Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mein Google geht mit primosearch fremd

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.11.2012, 18:45   #1
Ilahja
 
Mein Google geht mit primosearch fremd - Standard

Mein Google geht mit primosearch fremd



Hallo,
hab seid den letzten Tag bissel Probleme mit meinem Browser. Google leidet mich über eine primosearch seite um. Keine Ahnung was das ist. Da ich in diesem Punkt der totale Laie bin hänge ich sozusagen in der Luft.

Auch die Geschwindgkeit des Seitenaufbaus wirkt extrem langsam, was aber bei einer 700er DSL light eh schon nicht schnell war.

Hoffe Ihr könnt mir helfen

Alt 03.11.2012, 18:51   #2
markusg
/// Malware-holic
 
Mein Google geht mit primosearch fremd - Standard

Mein Google geht mit primosearch fremd



hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 03.11.2012, 19:44   #3
Ilahja
 
Mein Google geht mit primosearch fremd - Standard

Mein Google geht mit primosearch fremd



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.11.2012 20:18:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 63,76% Memory free
6,50 Gb Paging File | 4,89 Gb Available in Paging File | 75,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698,61 Gb Total Space | 93,51 Gb Free Space | 13,38% Space Free | Partition Type: NTFS
 
Computer Name: CHRISSI-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.03 19:48:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Downloads\OTL.exe
PRC - [2012.11.02 08:44:42 | 000,040,960 | ---- | M] () -- C:\Users\Chrissi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
PRC - [2012.11.01 22:52:09 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.11.01 22:50:48 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.01 22:50:47 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.19 18:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.02.23 18:31:13 | 001,730,560 | ---- | M] (Curse) -- C:\Users\Chrissi\AppData\Local\Apps\2.0\GREOK947.163\77ZP5K56.VA7\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe
PRC - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011.12.06 04:12:16 | 000,404,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011.12.06 04:11:44 | 000,163,328 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 22:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.02.19 08:12:18 | 000,537,256 | ---- | M] ( ) -- C:\Windows\System32\lxbkcoms.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.18 02:30:07 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\6c59a14a23f734093e80d6093e25302a\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.18 02:27:37 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.18 02:27:22 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.18 02:27:01 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.18 02:26:55 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.18 02:26:53 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
MOD - [2012.06.18 02:26:33 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.05.11 20:31:14 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll
MOD - [2012.05.11 20:02:55 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012.05.11 20:02:00 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll
MOD - [2012.05.11 20:01:57 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012.05.11 20:01:56 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012.05.11 20:01:55 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
MOD - [2012.05.11 20:00:07 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 19:59:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 19:58:57 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.11 19:58:55 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll
MOD - [2012.05.11 19:58:52 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 19:58:49 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.11 19:58:48 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 19:58:37 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.03.02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2010.11.21 01:27:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010.11.21 01:27:56 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll
MOD - [2010.11.21 01:27:50 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll
