free | Partition Type: NTFS
 
Computer Name: XXXXXXXX-PC | User Name: XXXXXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XXXXXXXX\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\FSGK32.EXE (F-Secure Corporation)
PRC - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
PRC - C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe ()
PRC - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSHDLL32.EXE (F-Secure Corporation)
PRC - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe ()
MOD - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\de-DE\THXAudNB.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\ASRock Utility\AXTU\Bin\IccLibDll.DLL ()
MOD - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPC\fspcfsm.eng ()
MOD - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSGUI\strres.eng ()
MOD - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSGUI\gres.dll ()
MOD - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSGUI\fsavures.eng ()
MOD - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSGUI\flyerres.eng ()
MOD - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSGUI\aboutres.dll ()
MOD - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSGUI\about.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (FSORSPClient) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FSMA) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (fsbts) -- C:\Windows\SysNative\drivers\fsbts.sys ()
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (FSES) -- C:\Windows\SysNative\drivers\fses.sys (F-Secure Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (FSFW) -- C:\Windows\SysNative\drivers\fsdfw.sys (F-Secure Corporation)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (s1029unic) -- C:\Windows\SysNative\drivers\s1029unic.sys (MCCI Corporation)
DRV:64bit: - (s1029mgmt) -- C:\Windows\SysNative\drivers\s1029mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1029obex) -- C:\Windows\SysNative\drivers\s1029obex.sys (MCCI Corporation)
DRV:64bit: - (s1029mdm) -- C:\Windows\SysNative\drivers\s1029mdm.sys (MCCI Corporation)
DRV:64bit: - (s1029nd5) -- C:\Windows\SysNative\drivers\s1029nd5.sys (MCCI Corporation)
DRV:64bit: - (s1029mdfl) -- C:\Windows\SysNative\drivers\s1029mdfl.sys (MCCI Corporation)
DRV:64bit: - (s1029bus) -- C:\Windows\SysNative\drivers\s1029bus.sys (MCCI Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (F-Secure Gatekeeper) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\Windows\SysWOW64\drivers\fsbts.sys ()
DRV - (F-Secure HIPS) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\Win2K\FSfilter.sys ()
DRV - (F-Secure Recognizer) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\Win2K\FSrec.sys ()
DRV - (fsvista) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB 3D 16 B3 72 58 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "ACPro"
FF - prefs.js..browser.search.defaultenginename: "ACPro"
FF - prefs.js..browser.search.order.1: "ACPro"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "67.205.100.84"
FF - prefs.js..network.proxy.ftp_port: 54321
FF - prefs.js..network.proxy.http: "67.205.100.84"
FF - prefs.js..network.proxy.http_port: 54321
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "67.205.100.84"
FF - prefs.js..network.proxy.socks_port: 54321
FF - prefs.js..network.proxy.ssl: "67.205.100.84"
FF - prefs.js..network.proxy.ssl_port: 54321
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2012.07.13 14:06:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 19:21:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.26 16:40:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.08.12 19:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXXXX\AppData\Roaming\mozilla\Extensions
[2012.06.29 16:21:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXXXXX\AppData\Roaming\mozilla\Firefox\Profiles\wud1xmf8.default\extensions
[2011.12.19 13:34:19 | 000,000,933 | ---- | M] () -- C:\Users\XXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\wud1xmf8.default\searchplugins\11-suche.xml
[2011.12.19 13:34:19 | 000,002,419 | ---- | M] () -- C:\Users\XXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\wud1xmf8.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 13:34:19 | 000,010,525 | ---- | M] () -- C:\Users\XXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\wud1xmf8.default\searchplugins\gmx-suche.xml
[2012.08.19 17:56:12 | 000,001,056 | ---- | M] () -- C:\Users\XXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\wud1xmf8.default\searchplugins\icqplugin.xml
[2011.12.19 13:34:19 | 000,002,457 | ---- | M] () -- C:\Users\XXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\wud1xmf8.default\searchplugins\lastminute.xml
[2011.12.19 13:34:19 | 000,005,508 | ---- | M] () -- C:\Users\XXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\wud1xmf8.default\searchplugins\webde-suche.xml
[2012.03.17 17:18:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.11 20:52:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.13 14:06:27 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES (X86)\KABEL DEUTSCHLAND\SICHERHEITSPAKET\NRS\LITMUS-FF@F-SECURE.COM
[2012.07.20 19:21:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.28 10:17:52 | 000,003,189 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\acpro.xml
[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [ASRockXTU]  File not found
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKCU..\Run: [zASRockInstantBoot]  File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe -update plugin File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{911BCAE4-1F94-4BC2-A20A-6600047DC031}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f4b87915-f7cf-11e0-a7bb-002522dde3ee}\Shell - "" = AutoRun
O33 - MountPoints2\{f4b87915-f7cf-11e0-a7bb-002522dde3ee}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.19 18:12:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.31 21:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.31 21:52:05 | 002,322,184 | ---- | C] (ESET) -- C:\Users\XXXXXXXX\Desktop\esetsmartinstaller_enu.exe
[2012.07.31 21:43:58 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXX\Desktop\Logfiles
[2012.07.31 21:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.07.31 21:34:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.07.31 20:26:02 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\XXXXXXXX\Desktop\OTL.exe
[2012.07.31 20:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.31 20:19:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.31 20:19:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.31 18:11:50 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012.07.31 18:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\82C65AE60009963002E83220F875F002
[2012.07.31 14:38:49 | 000,000,000 | ---D | C] -- C:\Users\XXXXXXXX\Desktop\Reisemusik
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.19 23:15:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.19 23:00:31 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.19 22:49:09 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.19 22:49:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.19 19:37:37 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.08.19 19:37:37 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.08.19 18:18:52 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.19 18:18:52 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.19 18:10:52 | 000,001,527 | ---- | M] () -- C:\Windows\SysWow64\tversity.cookies
[2012.08.19 18:10:35 | 4291,538,942 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.19 18:01:48 | 000,056,016 | ---- | M] () -- C:\Windows\SysNative\drivers\fsbts.sys
[2012.07.31 21:52:10 | 002,322,184 | ---- | M] (ESET) -- C:\Users\XXXXXXXX\Desktop\esetsmartinstaller_enu.exe
[2012.07.31 21:44:12 | 000,043,678 | ---- | M] () -- C:\Users\XXXXXXXX\Desktop\Logfiles.zip
[2012.07.31 20:27:07 | 000,000,020 | ---- | M] () -- C:\Users\XXXXXXXX\defogger_reenable
[2012.07.31 20:26:04 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\XXXXXXXX\Desktop\OTL.exe
[2012.07.31 20:23:58 | 000,050,477 | ---- | M] () -- C:\Users\XXXXXXXX\Desktop\Defogger.exe
[2012.07.31 20:19:10 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.31 20:07:42 | 000,632,049 | ---- | M] () -- C:\Users\XXXXXXXX\Desktop\adwcleaner.exe
[2012.07.31 19:25:37 | 000,000,430 | ---- | M] () -- C:\Users\XXXXXXXX\Documents\cc_20120731_192535.reg
[2012.07.31 19:25:22 | 000,017,678 | ---- | M] () -- C:\Users\XXXXXXXX\Documents\cc_20120731_192515.reg
[2012.07.22 18:39:45 | 005,312,236 | ---- | M] () -- C:\Users\XXXXXXXX\Desktop\brotherhood-of-man-radio-edit_192.mp3
 
========== Files Created - No Company Name ==========
 
[2012.08.19 22:53:25 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\U\00000001.@
[2012.07.31 21:42:09 | 000,043,678 | ---- | C] () -- C:\Users\XXXXXXXX\Desktop\Logfiles.zip
[2012.07.31 20:27:07 | 000,000,020 | ---- | C] () -- C:\Users\XXXXXXXX\defogger_reenable
[2012.07.31 20:23:57 | 000,050,477 | ---- | C] () -- C:\Users\XXXXXXXX\Desktop\Defogger.exe
[2012.07.31 20:19:10 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.31 20:07:40 | 000,632,049 | ---- | C] () -- C:\Users\XXXXXXXX\Desktop\adwcleaner.exe
[2012.07.31 19:25:36 | 000,000,430 | ---- | C] () -- C:\Users\XXXXXXXX\Documents\cc_20120731_192535.reg
[2012.07.31 19:25:17 | 000,017,678 | ---- | C] () -- C:\Users\XXXXXXXX\Documents\cc_20120731_192515.reg
[2012.07.22 18:39:30 | 005,312,236 | ---- | C] () -- C:\Users\XXXXXXXX\Desktop\brotherhood-of-man-radio-edit_192.mp3
[2012.06.28 17:22:55 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2012.05.27 22:49:13 | 000,033,408 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.01.12 21:35:10 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\@
[2012.01.12 21:35:10 | 000,002,048 | -HS- | C] () -- C:\Users\XXXXXXXX\AppData\Local\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\@
[2011.11.26 17:27:02 | 000,000,000 | ---- | C] () -- C:\Users\XXXXXXXX\AppData\Local\{364E4116-CC3D-4256-835A-D58ACDD08E39}
[2011.11.01 22:57:50 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.01 22:57:48 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.16 12:34:46 | 000,021,504 | ---- | C] () -- C:\Users\XXXXXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.04 22:52:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.09.28 08:01:40 | 000,001,001 | ---- | C] () -- C:\Windows\wiso.ini
[2011.08.12 20:41:06 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.08.12 20:00:21 | 001,550,390 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.12 00:30:29 | 000,007,598 | ---- | C] () -- C:\Users\XXXXXXXX\AppData\Local\Resmon.ResmonCfg
[2011.08.12 00:03:14 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011.08.12 00:03:14 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011.08.12 00:03:14 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011.08.12 00:03:13 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.08.12 00:03:13 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

< End of report >
         
--- --- ---

Extra:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.08.2012 23:14:04 - Run 4
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\XXXXXXX\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
16,00 Gb Total Physical Memory | 12,22 Gb Available Physical Memory | 76,39% Memory free
31,99 Gb Paging File | 26,64 Gb Available in Paging File | 83,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 630,75 Gb Free Space | 67,72% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 1292,39 Gb Free Space | 69,37% Space Free | Partition Type: NTFS
 