MOD - [2010.11.20 22:29:07 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010.11.13 00:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012.11.02 08:44:42 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Chrissi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2012.11.01 22:52:09 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.11.01 22:50:48 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.24 18:49:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.09 19:32:03 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011.12.06 04:11:44 | 000,163,328 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008.02.19 08:12:18 | 000,537,256 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbkcoms.exe -- (lxbk_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.11.01 22:52:16 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.09.24 08:58:11 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.13 09:58:17 | 000,083,792 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.12.06 04:44:22 | 009,067,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.12.06 04:44:22 | 009,067,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.12.06 03:11:50 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011.10.17 18:40:44 | 000,085,520 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011.03.18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2011.03.17 16:17:47 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.11.20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 22:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 22:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 22:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 22:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 22:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 22:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.01 00:16:40 | 000,010,240 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VKbms.sys -- (VKbms)
DRV - [2010.09.08 10:39:30 | 000,023,680 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Lycosa.sys -- (LycoFltr)
DRV - [2010.05.25 04:07:38 | 000,204,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.13 23:02:53 | 000,545,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2005.04.24 22:43:58 | 000,013,225 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DB3G.sys -- (Razerlow)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1998737039-4092748163-3647011320-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchplusnetwork.com/?sp=vit4
IE - HKU\S-1-5-21-1998737039-4092748163-3647011320-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1998737039-4092748163-3647011320-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1998737039-4092748163-3647011320-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F 88 54 87 3B EB CB 01  [binary data]
IE - HKU\S-1-5-21-1998737039-4092748163-3647011320-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1998737039-4092748163-3647011320-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=783dadce-4440-4165-a93d-0c08cc9372ae&pid=ccleanerde&k=0
IE - HKU\S-1-5-21-1998737039-4092748163-3647011320-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com.anonymize-me.de/?anonymto=687474703A2F2F7365617263682E626162796C6F6E2E636F6D2F3F713D7B7365617263685465726D737D2661666649443D3131333438302674743D333031325F35266261627372633D53505F7373266D6E747249643D3134346333623862303030303030303030303030303032326230303066653436&st={searchTerms}&clid=783dadce-4440-4165-a93d-0c08cc9372ae&pid=ccleanerde&k=0
IE - HKU\S-1-5-21-1998737039-4092748163-3647011320-1001\..\SearchScopes\{2C21E36C-D7D6-45A3-802A-28D5BF10D50E}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=783dadce-4440-4165-a93d-0c08cc9372ae&pid=ccleanerde&mode=bounce&k=0
IE - HKU\S-1-5-21-1998737039-4092748163-3647011320-1001\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E736561726368706C75736E6574776F726B2E636F6D2F3F73703D7669743426713D7B7365617263685465726D737D&st={searchTerms}&clid=783dadce-4440-4165-a93d-0c08cc9372ae&pid=ccleanerde&k=0
IE - HKU\S-1-5-21-1998737039-4092748163-3647011320-1001\..\SearchScopes\{4EB23B8A-3863-46B5-84DD-CED1812B609A}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=783dadce-4440-4165-a93d-0c08cc9372ae&pid=ccleanerde&mode=bounce&k=0
IE - HKU\S-1-5-21-1998737039-4092748163-3647011320-1001\..\SearchScopes\{820E5FC6-9520-49E8-AD79-F529F7454CF6}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=783dadce-4440-4165-a93d-0c08cc9372ae&pid=ccleanerde&mode=bounce&k=0
IE - HKU\S-1-5-21-1998737039-4092748163-3647011320-1001\..\SearchScopes\{C67DF620-716E-4C91-B9A6-CC0D33506A48}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=783dadce-4440-4165-a93d-0c08cc9372ae&pid=ccleanerde&mode=bounce&k=0
IE - HKU\S-1-5-21-1998737039-4092748163-3647011320-1001\..\SearchScopes\{E74C9DF1-3DC4-4F68-934C-CB84D39C21E8}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=783dadce-4440-4165-a93d-0c08cc9372ae&pid=ccleanerde&mode=bounce&k=0
IE - HKU\S-1-5-21-1998737039-4092748163-3647011320-1001\..\SearchScopes\{FBE36E18-EAAB-4B21-B68D-6EC53DB07110}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=783dadce-4440-4165-a93d-0c08cc9372ae&pid=ccleanerde&mode=bounce&k=0
IE - HKU\S-1-5-21-1998737039-4092748163-3647011320-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1998737039-4092748163-3647011320-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: toolbar@gmx.net:2.3.1
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8
FF - prefs.js..extensions.enabledAddons: bbrs_002@blabbers.com:1.0.5
FF - prefs.js..keyword.URL: "hxxp://www.searchplusnetwork.com/?sp=vit4&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.02 18:45:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.02 00:18:16 | 000,000,000 | ---D | M]
 
[2012.02.19 11:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2012.02.19 11:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2012.11.01 17:49:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxi\AppData\Roaming\mozilla\Firefox\Profiles\plhju9ek.default\extensions
[2012.11.01 17:55:27 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\plhju9ek.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.11.01 17:55:27 | 000,000,000 | ---D | M] (Browser Companion Helper) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com
[2012.10.05 18:16:19 | 000,509,739 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\toolbar@gmx.net.xpi
[2012.07.25 17:43:08 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.31 16:53:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Cxxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2012.09.03 12:19:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\170f337942c410233f577de5778810a6_expire
[2012.09.09 19:09:41 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1bcf5a8f2429c4942ad539ef2c5df336_expire
[2012.11.03 19:35:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
[2012.11.03 19:35:03 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d14a09839275_expire
[2012.11.03 19:01:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b6b74d5a92c729ce36a9d055d3db8e9_expire
[2012.10.29 18:54:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2012.10.21 16:52:13 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5f4ce27504a73ff97d1936c597c769e5_expire
[2012.09.05 17:34:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxxi\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\61e2ae11ba3d1cbe8887ea80f192e299_expire
[2012.11.03 19:35:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ff6ea009817b27df633b37777d528cd_expire
[2012.09.04 19:05:38 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxxi\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ccfda3ab1ab5bbc5d7af38840ba022b_expire
[2012.11.03 19:01:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab391f90d1db7_expire
[2012.11.03 19:01:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Cxxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire
[2012.11.03 19:35:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4cc6ab573e4a5fee2a418e22d3c14dc_expire
[2012.09.19 19:47:37 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a74277a9a3c0203a3093f810f43fbc11_expire
[2012.11.03 19:35:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire
[2012.10.30 21:11:51 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c6d8337e4b016a68fdbb60b29e7d254d_expire
[2012.10.28 10:04:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb647c72e5b13b52d1392c603dcfde6_expire
[2012.10.30 21:11:51 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxxAppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\df4525cd4117d8ae1c7453b139759242_expire
[2012.09.19 19:47:36 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e02b35320e5111f1b626466c13c70a0a_expire
[2012.11.03 19:35:05 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e72174145ae7671ff95578a2089c26b2_expire
[2012.11.03 19:35:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2012.11.03 19:35:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece5f266221b5245c6e3d7e27ddee963_expire
[2012.10.21 16:52:12 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed95871ef4bb2_expire
[2012.11.03 19:35:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18ae7867300d_expire
[2012.10.29 18:54:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2012.10.29 18:54:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2012.11.02 08:44:54 | 000,001,049 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\searchplugins\11-suche.xml
[2012.11.02 08:44:54 | 000,002,400 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\searchplugins\englische-ergebnisse.xml
[2012.11.02 08:44:54 | 000,010,701 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\searchplugins\gmx-suche.xml
[2012.11.02 08:44:54 | 000,002,683 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\searchplugins\lastminute.xml
[2012.11.02 08:44:54 | 000,003,142 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\searchplugins\Plusnetwork.xml
[2012.11.02 08:44:54 | 000,005,679 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\searchplugins\webde-suche.xml
[2012.11.02 08:44:54 | 000,002,077 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\searchplugins\{572A7EC8-AD7E-43C3-923B-B215E34EF950}.xml
[2012.11.02 08:44:54 | 000,002,522 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\searchplugins\{7F3A68AC-A40C-4DD8-8A33-0F7E176C713E}.xml
[2012.11.02 08:44:54 | 000,002,188 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\searchplugins\{B9C03137-9116-4454-AD75-F1F0E3AC8A52}.xml
[2012.11.02 08:44:54 | 000,024,039 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\searchplugins\{C1C6C55C-8419-44BC-9E0F-A7696E8DB69F}.xml
[2012.11.02 08:44:54 | 000,001,094 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\searchplugins\{DF8523C3-BF3E-4CA3-B01E-02A29DC27D3B}.xml
[2012.11.02 08:44:54 | 000,001,870 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\mozilla\firefox\profiles\plhju9ek.default\searchplugins\{EC8DC4EE-E5BA-4D79-9484-DC8274F6A39B}.xml
[2012.11.02 18:45:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.10.27 11:10:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.24 00:06:20 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.10.24 23:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.24 23:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.24 23:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.24 23:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.24 23:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.24 23:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.11.02 17:12:47 | 000,444,767 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15274 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\xxx\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKU\S-1-5-21-1998737039-4092748163-3647011320-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Chrissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Chrissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69995BF0-8239-4D47-A2BD-61B19F8F0EB6}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7E4F84D-393D-4FFB-A107-50E433003F9A}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8db12b28-4b72-11e0-a2b2-001fd027ca2f}\Shell - "" = AutoRun
O33 - MountPoints2\{8db12b28-4b72-11e0-a2b2-001fd027ca2f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.02 19:28:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Macromedia
[2012.11.02 18:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.11.02 18:45:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.11.02 16:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.11.02 16:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.11.02 16:32:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.11.02 08:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.11.02 08:46:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.11.02 08:44:54 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DesktopIconForAmazon
[2012.11.02 08:44:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\OCS
[2012.11.02 00:30:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Opera
[2012.11.02 00:30:15 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Opera
[2012.11.02 00:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012.11.01 19:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.11.01 18:15:18 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2012.11.01 18:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.01 18:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.01 18:15:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.10.27 11:10:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.10.21 16:56:32 | 000,000,000 | ---D | C] -- C:\Users\Chrissi\AppData\Roaming\Avira