Computer Name: XXXXXXX-PC | User Name: XXXXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2770B8D8-701A-1D22-635F-8711DFC06B92}" = ATI Catalyst Install Manager
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 8.00
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock App Charger_is1" = ASRock App Charger v1.0.5
"Canon SELPHY CP510" = Canon SELPHY CP510
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"PhotomatixPro41x64_is1" = Photomatix Pro version 4.1.3
"sp6" = Logitech SetPoint 6.30
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer 2011
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FFC4C2D-374D-482B-AA58-67282CE23695}" = AquaSoft DiaShow 7 Premium
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E16D939E-1E8B-44ca-A57A-9A8768BFAA0E}_is1" = 4Videosoft iPhone Transfer Platinum 5.0.16
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"1489-3350-5074-6281" = JDownloader 0.9
"4U Download YouTube Video_is1" = 4U Download YouTube Video (version 4.8.0)
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AquaSoft DiaShow 7 Premium" = AquaSoft DiaShow 7 Premium
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.91
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.28
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"dm-Fotowelt" = dm-Fotowelt
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"F-Secure Product 444" = Kabel Sicherheitspaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NAVIGON Sync" = NAVIGON Sync 2.0.0
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"Origin" = Origin
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"PunkBusterSvc" = PunkBuster Services
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 6" = TeamViewer 6
"TVersity Codec Pack" = TVersity Codec Pack 1.7
"TVersity Media Server" = TVersity Media Server 1.9.7
"VLC media player" = VLC media player 2.0.2
"XFastUsb" = XFastUsb
"YTdetect" = Yahoo! Detect
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.04.2012 06:23:46 | Computer Name = XXXXXXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.04.2012 04:04:55 | Computer Name = XXXXXXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.04.2012 13:04:35 | Computer Name = XXXXXXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.04.2012 16:24:23 | Computer Name = XXXXXXX-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 09.04.2012 04:49:33 | Computer Name = XXXXXXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.04.2012 12:09:36 | Computer Name = XXXXXXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.04.2012 15:43:31 | Computer Name = XXXXXXX-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 10.04.2012 00:14:53 | Computer Name = XXXXXXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.04.2012 12:55:43 | Computer Name = XXXXXXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.04.2012 12:42:48 | Computer Name = XXXXXXX-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 12.02.2012 05:07:34 | Computer Name = XXXXXXX-PC | Source = Microsoft Antimalware | ID = 3002
Description = Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

	Feature:
 %%835     Fehlercode: 0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Grund: %%842
 
Error - 12.02.2012 12:44:26 | Computer Name = XXXXXXX-PC | Source = Microsoft Antimalware | ID = 3002
Description = Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

	Feature:
 %%835     Fehlercode: 0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Grund: %%842
 
Error - 13.02.2012 01:24:02 | Computer Name = XXXXXXX-PC | Source = Microsoft Antimalware | ID = 3002
Description = Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

	Feature:
 %%835     Fehlercode: 0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Grund: %%842
 
Error - 14.02.2012 13:41:49 | Computer Name = XXXXXXX-PC | Source = Microsoft Antimalware | ID = 3002
Description = Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

	Feature:
 %%835     Fehlercode: 0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Grund: %%842
 
Error - 15.02.2012 13:45:00 | Computer Name = XXXXXXX-PC | Source = Microsoft Antimalware | ID = 3002
Description = Vom Echtzeitschutz-Feature von %%860 wurde ein Fehler festgestellt

	Feature:
 %%835     Fehlercode: 0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Grund: %%842
 
 
< End of report >
         
--- --- ---

[/code]

Alt 20.08.2012, 22:54   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Trojaner - Standard

Live Security Trojaner



adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.08.2012, 23:11   #8
SebastianEF
 
Live Security Trojaner - Standard

Live Security Trojaner



Hier der adw Cleaner Log:

Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 08/20/2012 at 23:07:42
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : XXXXXXX - XXXXXXX-PC
# Running from : C:\Users\XXXXXXX\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\XXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\wud1xmf8.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6554 octets] - [31/07/2012 20:08:47]
AdwCleaner[R2].txt - [6614 octets] - [31/07/2012 20:08:54]
AdwCleaner[S1].txt - [5248 octets] - [31/07/2012 20:09:05]
AdwCleaner[R3].txt - [1008 octets] - [20/08/2012 23:07:10]
AdwCleaner[R4].txt - [940 octets] - [20/08/2012 23:07:42]

########## EOF - C:\AdwCleaner[R4].txt - [1067 octets] ##########
         

Im Übrigen meldet mein Virenprogramm die folgenden Trojaner: "Trojan.Sirefef.HH" und "Trojan.Generic.7656944". Das widerholt sich ständig. Das Virenprogramm meldet das sie erfolgreich gelöscht wurden und dann sind sie wieder da.

Danke dir schon mal für dein Hilfe.

Eben ist was sehr merkwürdiges passiert. Mein Rechner war an und spielte Musik obwohl kein Player an war und auch die Musik nicht von mir war. Die musik fing nicht sofort an, erst nach mehreren stunden. Kann das der Trojaner gewesen sein?

Alt 21.08.2012, 14:07   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Trojaner - Standard

Live Security Trojaner



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.08.2012, 18:02   #10
SebastianEF
 
Live Security Trojaner - Standard

Live Security Trojaner



Hier der Log

Code:
ATTFilter
OTL logfile created on: 21.08.2012 17:44:54 - Run 5
OTL by OldTimer - Version 3.2.58.1     Folder = C:\Users\xxxxxxxxxx\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
16,00 Gb Total Physical Memory | 13,75 Gb Available Physical Memory | 85,94% Memory free
31,99 Gb Paging File | 29,57 Gb Available in Paging File | 92,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 716,06 Gb Free Space | 76,88% Space Free | Partition Type: NTFS
 
Computer Name: xxxxxxxxxx-PC | User Name: xxxxxxxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxxxxxxxxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\FSGK32.EXE (F-Secure Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
PRC - C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe ()
PRC - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSLAUNCH.EXE (F-Secure Corporation)
PRC - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\ASRock Utility\AXTU\Bin\AsrXTU.exe ()
MOD - C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\de-DE\THXAudNB.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\ASRock Utility\AXTU\Bin\IccLibDll.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (FSORSPClient) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NisSrv) -- C:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FSMA) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSDFWD) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (fsbts) -- C:\Windows\SysNative\drivers\fsbts.sys ()
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (FSES) -- C:\Windows\SysNative\drivers\fses.sys (F-Secure Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (FNETTBOH_305) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (FNETURPX) -- C:\Windows\SysNative\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV:64bit: - (AsrAppCharger) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (FSFW) -- C:\Windows\SysNative\drivers\fsdfw.sys (F-Secure Corporation)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (s1029unic) -- C:\Windows\SysNative\drivers\s1029unic.sys (MCCI Corporation)
DRV:64bit: - (s1029mgmt) -- C:\Windows\SysNative\drivers\s1029mgmt.sys (MCCI Corporation)
DRV:64bit: - (s1029obex) -- C:\Windows\SysNative\drivers\s1029obex.sys (MCCI Corporation)
DRV:64bit: - (s1029mdm) -- C:\Windows\SysNative\drivers\s1029mdm.sys (MCCI Corporation)
DRV:64bit: - (s1029nd5) -- C:\Windows\SysNative\drivers\s1029nd5.sys (MCCI Corporation)
DRV:64bit: - (s1029mdfl) -- C:\Windows\SysNative\drivers\s1029mdfl.sys (MCCI Corporation)
DRV:64bit: - (s1029bus) -- C:\Windows\SysNative\drivers\s1029bus.sys (MCCI Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (F-Secure Gatekeeper) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys ()
DRV - (fsbts) -- C:\Windows\SysWOW64\drivers\fsbts.sys ()
DRV - (F-Secure HIPS) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (F-Secure Filter) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\Win2K\FSfilter.sys ()
DRV - (F-Secure Recognizer) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\Win2K\FSrec.sys ()
DRV - (fsvista) -- C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB 3D 16 B3 72 58 CC 01  [binary data]
IE - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "ACPro"
FF - prefs.js..browser.search.defaultenginename: "ACPro"
FF - prefs.js..browser.search.order.1: "ACPro"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "67.205.100.84"
FF - prefs.js..network.proxy.ftp_port: 54321
FF - prefs.js..network.proxy.http: "67.205.100.84"
FF - prefs.js..network.proxy.http_port: 54321
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "67.205.100.84"
FF - prefs.js..network.proxy.socks_port: 54321
FF - prefs.js..network.proxy.ssl: "67.205.100.84"
FF - prefs.js..network.proxy.ssl_port: 54321
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2012.07.13 14:06:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 19:21:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.26 16:40:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.08.12 19:32:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxxxxxx\AppData\Roaming\mozilla\Extensions
[2012.06.29 16:21:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\wud1xmf8.default\extensions
[2011.12.19 13:34:19 | 000,000,933 | ---- | M] () -- C:\Users\xxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\wud1xmf8.default\searchplugins\11-suche.xml
[2011.12.19 13:34:19 | 000,002,419 | ---- | M] () -- C:\Users\xxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\wud1xmf8.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 13:34:19 | 000,010,525 | ---- | M] () -- C:\Users\xxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\wud1xmf8.default\searchplugins\gmx-suche.xml
[2012.08.19 17:56:12 | 000,001,056 | ---- | M] () -- C:\Users\xxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\wud1xmf8.default\searchplugins\icqplugin.xml
[2011.12.19 13:34:19 | 000,002,457 | ---- | M] () -- C:\Users\xxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\wud1xmf8.default\searchplugins\lastminute.xml
[2011.12.19 13:34:19 | 000,005,508 | ---- | M] () -- C:\Users\xxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\wud1xmf8.default\searchplugins\webde-suche.xml
[2012.03.17 17:18:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.11 20:52:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.13 14:06:27 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES (X86)\KABEL DEUTSCHLAND\SICHERHEITSPAKET\NRS\LITMUS-FF@F-SECURE.COM
[2012.07.20 19:21:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.28 10:17:52 | 000,003,189 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\acpro.xml
[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000..\Run: [ASRockXTU]  File not found
O4 - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000..\Run: [zASRockInstantBoot]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{911BCAE4-1F94-4BC2-A20A-6600047DC031}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f4b87915-f7cf-11e0-a7bb-002522dde3ee}\Shell - "" = AutoRun
O33 - MountPoints2\{f4b87915-f7cf-11e0-a7bb-002522dde3ee}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BFE - Service
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: MsMpSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: MsMpSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.21 17:41:47 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\xxxxxxxxxx\Desktop\OTL.exe
[2012.08.19 18:12:47 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.31 21:52:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.31 21:52:05 | 002,322,184 | ---- | C] (ESET) -- C:\Users\xxxxxxxxxx\Desktop\esetsmartinstaller_enu.exe
[2012.07.31 21:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.07.31 21:34:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.07.31 20:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.31 20:19:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.31 20:19:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.31 18:11:50 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012.07.31 18:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\82C65AE60009963002E83220F875F002
[2012.07.31 14:38:49 | 000,000,000 | ---D | C] -- C:\Users\xxxxxxxxxx\Desktop\Reisemusik
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.21 17:45:59 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.21 17:45:59 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.21 17:41:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxxxxxxx\Desktop\OTL.exe
[2012.08.21 17:38:54 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.21 17:38:53 | 000,001,527 | ---- | M] () -- C:\Windows\SysWow64\tversity.cookies
[2012.08.21 17:38:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.21 17:38:40 | 4291,538,942 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.21 10:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.21 00:15:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.19 18:01:48 | 000,056,016 | ---- | M] () -- C:\Windows\SysNative\drivers\fsbts.sys
[2012.07.31 21:52:10 | 002,322,184 | ---- | M] (ESET) -- C:\Users\xxxxxxxxxx\Desktop\esetsmartinstaller_enu.exe
[2012.07.31 21:44:12 | 000,043,678 | ---- | M] () -- C:\Users\xxxxxxxxxx\Desktop\Logfiles.zip
[2012.07.31 20:27:07 | 000,000,020 | ---- | M] () -- C:\Users\xxxxxxxxxx\defogger_reenable
[2012.07.31 20:23:58 | 000,050,477 | ---- | M] () -- C:\Users\xxxxxxxxxx\Desktop\Defogger.exe
[2012.07.31 20:19:10 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.31 20:07:42 | 000,632,049 | ---- | M] () -- C:\Users\xxxxxxxxxx\Desktop\adwcleaner.exe
[2012.07.31 19:25:37 | 000,000,430 | ---- | M] () -- C:\Users\xxxxxxxxxx\Documents\cc_20120731_192535.reg
[2012.07.31 19:25:22 | 000,017,678 | ---- | M] () -- C:\Users\xxxxxxxxxx\Documents\cc_20120731_192515.reg
 