[2012.10.21 16:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.21 16:51:03 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.10.21 16:51:03 | 000,083,792 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.10.21 16:51:03 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.10.21 16:51:03 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.10.21 16:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.21 16:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.10.20 17:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2012.10.20 16:55:37 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012.10.20 16:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2012.10.17 20:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Talisman Prologue Demo
[2012.10.17 20:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\Talisman Prologue Demo
[2012.10.17 20:29:50 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Programs
[2012.10.09 18:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012.10.09 18:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\Torchlight II
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.03 19:57:02 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.03 19:07:23 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.03 09:45:10 | 000,031,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 09:45:10 | 000,031,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 09:37:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.03 09:37:12 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.02 18:58:29 | 000,002,197 | ---- | M] () -- C:\Users\xxx\Desktop\Google Chrome.lnk
[2012.11.02 18:46:02 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.02 17:12:47 | 000,444,767 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.11.01 23:46:40 | 000,007,602 | ---- | M] () -- C:\Users\Chrissi\AppData\Local\resmon.resmoncfg
[2012.11.01 22:52:16 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.11.01 18:15:04 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.01 17:29:56 | 000,000,592 | ---- | M] () -- C:\ProgramData\PTOUQLBDL1ZVEL
[2012.10.28 15:50:49 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.28 15:50:49 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.28 15:50:49 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.28 15:50:49 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.09 18:25:03 | 000,000,800 | ---- | M] () -- C:\Users\Public\Desktop\Torchlight II.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.02 18:58:29 | 000,002,197 | ---- | C] () -- C:\Users\xxx\Desktop\Google Chrome.lnk
[2012.11.02 18:52:31 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.02 18:52:29 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.02 18:46:01 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.02 18:46:01 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.02 00:30:05 | 000,001,791 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.11.01 18:15:04 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.01 17:20:33 | 000,000,592 | ---- | C] () -- C:\ProgramData\PTOUQLBDL1ZVEL
[2012.10.09 18:25:03 | 000,000,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight II.lnk
[2012.10.09 18:25:03 | 000,000,800 | ---- | C] () -- C:\Users\Public\Desktop\Torchlight II.lnk
[2012.08.22 15:55:25 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.08.04 21:07:58 | 000,007,602 | ---- | C] () -- C:\Users\xxx\AppData\Local\resmon.resmoncfg
[2012.02.24 00:12:18 | 000,000,129 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.12.06 03:27:36 | 000,204,960 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011.12.06 03:27:36 | 000,157,152 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011.12.05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.11.14 20:47:22 | 000,608,507 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.11.11 21:12:32 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.11.01 17:56:09 | 000,004,608 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.19 19:26:37 | 000,000,668 | ---- | C] () -- C:\Users\xxx\rageconfig.cfg
[2011.09.27 11:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2011.09.27 11:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2011.09.27 11:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2011.09.19 13:31:09 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkserv.dll
[2011.09.19 13:31:09 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxbkusb1.dll
[2011.09.19 13:31:09 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbkutil.dll
[2011.09.19 13:31:09 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbkinpa.dll
[2011.09.19 13:31:09 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbkiesc.dll
[2011.09.19 13:31:09 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBKhcp.dll
[2011.09.19 13:31:09 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBKinst.dll
[2011.09.19 13:31:09 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbkprox.dll
[2011.09.19 13:31:09 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbkpplc.dll
[2011.09.19 13:31:08 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbkhbn3.dll
[2011.09.19 13:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomc.dll
[2011.09.19 13:31:08 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbkpmui.dll
[2011.09.19 13:31:08 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbklmpm.dll
[2011.09.19 13:31:08 | 000,537,256 | ---- | C] ( ) -- C:\Windows\System32\lxbkcoms.exe
[2011.09.19 13:31:08 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbkcomm.dll
[2011.09.19 13:31:08 | 000,385,704 | ---- | C] ( ) -- C:\Windows\System32\lxbkih.exe
[2011.09.19 13:31:08 | 000,381,608 | ---- | C] ( ) -- C:\Windows\System32\lxbkcfg.exe
[2011.09.15 19:18:27 | 000,000,338 | ---- | C] () -- C:\Windows\lexstat.ini
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.05.10 20:19:49 | 000,033,134 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\UserTile.png
[2011.03.23 21:01:18 | 000,040,960 | R--- | C] () -- C:\Windows\System32\psfind.dll
[2011.03.11 21:37:52 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.10 23:28:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.11.21 01:28:19 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.11.21 01:28:19 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.11.21 01:28:19 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.11.21 01:28:19 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 22:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.11.01 17:55:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Bioshock2
[2012.11.02 00:01:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\BrowserCompanion
[2012.11.01 17:55:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DarknessII
[2011.06.23 19:27:41 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Day 1 Studios
[2012.11.02 08:44:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DesktopIconForAmazon
[2012.11.01 18:32:39 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dropbox
[2012.01.13 21:14:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoft
[2011.09.22 19:46:33 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.11.01 17:49:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\elsterformular
[2011.05.29 11:02:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\go
[2012.02.24 00:19:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lexware
[2012.11.02 08:44:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OCS
[2012.11.02 00:30:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Opera
[2012.02.12 12:26:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Origin
[2012.04.07 10:15:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\RavensburgerTipToi
[2012.11.01 17:49:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Razer
[2012.01.15 16:51:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\runic games
[2012.11.01 18:54:30 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Spotify
[2012.11.01 17:49:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TomTom
[2012.11.02 08:49:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

So hoffe passt so mit dem Kopieren ..
Bin da immer bissel unschlüssig .
__________________

Alt 03.11.2012, 19:47   #4
markusg
/// Malware-holic
 
Mein Google geht mit primosearch fremd - Standard

Mein Google geht mit primosearch fremd



öffne avira, verwaltung, quarantäne, poste fundmeldungen mit pfadangaben.
öffne malwarebytes, berichte, poste logs mit funden
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 03.11.2012, 19:53   #5
Ilahja
 
Mein Google geht mit primosearch fremd - Standard

Mein Google geht mit primosearch fremd



hier die Antivir schon mal :

Typ: Datei
Quelle: C:\Users\Chrissi\Downloads\GrabIt Downloads\Lexware Taxman 2012 German-RESTORE.rar\Lexware Taxman 2012 German-RESTORE.rar
Status: Infiziert
Quarantäne-Objekt: 54b6ab9e.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.187
Virendefinitionsdatei: 7.11.48.160
Meldung: TR/Dropper.Gen
Datum/Uhrzeit: 02.11.2012, 18:39


Typ: Datei
Quelle: C:\Users\Chrissi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CGRIP8T\e35d2[1].pdf
Status: Infiziert
Quarantäne-Objekt: 5b9133fc.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.187
Virendefinitionsdatei: 7.11.48.152
Meldung: EXP/Pidief.dld
Datum/Uhrzeit: 01.11.2012, 17:16


Typ: Datei
Quelle: C:\Users\Chrissi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CGRIP8T\dollar-knowledge-editors[1].htm
Status: Infiziert
Quarantäne-Objekt: 58c53e00.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.187
Virendefinitionsdatei: 7.11.48.152
Meldung: EXP/JS.Blackhole.J
Datum/Uhrzeit: 01.11.2012, 17:16