========== Files Created - No Company Name ==========
 
[2012.08.19 23:42:31 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\U\00000001.@
[2012.07.31 21:42:09 | 000,043,678 | ---- | C] () -- C:\Users\xxxxxxxxxx\Desktop\Logfiles.zip
[2012.07.31 20:27:07 | 000,000,020 | ---- | C] () -- C:\Users\xxxxxxxxxx\defogger_reenable
[2012.07.31 20:23:57 | 000,050,477 | ---- | C] () -- C:\Users\xxxxxxxxxx\Desktop\Defogger.exe
[2012.07.31 20:19:10 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.31 20:07:40 | 000,632,049 | ---- | C] () -- C:\Users\xxxxxxxxxx\Desktop\adwcleaner.exe
[2012.07.31 19:25:36 | 000,000,430 | ---- | C] () -- C:\Users\xxxxxxxxxx\Documents\cc_20120731_192535.reg
[2012.07.31 19:25:17 | 000,017,678 | ---- | C] () -- C:\Users\xxxxxxxxxx\Documents\cc_20120731_192515.reg
[2012.06.28 17:22:55 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2012.05.27 22:49:13 | 000,033,408 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.01.12 21:35:10 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\@
[2012.01.12 21:35:10 | 000,002,048 | -HS- | C] () -- C:\Users\xxxxxxxxxx\AppData\Local\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\@
[2011.11.26 17:27:02 | 000,000,000 | ---- | C] () -- C:\Users\xxxxxxxxxx\AppData\Local\{364E4116-CC3D-4256-835A-D58ACDD08E39}
[2011.11.01 22:57:50 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.11.01 22:57:48 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.10.16 12:34:46 | 000,021,504 | ---- | C] () -- C:\Users\xxxxxxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.04 22:52:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.09.28 08:01:40 | 000,001,001 | ---- | C] () -- C:\Windows\wiso.ini
[2011.08.12 20:41:06 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.08.12 20:00:21 | 001,550,390 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.12 00:30:29 | 000,007,598 | ---- | C] () -- C:\Users\xxxxxxxxxx\AppData\Local\Resmon.ResmonCfg
[2011.08.12 00:03:14 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011.08.12 00:03:14 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011.08.12 00:03:14 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011.08.12 00:03:13 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.08.12 00:03:13 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
 
========== LOP Check ==========
 
[2012.01.13 19:37:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\AquaSoft
[2011.09.01 19:17:51 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Ashampoo
[2011.09.28 07:53:17 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Buhl Data Service
[2011.09.24 19:27:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.08.12 22:27:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.10.31 11:28:53 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\HDRsoft
[2011.11.17 23:13:51 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\ICQ
[2011.08.12 00:19:11 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Leadertech
[2012.05.27 09:55:21 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\libimobiledevice
[2012.05.27 09:55:17 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\log
[2012.07.16 20:19:07 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\NAVIGON
[2011.11.02 21:08:55 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Origin
[2011.10.16 11:17:29 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Sony
[2011.10.16 11:19:00 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Sony Setup
[2012.02.25 13:45:12 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.10.23 17:54:23 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Thinstall
[2011.08.12 20:09:08 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Thunderbird
[2012.04.16 20:03:32 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\TS3Client
[2011.10.16 12:28:12 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\XMedia Recode
[2012.06.16 13:52:33 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.05 00:00:57 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Adobe
[2012.02.25 13:45:12 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Adobe Mini Bridge CS5
[2012.05.27 09:36:37 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Apple Computer
[2012.01.13 19:37:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\AquaSoft
[2011.09.01 19:17:51 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Ashampoo
[2011.09.28 07:53:17 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Buhl Data Service
[2011.09.24 19:27:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.08.12 22:27:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.02.04 12:35:28 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\dvdcss
[2011.10.31 11:28:53 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\HDRsoft
[2011.11.17 23:13:51 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\ICQ
[2011.08.11 23:54:09 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Identities
[2011.08.12 00:19:11 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Leadertech
[2012.05.27 09:55:21 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\libimobiledevice
[2012.05.27 09:55:17 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\log
[2011.08.12 00:18:00 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Logishrd
[2011.08.12 00:19:24 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Logitech
[2011.08.12 00:06:00 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Macromedia
[2011.11.26 17:58:34 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Malwarebytes
[2010.11.21 09:00:23 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Media Center Programs
[2011.11.10 19:39:28 | 000,000,000 | --SD | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Microsoft
[2011.08.12 19:32:40 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Mozilla
[2012.07.16 20:19:07 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\NAVIGON
[2011.08.31 21:49:26 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Nero
[2011.08.13 01:22:59 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\NVIDIA
[2011.11.02 21:08:55 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Origin
[2012.07.31 19:24:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Skype
[2011.10.16 11:17:29 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Sony
[2011.10.16 11:19:00 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Sony Setup
[2012.02.25 13:45:12 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.10.23 17:54:23 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Thinstall
[2011.08.12 20:09:08 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\Thunderbird
[2012.04.16 20:03:32 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\TS3Client
[2012.08.20 15:38:19 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\vlc
[2011.09.18 14:54:57 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\WinRAR
[2011.10.16 12:28:12 | 000,000,000 | ---D | M] -- C:\Users\xxxxxxxxxx\AppData\Roaming\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2012.03.05 00:03:27 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\xxxxxxxxxx\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.08.12 00:19:11 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\xxxxxxxxxx\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.11.21 05:25:10 | 011,410,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll

< End of report >
         

Alt 30.08.2012, 12:47   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Trojaner - Standard

Live Security Trojaner



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
FF - prefs.js..browser.search.defaultengine: "ACPro"
FF - prefs.js..browser.search.defaultenginename: "ACPro"
FF - prefs.js..browser.search.order.1: "ACPro"
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "67.205.100.84"
FF - prefs.js..network.proxy.ftp_port: 54321
FF - prefs.js..network.proxy.http: "67.205.100.84"
FF - prefs.js..network.proxy.http_port: 54321
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "67.205.100.84"
FF - prefs.js..network.proxy.socks_port: 54321
FF - prefs.js..network.proxy.ssl: "67.205.100.84"
FF - prefs.js..network.proxy.ssl_port: 54321
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
[2012.08.19 17:56:12 | 000,001,056 | ---- | M] () -- C:\Users\xxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\wud1xmf8.default\searchplugins\icqplugin.xml
O4 - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000..\Run: [ASRockXTU]  File not found
O4 - HKU\S-1-5-21-1970953730-3662646717-2153892165-1000..\Run: [zASRockInstantBoot]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f4b87915-f7cf-11e0-a7bb-002522dde3ee}\Shell - "" = AutoRun
O33 - MountPoints2\{f4b87915-f7cf-11e0-a7bb-002522dde3ee}\Shell\AutoRun\command - "" = F:\Startme.exe
:Files
C:\ProgramData\82C65AE60009963002E83220F875F002
C:\Windows\Installer\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\U
C:\Windows\Installer\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\n
C:\Windows\Installer\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\L
C:\Windows\Installer\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\@
C:\Users\xxxxxxxxxx\AppData\Local\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\U
C:\Users\xxxxxxxxxx\AppData\Local\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\n
C:\Users\xxxxxxxxxx\AppData\Local\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\L
C:\Users\xxxxxxxxxx\AppData\Local\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\@
C:\Program Files (x86)\PDFCreator\Toolbar
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.08.2012, 17:49   #12
SebastianEF
 
Live Security Trojaner - Standard

Live Security Trojaner



Hi Cosinus. Willkommen zurück aus dem Urlaub. Ich hoffe du konntest entspannen und nicht nicht ganze Zeit an die blöden Trojaner denken

Danke das du dich wieder gleich an mein Thema gestürzt hast. Ich habe noch eine externe Festplatte die ich nach einer Datensicherung ausgemacht habe. Könnte da ggf. noch was infiziertes drauf sein`

Hier die Log nach dem Fix. (bisher meckert mein Virenprogramm nicht)

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1970953730-3662646717-2153892165-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-1970953730-3662646717-2153892165-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1970953730-3662646717-2153892165-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Prefs.js: "ACPro" removed from browser.search.defaultengine
Prefs.js: "ACPro" removed from browser.search.defaultenginename
Prefs.js: "ACPro" removed from browser.search.order.1
Prefs.js: "" removed from network.proxy.backup.ftp
Prefs.js: 0 removed from network.proxy.backup.ftp_port
Prefs.js: "" removed from network.proxy.backup.socks
Prefs.js: 0 removed from network.proxy.backup.socks_port
Prefs.js: "" removed from network.proxy.backup.ssl
Prefs.js: 0 removed from network.proxy.backup.ssl_port
Prefs.js: "67.205.100.84" removed from network.proxy.ftp
Prefs.js: 54321 removed from network.proxy.ftp_port
Prefs.js: "67.205.100.84" removed from network.proxy.http
Prefs.js: 54321 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "67.205.100.84" removed from network.proxy.socks
Prefs.js: 54321 removed from network.proxy.socks_port
Prefs.js: "67.205.100.84" removed from network.proxy.ssl
Prefs.js: 54321 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
C:\Users\XXXXXXXXX\AppData\Roaming\Mozilla\Firefox\Profiles\wud1xmf8.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-1970953730-3662646717-2153892165-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1970953730-3662646717-2153892165-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockXTU deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1970953730-3662646717-2153892165-1000\Software\Microsoft\Windows\CurrentVersion\Run\\zASRockInstantBoot deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4b87915-f7cf-11e0-a7bb-002522dde3ee}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4b87915-f7cf-11e0-a7bb-002522dde3ee}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4b87915-f7cf-11e0-a7bb-002522dde3ee}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4b87915-f7cf-11e0-a7bb-002522dde3ee}\ not found.
File F:\Startme.exe not found.
========== FILES ==========
C:\ProgramData\82C65AE60009963002E83220F875F002 folder moved successfully.
C:\Windows\Installer\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\U folder moved successfully.
File\Folder C:\Windows\Installer\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\n not found.
C:\Windows\Installer\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\L folder moved successfully.
C:\Windows\Installer\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\@ moved successfully.
C:\Users\XXXXXXXXX\AppData\Local\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\U folder moved successfully.
File\Folder C:\Users\XXXXXXXXX\AppData\Local\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\n not found.
C:\Users\XXXXXXXXX\AppData\Local\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\L folder moved successfully.
C:\Users\XXXXXXXXX\AppData\Local\{85d6d1d7-cef8-3bc8-917e-5a9e4c4a4375}\@ moved successfully.
C:\Program Files (x86)\PDFCreator\Toolbar folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: XXXXXXXXX
->Temp folder emptied: 13233861 bytes
->Temporary Internet Files folder emptied: 28332716 bytes
->Java cache emptied: 424 bytes
->FireFox cache emptied: 121074413 bytes
->Flash cache emptied: 57174 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 74085819 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 226,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: XXXXXXXXX
->Flash cache emptied: 0 bytes
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.58.1 log created on 08302012_174058

Files\Folders moved on Reboot...
C:\Users\XXXXXXXXX\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         



EDIT: Mein Virenprogramm meldet nun doch wieder einen Virus: W64/ZeroAccess.B

unter dem Pfad: C:\Windows\System32

Wenn ich meinen Rechner neu starte werden meine Desktopsymbole größer angezeigt. Wenn ich das wieder auf "klein" ändere sind sie nach einem Neustart wieder groß.

Geändert von SebastianEF (30.08.2012 um 18:07 Uhr)

Alt 30.08.2012, 20:17   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Trojaner - Standard

Live Security Trojaner



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.08.2012, 20:42   #14
SebastianEF
 
Live Security Trojaner - Standard

Live Security Trojaner



TDSS Killer hat auch den Virus identifiziert.