Und hier der Rest von Malware

Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.03.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Chrissi :: CHRISSI-PC [Administrator]

Schutz: Deaktiviert

03.11.2012 20:54:13
mbam-log-2012-11-03 (20-54-13).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 191860
Laufzeit: 2 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Geändert von Ilahja (03.11.2012 um 19:58 Uhr)

Alt 03.11.2012, 20:48   #6
markusg
/// Malware-holic
 
Mein Google geht mit primosearch fremd - Standard

Mein Google geht mit primosearch fremd



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Mein Google geht mit primosearch fremd

Alt 03.11.2012, 22:12   #7
Ilahja
 
Mein Google geht mit primosearch fremd - Standard

Mein Google geht mit primosearch fremd



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-11-03.02 - Chrissi 03.11.2012  22:12:01.1.2 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3326.1995 [GMT 1:00]
ausgeführt von:: c:\users\Chrissi\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\PTOUQLBDL1ZVEL
C:\Thumbs.db
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-03 bis 2012-11-03  ))))))))))))))))))))))))))))))
.
.
2012-11-03 21:42 . 2012-11-03 21:44	--------	d-----w-	c:\users\Chrissi\AppData\Local\temp
2012-11-03 21:42 . 2012-11-03 21:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-02 18:28 . 2012-11-02 18:28	--------	d-----w-	c:\users\Chrissi\AppData\Local\Macromedia
2012-11-02 18:27 . 2012-11-02 18:27	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-02 18:27 . 2012-11-02 18:27	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-11-02 17:45 . 2012-11-02 17:45	--------	d-----w-	c:\program files\Mozilla Maintenance Service
2012-11-02 15:32 . 2012-11-02 18:30	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-11-02 15:32 . 2012-11-02 15:32	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2012-11-02 07:46 . 2012-11-02 07:46	--------	d-----w-	c:\program files\CCleaner
2012-11-02 07:44 . 2012-11-02 07:44	--------	d-----w-	c:\users\Chrissi\AppData\Roaming\DesktopIconForAmazon
2012-11-02 07:44 . 2012-11-02 07:44	--------	d-----w-	c:\users\Chrissi\AppData\Roaming\OCS
2012-11-01 23:30 . 2012-11-01 23:30	--------	d-----w-	c:\users\Chrissi\AppData\Local\Opera
2012-11-01 23:30 . 2012-11-01 23:30	--------	d-----w-	c:\program files\Opera
2012-11-01 18:07 . 2012-11-01 18:07	--------	d-----w-	c:\program files\ESET
2012-11-01 17:15 . 2012-11-01 17:15	--------	d-----w-	c:\users\Chrissi\AppData\Roaming\Malwarebytes
2012-11-01 17:15 . 2012-11-01 17:15	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-01 17:15 . 2012-11-01 17:15	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-10-21 15:56 . 2012-10-21 15:56	--------	d-----w-	c:\users\Chrissi\AppData\Roaming\Avira
2012-10-21 15:51 . 2012-11-01 21:52	133824	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-10-21 15:51 . 2012-09-24 07:58	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-10-21 15:51 . 2012-09-13 08:58	83792	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-10-21 15:50 . 2012-11-01 16:47	--------	d-----w-	c:\programdata\Avira
2012-10-21 15:50 . 2012-10-21 15:50	--------	d-----w-	c:\program files\Avira
2012-10-20 16:04 . 2012-10-20 16:04	--------	d-----w-	c:\programdata\LightScribe
2012-10-20 15:55 . 2012-10-20 15:55	--------	d-----w-	c:\program files\Common Files\LightScribe
2012-10-19 15:03 . 2012-10-12 05:56	6918632	------w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B461E502-2801-4F20-B14D-45F2CE7C952A}\mpengine.dll
2012-10-17 19:29 . 2012-10-17 19:30	--------	d-----w-	c:\program files\Talisman Prologue Demo
2012-10-17 19:29 . 2012-10-17 19:29	--------	d-----w-	c:\users\Chrissi\AppData\Local\Programs
2012-10-09 17:26 . 2012-11-01 16:47	--------	d-----w-	c:\programdata\RELOADED
2012-10-09 17:23 . 2012-10-20 14:54	--------	d-----w-	c:\program files\Torchlight II
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-24 16:57 . 2012-09-21 19:17	981504	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 15:20 . 2012-09-21 19:17	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-12 15:44	1292144	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 15:44	712048	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 15:44	240496	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 15:44	187760	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-26 17:02	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-10-24 17:50 . 2012-11-02 17:45	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-17 17:54	220632	----a-w-	c:\users\Chrissi\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-17 17:54	220632	----a-w-	c:\users\Chrissi\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-17 17:54	220632	----a-w-	c:\users\Chrissi\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-11-01 384800]