Code:
ATTFilter
20:34:42.0068 4688  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
20:34:42.0973 4688  ============================================================
20:34:42.0973 4688  Current date / time: 2012/08/30 20:34:42.0973
20:34:42.0973 4688  SystemInfo:
20:34:42.0973 4688  
20:34:42.0973 4688  OS Version: 6.1.7601 ServicePack: 1.0
20:34:42.0973 4688  Product type: Workstation
20:34:42.0973 4688  ComputerName: SEPP-PC
20:34:42.0973 4688  UserName: Sepp
20:34:42.0973 4688  Windows directory: C:\Windows
20:34:42.0973 4688  System windows directory: C:\Windows
20:34:42.0973 4688  Running under WOW64
20:34:42.0973 4688  Processor architecture: Intel x64
20:34:42.0973 4688  Number of processors: 6
20:34:42.0973 4688  Page size: 0x1000
20:34:42.0973 4688  Boot type: Normal boot
20:34:42.0973 4688  ============================================================
20:34:44.0986 4688  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:34:45.0001 4688  ============================================================
20:34:45.0001 4688  \Device\Harddisk0\DR0:
20:34:45.0001 4688  MBR partitions:
20:34:45.0001 4688  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:34:45.0001 4688  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
20:34:45.0001 4688  ============================================================
20:34:45.0048 4688  C: <-> \Device\Harddisk0\DR0\Partition2
20:34:45.0048 4688  ============================================================
20:34:45.0048 4688  Initialize success
20:34:45.0048 4688  ============================================================
20:36:07.0993 4224  ============================================================
20:36:07.0993 4224  Scan started
20:36:07.0993 4224  Mode: Manual; SigCheck; TDLFS; 
20:36:07.0993 4224  ============================================================
20:36:08.0742 4224  ================ Scan system memory ========================
20:36:08.0742 4224  System memory - ok
20:36:08.0742 4224  ================ Scan services =============================
20:36:08.0836 4224  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
20:36:08.0883 4224  1394ohci - ok
20:36:08.0898 4224  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:36:08.0914 4224  ACPI - ok
20:36:08.0929 4224  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:36:08.0976 4224  AcpiPmi - ok
20:36:09.0070 4224  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:36:09.0070 4224  AdobeARMservice - ok
20:36:09.0210 4224  [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:36:09.0226 4224  AdobeFlashPlayerUpdateSvc - ok
20:36:09.0241 4224  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:36:09.0257 4224  adp94xx - ok
20:36:09.0257 4224  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:36:09.0273 4224  adpahci - ok
20:36:09.0288 4224  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:36:09.0304 4224  adpu320 - ok
20:36:09.0319 4224  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:36:09.0382 4224  AeLookupSvc - ok
20:36:09.0444 4224  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:36:09.0460 4224  AFD - ok
20:36:09.0475 4224  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:36:09.0475 4224  agp440 - ok
20:36:09.0491 4224  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:36:09.0538 4224  ALG - ok
20:36:09.0569 4224  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:36:09.0569 4224  aliide - ok
20:36:09.0585 4224  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:36:09.0585 4224  amdide - ok
20:36:09.0616 4224  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:36:09.0631 4224  AmdK8 - ok
20:36:09.0631 4224  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:36:09.0647 4224  AmdPPM - ok
20:36:09.0678 4224  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:36:09.0678 4224  amdsata - ok
20:36:09.0694 4224  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:36:09.0709 4224  amdsbs - ok
20:36:09.0741 4224  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:36:09.0741 4224  amdxata - ok
20:36:09.0741 4224  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:36:09.0819 4224  AppID - ok
20:36:09.0834 4224  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:36:09.0850 4224  AppIDSvc - ok
20:36:09.0881 4224  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:36:09.0928 4224  Appinfo - ok
20:36:10.0021 4224  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:36:10.0037 4224  Apple Mobile Device - ok
20:36:10.0037 4224  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
20:36:10.0037 4224  arc - ok
20:36:10.0053 4224  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:36:10.0053 4224  arcsas - ok
20:36:10.0099 4224  [ 6FE3237C1177E66437E7AD0E8AC1A6E5 ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
20:36:10.0131 4224  asmthub3 - ok
20:36:10.0162 4224  [ C4043E39A2ABBC56581CA25DF161E9F7 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
20:36:10.0177 4224  asmtxhci - ok
20:36:10.0193 4224  [ E1AFEE1584C74050DE0DD16DE2A54BF3 ] AsrAppCharger   C:\Windows\system32\DRIVERS\AsrAppCharger.sys
20:36:10.0193 4224  AsrAppCharger - ok
20:36:10.0224 4224  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:36:10.0255 4224  AsyncMac - ok
20:36:10.0287 4224  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:36:10.0287 4224  atapi - ok
20:36:10.0318 4224  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:36:10.0365 4224  AudioEndpointBuilder - ok
20:36:10.0365 4224  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:36:10.0396 4224  AudioSrv - ok
20:36:10.0427 4224  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:36:10.0458 4224  AxInstSV - ok
20:36:10.0489 4224  AxtuDrv - ok
20:36:10.0489 4224  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:36:10.0505 4224  b06bdrv - ok
20:36:10.0521 4224  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:36:10.0552 4224  b57nd60a - ok
20:36:10.0567 4224  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:36:10.0583 4224  BDESVC - ok
20:36:10.0599 4224  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:36:10.0630 4224  Beep - ok
20:36:10.0630 4224  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:36:10.0630 4224  blbdrive - ok
20:36:10.0708 4224  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:36:10.0708 4224  Bonjour Service - ok
20:36:10.0723 4224  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:36:10.0755 4224  bowser - ok
20:36:10.0770 4224  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:36:10.0786 4224  BrFiltLo - ok
20:36:10.0801 4224  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:36:10.0801 4224  BrFiltUp - ok
20:36:10.0817 4224  [ 8EF0D5C41EC907751B8429162B1239ED ] Browser         C:\Windows\System32\browser.dll
20:36:10.0833 4224  Browser - ok
20:36:10.0848 4224  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:36:10.0879 4224  Brserid - ok
20:36:10.0926 4224  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:36:10.0957 4224  BrSerWdm - ok
20:36:11.0004 4224  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:36:11.0020 4224  BrUsbMdm - ok
20:36:11.0035 4224  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:36:11.0051 4224  BrUsbSer - ok
20:36:11.0067 4224  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:36:11.0082 4224  BTHMODEM - ok
20:36:11.0098 4224  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:36:11.0113 4224  bthserv - ok
20:36:11.0129 4224  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:36:11.0160 4224  cdfs - ok
20:36:11.0176 4224  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:36:11.0191 4224  cdrom - ok
20:36:11.0207 4224  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:36:11.0238 4224  CertPropSvc - ok
20:36:11.0269 4224  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
20:36:11.0285 4224  circlass - ok
20:36:11.0301 4224  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:36:11.0301 4224  CLFS - ok
20:36:11.0363 4224  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:36:11.0363 4224  clr_optimization_v2.0.50727_32 - ok
20:36:11.0410 4224  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:36:11.0410 4224  clr_optimization_v2.0.50727_64 - ok
20:36:11.0472 4224  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:36:11.0488 4224  clr_optimization_v4.0.30319_32 - ok
20:36:11.0535 4224  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:36:11.0550 4224  clr_optimization_v4.0.30319_64 - ok
20:36:11.0581 4224  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
20:36:11.0597 4224  CmBatt - ok
20:36:11.0613 4224  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:36:11.0613 4224  cmdide - ok
20:36:11.0659 4224  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
20:36:11.0675 4224  CNG - ok
20:36:11.0706 4224  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:36:11.0706 4224  Compbatt - ok
20:36:11.0722 4224  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:36:11.0737 4224  CompositeBus - ok
20:36:11.0737 4224  COMSysApp - ok
20:36:11.0753 4224  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:36:11.0753 4224  crcdisk - ok
20:36:11.0800 4224  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:36:11.0815 4224  CryptSvc - ok
20:36:11.0847 4224  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:36:11.0878 4224  DcomLaunch - ok
20:36:11.0909 4224  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:36:11.0925 4224  defragsvc - ok
20:36:11.0956 4224  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:36:11.0987 4224  DfsC - ok
20:36:12.0003 4224  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:36:12.0034 4224  Dhcp - ok
20:36:12.0049 4224  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:36:12.0081 4224  discache - ok
20:36:12.0096 4224  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
20:36:12.0112 4224  Disk - ok
20:36:12.0127 4224  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:36:12.0159 4224  Dnscache - ok
20:36:12.0174 4224  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:36:12.0205 4224  dot3svc - ok
20:36:12.0237 4224  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:36:12.0283 4224  DPS - ok
20:36:12.0315 4224  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:36:12.0346 4224  drmkaud - ok
20:36:12.0361 4224  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:36:12.0377 4224  DXGKrnl - ok
20:36:12.0424 4224  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:36:12.0439 4224  EapHost - ok
20:36:12.0517 4224  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:36:12.0580 4224  ebdrv - ok
20:36:12.0611 4224  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:36:12.0611 4224  EFS - ok
20:36:12.0658 4224  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:36:12.0705 4224  ehRecvr - ok
20:36:12.0720 4224  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:36:12.0736 4224  ehSched - ok
20:36:12.0751 4224  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:36:12.0767 4224  elxstor - ok
20:36:12.0783 4224  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:36:12.0798 4224  ErrDev - ok
20:36:12.0814 4224  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:36:12.0829 4224  EventSystem - ok
20:36:12.0861 4224  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:36:12.0876 4224  exfat - ok
20:36:12.0985 4224  [ C42B0105E09B1ECE2DD75141CF64AFD6 ] F-Secure Filter C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\Win2K\FSfilter.sys
20:36:13.0017 4224  F-Secure Filter - ok
20:36:13.0063 4224  [ 169897DE484A79120AF8C201883EFDC4 ] F-Secure Gatekeeper C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys
20:36:13.0079 4224  F-Secure Gatekeeper - ok
20:36:13.0110 4224  [ 2346842F07E2AB64D1DC83A67FCCDFA1 ] F-Secure Gatekeeper Handler Starter C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\fsgk32st.exe
20:36:13.0126 4224  F-Secure Gatekeeper Handler Starter - ok
20:36:13.0204 4224  [ 0923C7370D08AA0E167F24FDEE24A333 ] F-Secure HIPS   C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\HIPS\drivers\fshs.sys
20:36:13.0204 4224  F-Secure HIPS - ok
20:36:13.0235 4224  [ 17B22D1BB6770D8A86573387345C1738 ] F-Secure Recognizer C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\Win2K\FSrec.sys
20:36:13.0251 4224  F-Secure Recognizer - ok
20:36:13.0282 4224  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:36:13.0297 4224  fastfat - ok
20:36:13.0329 4224  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:36:13.0344 4224  Fax - ok
20:36:13.0360 4224  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
20:36:13.0375 4224  fdc - ok
20:36:13.0375 4224  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:36:13.0407 4224  fdPHost - ok
20:36:13.0407 4224  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:36:13.0438 4224  FDResPub - ok
20:36:13.0453 4224  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:36:13.0469 4224  FileInfo - ok
20:36:13.0500 4224  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:36:13.0516 4224  Filetrace - ok
20:36:13.0531 4224  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:36:13.0547 4224  flpydisk - ok
20:36:13.0563 4224  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:36:13.0563 4224  FltMgr - ok
20:36:13.0625 4224  [ FE95AE537B41A7E2F4CFE353064DC4AF ] FNETTBOH_305    C:\Windows\system32\drivers\FNETTBOH_305.SYS
20:36:13.0656 4224  FNETTBOH_305 - ok
20:36:13.0672 4224  [ 7C3C4B4C951EC1BDFD4F769D05E2CC68 ] FNETURPX        C:\Windows\system32\drivers\FNETURPX.SYS
20:36:13.0672 4224  FNETURPX - ok
20:36:13.0719 4224  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
20:36:13.0734 4224  FontCache - ok
20:36:13.0765 4224  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:36:13.0781 4224  FontCache3.0.0.0 - ok
20:36:13.0797 4224  [ F59F2C574AA5D84477EB89F87C938F16 ] fsbts           C:\Windows\system32\Drivers\fsbts.sys
20:36:13.0797 4224  fsbts - ok
20:36:13.0828 4224  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:36:13.0843 4224  FsDepends - ok
20:36:13.0921 4224  [ D40A0EE11B934E0472AB8A4BBF46D6D8 ] FSDFWD          C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\FWES\Program\fsdfwd.exe
20:36:13.0937 4224  FSDFWD - ok
20:36:13.0968 4224  [ 06C487127857CA7DD0BB6051D454DD90 ] FSES            C:\Windows\system32\drivers\fses.sys
20:36:13.0984 4224  FSES - ok
20:36:14.0015 4224  [ F68D7041A3A6F4707237891D476DD412 ] FSFW            C:\Windows\system32\drivers\fsdfw.sys
20:36:14.0031 4224  FSFW - ok
20:36:14.0109 4224  [ 8A556A81E9FF95BD9EB7207783E8FCF4 ] FSMA            C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Common\FSMA32.EXE
20:36:14.0140 4224  FSMA - ok
20:36:14.0187 4224  [ 42AEF6A385354ACA65FC210CE7CE4D7C ] FSORSPClient    C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\ORSP Client\fsorsp.exe
20:36:14.0202 4224  FSORSPClient - ok
20:36:14.0233 4224  [ CA7903A77FE92A11045DAB462574009F ] fsvista         C:\Program Files (x86)\Kabel Deutschland\Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys
20:36:14.0233 4224  fsvista - ok
20:36:14.0280 4224  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:36:14.0280 4224  Fs_Rec - ok
20:36:14.0296 4224  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:36:14.0311 4224  fvevol - ok
20:36:14.0327 4224  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:36:14.0343 4224  gagp30kx - ok
20:36:14.0389 4224  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:36:14.0389 4224  GEARAspiWDM - ok
20:36:14.0436 4224  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:36:14.0452 4224  gpsvc - ok
20:36:14.0514 4224  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:36:14.0530 4224  gupdate - ok
20:36:14.0545 4224  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:36:14.0545 4224  gupdatem - ok
20:36:14.0561 4224  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:36:14.0577 4224  hcw85cir - ok
20:36:14.0608 4224  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:36:14.0639 4224  HdAudAddService - ok
20:36:14.0655 4224  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:36:14.0670 4224  HDAudBus - ok
20:36:14.0686 4224  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:36:14.0701 4224  HidBatt - ok
20:36:14.0701 4224  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:36:14.0733 4224  HidBth - ok
20:36:14.0748 4224  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:36:14.0764 4224  HidIr - ok
20:36:14.0764 4224  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:36:14.0795 4224  hidserv - ok
20:36:14.0811 4224  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:36:14.0826 4224  HidUsb - ok
20:36:14.0842 4224  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:36:14.0904 4224  hkmsvc - ok
20:36:14.0935 4224  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:36:14.0951 4224  HomeGroupListener - ok
20:36:14.0967 4224  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:36:14.0982 4224  HomeGroupProvider - ok
20:36:14.0998 4224  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:36:15.0013 4224  HpSAMD - ok
20:36:15.0029 4224  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:36:15.0060 4224  HTTP - ok
20:36:15.0076 4224  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:36:15.0076 4224  hwpolicy - ok
20:36:15.0107 4224  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:36:15.0107 4224  i8042prt - ok
20:36:15.0154 4224  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:36:15.0169 4224  iaStorV - ok
20:36:15.0216 4224  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:36:15.0232 4224  idsvc - ok
20:36:15.0247 4224  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:36:15.0247 4224  iirsp - ok
20:36:15.0279 4224  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:36:15.0310 4224  IKEEXT - ok
20:36:15.0403 4224  [ C7124DA48E557D8F88D0D7F1254557F4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:36:15.0435 4224  IntcAzAudAddService - ok
20:36:15.0435 4224  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:36:15.0435 4224  intelide - ok
20:36:15.0466 4224  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
20:36:15.0481 4224  intelppm - ok
20:36:15.0497 4224  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:36:15.0528 4224  IPBusEnum - ok
20:36:15.0528 4224  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:36:15.0559 4224  IpFilterDriver - ok
20:36:15.0575 4224  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:36:15.0591 4224  IPMIDRV - ok
20:36:15.0591 4224  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:36:15.0622 4224  IPNAT - ok
20:36:15.0762 4224  [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:36:15.0778 4224  iPod Service - ok
20:36:15.0809 4224  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:36:15.0840 4224  IRENUM - ok
20:36:15.0856 4224  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:36:15.0856 4224  isapnp - ok
20:36:15.0871 4224  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:36:15.0871 4224  iScsiPrt - ok
20:36:15.0887 4224  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:36:15.0903 4224  kbdclass - ok
20:36:15.0918 4224  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:36:15.0918 4224  kbdhid - ok
20:36:15.0949 4224  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:36:15.0949 4224  KeyIso - ok
20:36:16.0027 4224  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:36:16.0027 4224  KSecDD - ok
20:36:16.0074 4224  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:36:16.0074 4224  KSecPkg - ok
20:36:16.0090 4224  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:36:16.0121 4224  ksthunk - ok
20:36:16.0137 4224  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:36:16.0168 4224  KtmRm - ok
20:36:16.0183 4224  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:36:16.0199 4224  LanmanServer - ok
20:36:16.0215 4224  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:36:16.0246 4224  LanmanWorkstation - ok
20:36:16.0308 4224  [ 19EFF704CD16DD0429E128431F1DD631 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
20:36:16.0324 4224  LBTServ - ok
20:36:16.0355 4224  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
20:36:16.0371 4224  LGBusEnum - ok
20:36:16.0371 4224  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
20:36:16.0386 4224  LGVirHid - ok
20:36:16.0402 4224  [ 1074C77A47835E03C15BF92452F9A750 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:36:16.0417 4224  LHidFilt - ok
20:36:16.0417 4224  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:36:16.0449 4224  lltdio - ok
20:36:16.0480 4224  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:36:16.0511 4224  lltdsvc - ok
20:36:16.0511 4224  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:36:16.0542 4224  lmhosts - ok
20:36:16.0542 4224  [ 96999C364C649E2866A268F7420A304A ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:36:16.0558 4224  LMouFilt - ok
20:36:16.0573 4224  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:36:16.0573 4224  LSI_FC - ok
20:36:16.0589 4224  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:36:16.0589 4224  LSI_SAS - ok
20:36:16.0589 4224  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:36:16.0605 4224  LSI_SAS2 - ok
20:36:16.0605 4224  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:36:16.0620 4224  LSI_SCSI - ok
20:36:16.0620 4224  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:36:16.0651 4224  luafv - ok
20:36:16.0698 4224  [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
20:36:16.0698 4224  MBAMProtector - ok
20:36:16.0745 4224  [ 43683E970F008C93C9429EF428147A54 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:36:16.0761 4224  MBAMService - ok
20:36:16.0761 4224  [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt          C:\Windows\system32\drivers\MBfilt64.sys
20:36:16.0761 4224  MBfilt - ok
20:36:16.0807 4224  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:36:16.0823 4224  Mcx2Svc - ok
20:36:16.0901 4224  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:36:16.0917 4224  MDM - ok
20:36:16.0932 4224  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:36:16.0948 4224  megasas - ok
20:36:16.0963 4224  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:36:16.0963 4224  MegaSR - ok
20:36:16.0979 4224  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:36:17.0010 4224  MMCSS - ok
20:36:17.0026 4224  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:36:17.0041 4224  Modem - ok
20:36:17.0088 4224  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:36:17.0119 4224  monitor - ok
20:36:17.0135 4224  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:36:17.0135 4224  mouclass - ok
20:36:17.0151 4224  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:36:17.0166 4224  mouhid - ok
20:36:17.0166 4224  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:36:17.0166 4224  mountmgr - ok
20:36:17.0213 4224  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:36:17.0229 4224  MozillaMaintenance - ok
20:36:17.0260 4224  [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
20:36:17.0275 4224  MpFilter - ok
20:36:17.0291 4224  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:36:17.0291 4224  mpio - ok
20:36:17.0307 4224  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:36:17.0322 4224  mpsdrv - ok
20:36:17.0353 4224  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:36:17.0400 4224  MRxDAV - ok
20:36:17.0431 4224  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:36:17.0447 4224  mrxsmb - ok
20:36:17.0463 4224  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:36:17.0478 4224  mrxsmb10 - ok
20:36:17.0494 4224  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:36:17.0494 4224  mrxsmb20 - ok
20:36:17.0494 4224  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:36:17.0509 4224  msahci - ok
20:36:17.0509 4224  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:36:17.0525 4224  msdsm - ok
20:36:17.0541 4224  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:36:17.0541 4224  MSDTC - ok
20:36:17.0572 4224  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:36:17.0587 4224  Msfs - ok
20:36:17.0603 4224  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:36:17.0619 4224  mshidkmdf - ok
20:36:17.0634 4224  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:36:17.0650 4224  msisadrv - ok
20:36:17.0681 4224  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:36:17.0712 4224  MSiSCSI - ok
20:36:17.0712 4224  msiserver - ok
20:36:17.0712 4224  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:36:17.0743 4224  MSKSSRV - ok
20:36:17.0743 4224  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:36:17.0775 4224  MSPCLOCK - ok
20:36:17.0790 4224  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:36:17.0821 4224  MSPQM - ok
20:36:17.0821 4224  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:36:17.0837 4224  MsRPC - ok
20:36:17.0853 4224  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:36:17.0853 4224  mssmbios - ok
20:36:17.0868 4224  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:36:17.0884 4224  MSTEE - ok
20:36:17.0899 4224  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:36:17.0899 4224  MTConfig - ok
20:36:17.0899 4224  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:36:17.0915 4224  Mup - ok
20:36:17.0962 4224  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:36:18.0009 4224  napagent - ok
20:36:18.0024 4224  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:36:18.0040 4224  NativeWifiP - ok
20:36:18.0071 4224  [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:36:18.0087 4224  NDIS - ok
20:36:18.0102 4224  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:36:18.0118 4224  NdisCap - ok
20:36:18.0149 4224  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:36:18.0165 4224  NdisTapi - ok
20:36:18.0180 4224  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:36:18.0227 4224  Ndisuio - ok
20:36:18.0258 4224  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:36:18.0289 4224  NdisWan - ok
20:36:18.0305 4224  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:36:18.0321 4224  NDProxy - ok
20:36:18.0321 4224  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:36:18.0352 4224  NetBIOS - ok
20:36:18.0367 4224  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:36:18.0399 4224  NetBT - ok
20:36:18.0399 4224  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:36:18.0414 4224  Netlogon - ok
20:36:18.0430 4224  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:36:18.0461 4224  Netman - ok
20:36:18.0477 4224  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:36:18.0508 4224  netprofm - ok
20:36:18.0539 4224  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:36:18.0539 4224  NetTcpPortSharing - ok
20:36:18.0555 4224  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:36:18.0570 4224  nfrd960 - ok
20:36:18.0586 4224  [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:36:18.0601 4224  NisDrv - ok
20:36:18.0633 4224  [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
20:36:18.0648 4224  NisSrv - ok
20:36:18.0664 4224  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:36:18.0695 4224  NlaSvc - ok
20:36:18.0711 4224  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:36:18.0726 4224  Npfs - ok
20:36:18.0757 4224  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:36:18.0789 4224  nsi - ok
20:36:18.0804 4224  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:36:18.0820 4224  nsiproxy - ok
20:36:18.0882 4224  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:36:18.0898 4224  Ntfs - ok
20:36:18.0913 4224  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:36:18.0960 4224  Null - ok
20:36:18.0976 4224  [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
20:36:18.0991 4224  NVHDA - ok
20:36:19.0241 4224  [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:36:19.0381 4224  nvlddmkm - ok
20:36:19.0428 4224  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:36:19.0428 4224  nvraid - ok
20:36:19.0459 4224  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:36:19.0475 4224  nvstor - ok
20:36:19.0522 4224  [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:36:19.0537 4224  nvsvc - ok
20:36:19.0584 4224  [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:36:19.0600 4224  nvUpdatusService - ok
20:36:19.0615 4224  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:36:19.0631 4224  nv_agp - ok
20:36:19.0647 4224  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:36:19.0662 4224  ohci1394 - ok
20:36:19.0693 4224  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:36:19.0709 4224  ose - ok
20:36:19.0725 4224  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:36:19.0740 4224  p2pimsvc - ok
20:36:19.0771 4224  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:36:19.0771 4224  p2psvc - ok
20:36:19.0787 4224  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
20:36:19.0803 4224  Parport - ok
20:36:19.0834 4224  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:36:19.0834 4224  partmgr - ok
20:36:19.0849 4224  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:36:19.0865 4224  PcaSvc - ok
20:36:19.0881 4224  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:36:19.0881 4224  pci - ok
20:36:19.0896 4224  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:36:19.0912 4224  pciide - ok
20:36:19.0927 4224  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:36:19.0943 4224  pcmcia - ok
20:36:19.0959 4224  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:36:19.0974 4224  pcw - ok
20:36:20.0005 4224  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:36:20.0037 4224  PEAUTH - ok
20:36:20.0115 4224  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:36:20.0130 4224  PerfHost - ok
20:36:20.0193 4224  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:36:20.0239 4224  pla - ok
20:36:20.0286 4224  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:36:20.0302 4224  PlugPlay - ok
20:36:20.0302 4224  PnkBstrA - ok
20:36:20.0317 4224  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:36:20.0520 4224  PNRPAutoReg - ok
20:36:20.0536 4224  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:36:20.0536 4224  PNRPsvc - ok
20:36:20.0567 4224  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:36:20.0598 4224  PolicyAgent - ok
20:36:20.0629 4224  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:36:20.0661 4224  Power - ok
20:36:20.0692 4224  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:36:20.0707 4224  PptpMiniport - ok
20:36:20.0723 4224  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
20:36:20.0723 4224  Processor - ok
20:36:20.0770 4224  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:36:20.0817 4224  ProfSvc - ok
20:36:20.0832 4224  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:36:20.0832 4224  ProtectedStorage - ok
20:36:20.0848 4224  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:36:20.0879 4224  Psched - ok
20:36:20.0926 4224  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:36:20.0957 4224  ql2300 - ok
20:36:20.0957 4224  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:36:20.0973 4224  ql40xx - ok
20:36:20.0988 4224  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:36:21.0004 4224  QWAVE - ok
20:36:21.0019 4224  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:36:21.0035 4224  QWAVEdrv - ok
20:36:21.0051 4224  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:36:21.0066 4224  RasAcd - ok
20:36:21.0097 4224  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:36:21.0113 4224  RasAgileVpn - ok
20:36:21.0129 4224  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:36:21.0160 4224  RasAuto - ok
20:36:21.0175 4224  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:36:21.0191 4224  Rasl2tp - ok
20:36:21.0222 4224  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:36:21.0238 4224  RasMan - ok
20:36:21.0253 4224  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:36:21.0285 4224  RasPppoe - ok
20:36:21.0300 4224  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:36:21.0316 4224  RasSstp - ok
20:36:21.0331 4224  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:36:21.0363 4224  rdbss - ok
20:36:21.0363 4224  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
20:36:21.0378 4224  rdpbus - ok
20:36:21.0394 4224  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:36:21.0425 4224  RDPCDD - ok
20:36:21.0441 4224  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:36:21.0472 4224  RDPENCDD - ok
20:36:21.0487 4224  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:36:21.0503 4224  RDPREFMP - ok
20:36:21.0534 4224  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:36:21.0565 4224  RDPWD - ok
20:36:21.0565 4224  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:36:21.0581 4224  rdyboost - ok
20:36:21.0612 4224  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:36:21.0628 4224  RemoteAccess - ok
20:36:21.0643 4224  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:36:21.0675 4224  RemoteRegistry - ok
20:36:21.0690 4224  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:36:21.0737 4224  RpcEptMapper - ok
20:36:21.0753 4224  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:36:21.0768 4224  RpcLocator - ok
20:36:21.0799 4224  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:36:21.0815 4224  RpcSs - ok
20:36:21.0831 4224  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:36:21.0862 4224  rspndr - ok
20:36:21.0877 4224  [ F4C374B1C46DE294B573BB43723AC3F6 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:36:21.0893 4224  RTL8167 - ok
20:36:21.0924 4224  [ 68F717BC57B0FE12011EB9517C97F78D ] s1029bus        C:\Windows\system32\DRIVERS\s1029bus.sys
20:36:21.0940 4224  s1029bus - ok
20:36:21.0971 4224  [ FCFAFA529F4FA27B02FCE1E52A84922E ] s1029mdfl       C:\Windows\system32\DRIVERS\s1029mdfl.sys
20:36:21.0987 4224  s1029mdfl - ok
20:36:22.0018 4224  [ 35BD0866EB422AB2D7C8F0DDCC67BF7C ] s1029mdm        C:\Windows\system32\DRIVERS\s1029mdm.sys
20:36:22.0033 4224  s1029mdm - ok
20:36:22.0065 4224  [ E0FD4F4F42B76E910CC4295C97AA30BA ] s1029mgmt       C:\Windows\system32\DRIVERS\s1029mgmt.sys
20:36:22.0065 4224  s1029mgmt - ok
20:36:22.0096 4224  [ 90276F1D842EB96F82510E73FDB792AD ] s1029nd5        C:\Windows\system32\DRIVERS\s1029nd5.sys
20:36:22.0111 4224  s1029nd5 - ok
20:36:22.0143 4224  [ 128ED45223FAB846E8436A2F2BAEBB55 ] s1029obex       C:\Windows\system32\DRIVERS\s1029obex.sys
20:36:22.0158 4224  s1029obex - ok
20:36:22.0189 4224  [ 400FC5591586A1DFECF7A0CFAA6B0D68 ] s1029unic       C:\Windows\system32\DRIVERS\s1029unic.sys
20:36:22.0189 4224  s1029unic - ok
20:36:22.0205 4224  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:36:22.0205 4224  SamSs - ok
20:36:22.0221 4224  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:36:22.0221 4224  sbp2port - ok
20:36:22.0236 4224  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:36:22.0252 4224  SCardSvr - ok
20:36:22.0299 4224  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:36:22.0330 4224  scfilter - ok
20:36:22.0377 4224  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:36:22.0408 4224  Schedule - ok
20:36:22.0439 4224  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:36:22.0470 4224  SCPolicySvc - ok
20:36:22.0501 4224  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:36:22.0533 4224  SDRSVC - ok
20:36:22.0548 4224  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:36:22.0579 4224  secdrv - ok
20:36:22.0595 4224  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:36:22.0611 4224  seclogon - ok
20:36:22.0626 4224  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:36:22.0657 4224  SENS - ok
20:36:22.0689 4224  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:36:22.0704 4224  SensrSvc - ok
20:36:22.0720 4224  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:36:22.0720 4224  Serenum - ok
20:36:22.0751 4224  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:36:22.0767 4224  Serial - ok
20:36:22.0782 4224  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:36:22.0813 4224  sermouse - ok
20:36:22.0829 4224  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:36:22.0860 4224  SessionEnv - ok
20:36:22.0876 4224  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:36:22.0876 4224  sffdisk - ok
20:36:22.0891 4224  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:36:22.0907 4224  sffp_mmc - ok
20:36:22.0923 4224  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:36:22.0938 4224  sffp_sd - ok
20:36:22.0954 4224  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:36:22.0954 4224  sfloppy - ok
20:36:22.0985 4224  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:36:23.0001 4224  ShellHWDetection - ok
20:36:23.0016 4224  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:36:23.0016 4224  SiSRaid2 - ok
20:36:23.0047 4224  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:36:23.0063 4224  SiSRaid4 - ok
20:36:23.0110 4224  [ C70AEBD3608ED9FCEA2A1BAE83567FFC ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:36:23.0125 4224  SkypeUpdate - ok
20:36:23.0141 4224  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:36:23.0172 4224  Smb - ok
20:36:23.0172 4224  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:36:23.0203 4224  SNMPTRAP - ok
20:36:23.0203 4224  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:36:23.0203 4224  spldr - ok
20:36:23.0219 4224  [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler         C:\Windows\System32\spoolsv.exe
20:36:23.0250 4224  Spooler - ok
20:36:23.0313 4224  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:36:23.0391 4224  sppsvc - ok
20:36:23.0406 4224  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:36:23.0437 4224  sppuinotify - ok
20:36:23.0515 4224  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\System32\Drivers\sptd.sys
20:36:23.0531 4224  sptd - ok
20:36:23.0562 4224  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:36:23.0578 4224  srv - ok
20:36:23.0593 4224  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:36:23.0609 4224  srv2 - ok
20:36:23.0625 4224  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:36:23.0625 4224  srvnet - ok
20:36:23.0640 4224  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:36:23.0656 4224  SSDPSRV - ok
20:36:23.0671 4224  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:36:23.0703 4224  SstpSvc - ok
20:36:23.0796 4224  [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:36:23.0796 4224  Stereo Service - ok
20:36:23.0812 4224  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:36:23.0827 4224  stexstor - ok
20:36:23.0859 4224  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:36:23.0874 4224  stisvc - ok
20:36:23.0874 4224  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:36:23.0890 4224  swenum - ok
20:36:23.0983 4224  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:36:24.0015 4224  SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
20:36:24.0015 4224  SwitchBoard - detected UnsignedFile.Multi.Generic (1)
20:36:24.0030 4224  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:36:24.0061 4224  swprv - ok
20:36:24.0124 4224  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:36:24.0155 4224  SysMain - ok
20:36:24.0171 4224  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:36:24.0186 4224  TabletInputService - ok
20:36:24.0202 4224  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:36:24.0233 4224  TapiSrv - ok
20:36:24.0264 4224  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:36:24.0280 4224  TBS - ok
20:36:24.0358 4224  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:36:24.0389 4224  Tcpip - ok
20:36:24.0405 4224  [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:36:24.0436 4224  TCPIP6 - ok
20:36:24.0436 4224  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:36:24.0467 4224  tcpipreg - ok
20:36:24.0498 4224  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:36:24.0514 4224  TDPIPE - ok
20:36:24.0545 4224  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:36:24.0545 4224  TDTCP - ok
20:36:24.0561 4224  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:36:24.0576 4224  tdx - ok
20:36:24.0607 4224  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:36:24.0607 4224  TermDD - ok
20:36:24.0795 4224  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:36:24.0826 4224  TermService - ok
20:36:24.0841 4224  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:36:24.0857 4224  Themes - ok
20:36:24.0888 4224  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:36:24.0904 4224  THREADORDER - ok
20:36:24.0919 4224  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:36:24.0951 4224  TrkWks - ok
20:36:24.0982 4224  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:36:24.0997 4224  TrustedInstaller - ok
20:36:25.0013 4224  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:36:25.0060 4224  tssecsrv - ok
20:36:25.0075 4224  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:36:25.0075 4224  TsUsbFlt - ok
20:36:25.0075 4224  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:36:25.0091 4224  TsUsbGD - ok
20:36:25.0107 4224  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:36:25.0138 4224  tunnel - ok
20:36:25.0231 4224  [ 06BCCB3BF0D06ADCCC4EBC8EF682DD59 ] TVersityMediaServer C:\ProgramData\TVersity\Media Server\MediaServer.exe
20:36:25.0247 4224  TVersityMediaServer - ok
20:36:25.0247 4224  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:36:25.0263 4224  uagp35 - ok
20:36:25.0294 4224  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:36:25.0325 4224  udfs - ok
20:36:25.0356 4224  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:36:25.0372 4224  UI0Detect - ok
20:36:25.0372 4224  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:36:25.0387 4224  uliagpkx - ok
20:36:25.0419 4224  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:36:25.0419 4224  umbus - ok
20:36:25.0434 4224  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:36:25.0450 4224  UmPass - ok
20:36:25.0465 4224  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:36:25.0497 4224  upnphost - ok
20:36:25.0528 4224  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:36:25.0528 4224  USBAAPL64 - ok
20:36:25.0590 4224  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:36:25.0606 4224  usbaudio - ok
20:36:25.0621 4224  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:36:25.0637 4224  usbccgp - ok
20:36:25.0653 4224  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:36:25.0653 4224  usbcir - ok
20:36:25.0684 4224  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:36:25.0699 4224  usbehci - ok
20:36:25.0731 4224  [ 858BE9C0E498C8E505E198E17EECE0D9 ] usbfilter       C:\Windows\system32\DRIVERS\usbfilter.sys
20:36:25.0731 4224  usbfilter - ok
20:36:25.0746 4224  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:36:25.0762 4224  usbhub - ok
20:36:25.0762 4224  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:36:25.0777 4224  usbohci - ok
20:36:25.0777 4224  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:36:25.0793 4224  usbprint - ok
20:36:25.0840 4224  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:36:25.0855 4224  USBSTOR - ok
20:36:25.0887 4224  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:36:25.0887 4224  usbuhci - ok
20:36:25.0902 4224  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:36:25.0918 4224  UxSms - ok
20:36:25.0933 4224  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:36:25.0949 4224  VaultSvc - ok
20:36:25.0949 4224  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:36:25.0965 4224  vdrvroot - ok
20:36:25.0980 4224  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:36:26.0027 4224  vds - ok
20:36:26.0027 4224  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:36:26.0043 4224  vga - ok
20:36:26.0058 4224  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:36:26.0074 4224  VgaSave - ok
20:36:26.0105 4224  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:36:26.0105 4224  vhdmp - ok
20:36:26.0105 4224  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:36:26.0121 4224  viaide - ok
20:36:26.0121 4224  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:36:26.0136 4224  volmgr - ok
20:36:26.0152 4224  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:36:26.0152 4224  volmgrx - ok
20:36:26.0167 4224  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:36:26.0183 4224  volsnap - ok
20:36:26.0183 4224  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:36:26.0183 4224  vsmraid - ok
20:36:26.0214 4224  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:36:26.0277 4224  VSS - ok
20:36:26.0277 4224  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:36:26.0308 4224  vwifibus - ok
20:36:26.0323 4224  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:36:26.0355 4224  W32Time - ok
20:36:26.0355 4224  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:36:26.0370 4224  WacomPen - ok
20:36:26.0386 4224  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:36:26.0417 4224  WANARP - ok
20:36:26.0417 4224  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:36:26.0433 4224  Wanarpv6 - ok
20:36:26.0495 4224  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:36:26.0526 4224  wbengine - ok
20:36:26.0542 4224  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:36:26.0589 4224  WbioSrvc - ok
20:36:26.0604 4224  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:36:26.0620 4224  wcncsvc - ok
20:36:26.0620 4224  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:36:26.0635 4224  WcsPlugInService - ok
20:36:26.0635 4224  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
20:36:26.0651 4224  Wd - ok
20:36:26.0667 4224  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:36:26.0682 4224  Wdf01000 - ok
20:36:26.0713 4224  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:36:26.0745 4224  WdiServiceHost - ok
20:36:26.0745 4224  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:36:26.0745 4224  WdiSystemHost - ok
20:36:26.0791 4224  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:36:26.0807 4224  WebClient - ok
20:36:26.0838 4224  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:36:26.0869 4224  Wecsvc - ok
20:36:26.0885 4224  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:36:26.0901 4224  wercplsupport - ok
20:36:26.0963 4224  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:36:26.0979 4224  WerSvc - ok
20:36:26.0994 4224  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:36:27.0025 4224  WfpLwf - ok
20:36:27.0025 4224  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:36:27.0041 4224  WIMMount - ok
20:36:27.0041 4224  WinHttpAutoProxySvc - ok
20:36:27.0103 4224  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:36:27.0135 4224  Winmgmt - ok
20:36:27.0166 4224  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:36:27.0228 4224  WinRM - ok
20:36:27.0306 4224  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:36:27.0322 4224  WinUsb - ok
20:36:27.0337 4224  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:36:27.0369 4224  Wlansvc - ok
20:36:27.0384 4224  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:36:27.0384 4224  WmiAcpi - ok
20:36:27.0415 4224  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:36:27.0431 4224  wmiApSrv - ok
20:36:27.0462 4224  WMPNetworkSvc - ok
20:36:27.0478 4224  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:36:27.0493 4224  WPCSvc - ok
20:36:27.0509 4224  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:36:27.0509 4224  WPDBusEnum - ok
20:36:27.0525 4224  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:36:27.0556 4224  ws2ifsl - ok
20:36:27.0556 4224  WSearch - ok
20:36:27.0571 4224  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:36:27.0603 4224  WudfPf - ok
20:36:27.0618 4224  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:36:27.0649 4224  WUDFRd - ok
20:36:27.0665 4224  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:36:27.0696 4224  wudfsvc - ok
20:36:27.0727 4224  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:36:27.0774 4224  WwanSvc - ok
20:36:27.0774 4224  ================ Scan global ===============================
20:36:27.0790 4224  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:36:27.0805 4224  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:36:27.0821 4224  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
20:36:27.0837 4224  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:36:27.0868 4224  [ 014A9CB92514E27C0107614DF764BC06 ] C:\Windows\system32\services.exe
20:36:27.0883 4224  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - infected
20:36:27.0883 4224  C:\Windows\system32\services.exe - detected Virus.Win64.ZAccess.b (0)
20:36:27.0883 4224  ================ Scan MBR ==================================
20:36:27.0883 4224  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:36:28.0461 4224  \Device\Harddisk0\DR0 - ok
20:36:28.0461 4224  ================ Scan VBR ==================================
20:36:28.0461 4224  [ 22ACA03FF652B70034A23C3440666972 ] \Device\Harddisk0\DR0\Partition1
20:36:28.0461 4224  \Device\Harddisk0\DR0\Partition1 - ok
20:36:28.0492 4224  [ 25682047E08BEA70999909B28C9F2461 ] \Device\Harddisk0\DR0\Partition2
20:36:28.0507 4224  \Device\Harddisk0\DR0\Partition2 - ok
20:36:28.0507 4224  ============================================================
20:36:28.0507 4224  Scan finished
20:36:28.0507 4224  ============================================================
20:36:28.0507 4872  Detected object count: 2
20:36:28.0507 4872  Actual detected object count: 2
20:37:06.0805 4872  SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
20:37:06.0805 4872  SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:37:06.0805 4872  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - skipped by user
20:37:06.0805 4872  C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - User select action: Skip
         

Alt 30.08.2012, 21:12   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Live Security Trojaner - Standard

Live Security Trojaner



Code:
ATTFilter
C:\Windows\system32\services.exe ( Virus.Win64.ZAccess.b ) - skipped by user
         
Diesen Eintrag => Virus.Win64.ZAccess.b <= bitte mit dem TDSS-Killer fixen. Aber bitte nur diesen Eintrag!
Starte Windows danach neu und mach wieder ein komplett neues Log mit dem TDSS-Killer. Wie immer wieder in CODE-Tags posten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Live Security Trojaner
auf einmal, deutschland, dinge, entferne, f-secure, großes, hoffe, kabel, laufe, laufen, live, logfiles, pdfforge toolbar, problem, programm, schafft, schlägt, security, troja, trojane, trojaner, virenprogramm, virus/trojaner



Ähnliche Themen: Live Security Trojaner


  1. troj zero acces in: Live Security Platinum und Microsoft\Security Center|
    Log-Analyse und Auswertung - 10.12.2012 (7)
  2. live security platinum
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (31)
  3. Mehrere Trojaner (Zbot) nach Live Security Platimun-Befall gefunden
    Plagegeister aller Art und deren Bekämpfung - 18.09.2012 (9)
  4. LIVE SECURITY PLATINUM Trojaner entfernt. Avira Antivir startet aber keinen Suchlauf!
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (16)
  5. Live-Security-platinum mit OTL
    Plagegeister aller Art und deren Bekämpfung - 01.09.2012 (1)
  6. Trojaner, evtl. Rootkit / Live Security Platinum
    Log-Analyse und Auswertung - 29.08.2012 (1)
  7. Live Security Platinum Trojaner
    Log-Analyse und Auswertung - 28.08.2012 (4)
  8. Live Security Platinum
    Diskussionsforum - 27.08.2012 (4)
  9. Trojaner SVCHOST.Stealth.Keyloger / Live Security Platinium
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (2)
  10. Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (5)
  11. GVU-Trojaner, Live-Security-Platinum und bestimmt noch einiges mehr... :(
    Log-Analyse und Auswertung - 02.08.2012 (11)
  12. Live Security Platinum
    Log-Analyse und Auswertung - 27.07.2012 (5)
  13. Live Security eingefangen - Firefox leitet zu Windows Live um - immer noch Viren auf meinem PC?
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (27)
  14. Live security
    Log-Analyse und Auswertung - 23.07.2012 (2)
  15. Logfiles von Live Security Platinum Trojaner mit Rootkit.0Access Befall
    Log-Analyse und Auswertung - 17.07.2012 (5)
  16. Live Security Platinum-Trojaner, Verschlüsselungs-Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (1)
  17. Diverse Viren, Trojaner (u.a. Live Security Platinum), Laptop, XP, Malwarbytes
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (3)

Zum Thema Live Security Trojaner - Hallo zusammen ich bin mal wieder betroffen von so nem sch... Trojaner Mist. Ich hatte auf einmal diesen Live Security dingens drauf. Habe das Deinstaliert und wer hätte das gedacht, - Live Security Trojaner...
Archiv
Du betrachtest: Live Security Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.