"Ocs_SM"="c:\users\Chrissi\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-11-02 106496]
.
c:\users\Chrissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2012-1-2 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Chrissi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\Chrissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Chrissi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Chrissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Chrissi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^tbhcn.lnk]
path=c:\users\Chrissi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk
backup=c:\windows\pss\tbhcn.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 05:22	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-08-21 12:52	202024	----a-w-	c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Diamondback]
2010-04-28 16:25	228352	----a-w-	c:\program files\Razer\Diamondback 3G\razerhid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-10-09 16:06	421736	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexwareInfoService]
2011-07-31 13:07	189808	----a-w-	c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2012-07-02 13:46	2736128	----a-w-	c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxbkbmgr.exe]
2008-02-28 09:58	74408	----a-w-	c:\program files\Lexmark X1100 Series\LXBKbmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lycosa]
2011-03-01 13:17	233984	----a-w-	c:\program files\Razer\Lycosa\razerhid.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-08-08 07:25	1828136	----a-w-	c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57	153136	----a-w-	c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-11-02 11:28	9808488	------w-	c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyDrive]
2012-10-17 17:54	238552	----a-w-	c:\users\Chrissi\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-10-28 09:02	7880664	----a-w-	c:\users\Chrissi\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2012-10-28 09:02	1199576	----a-w-	c:\users\Chrissi\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-12-05 21:46	343168	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-08-22 18:40	1353080	----a-w-	c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-01-23 04:43	247728	----a-w-	c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SearchAnonymizer;SearchAnonymizer;c:\users\Chrissi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 LycoFltr;Lycosa Keyboard;c:\windows\system32\Drivers\Lycosa.sys [x]
S3 netr73;RT73 USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr73.sys [x]
S3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\Drivers\DB3G.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 13:40	453736	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-02 17:52]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-02 17:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.searchplusnetwork.com/?sp=vit4
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\users\Chrissi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Chrissi\AppData\Roaming\Mozilla\Firefox\Profiles\plhju9ek.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.searchplusnetwork.com/?sp=vit4&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480&tt=3012_5
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 144c3b8b0000000000000022b000fe46
FF - user.js: extensions.BabylonToolbar.instlDay - 15550
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.112:44
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1998737039-4092748163-3647011320-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ef,8d,35,29,37,19,63,72,73,a5,e5,f2,e5,50,ce,37,ad,25,6a,8f,e8,d6,af,
   dd,f0,a8,d3,68,cd,94,fd,ac,ca,15,a5,d1,d6,f2,72,84,42,1f,b3,55,0f,b4,42,d0,\
"??"=hex:f5,dd,3a,18,0e,26,e2,d4,fd,32,73,44,8a,39,95,7b
.
[HKEY_USERS\S-1-5-21-1998737039-4092748163-3647011320-1001\Software\SecuROM\License information*]
"datasecu"=hex:22,fc,38,28,60,5a,7b,24,71,b7,94,9e,ad,f9,b2,3e,cd,60,eb,d2,fc,
   71,39,8d,ea,67,2c,3d,9d,22,7a,5a,f2,5a,de,93,22,84,a8,77,17,82,71,b7,70,4e,\
"rkeysecu"=hex:a0,ea,c6,b6,4f,78,91,3b,4f,0f,48,e0,3c,ea,0c,d5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-11-03  23:00:10
ComboFix-quarantined-files.txt  2012-11-03 22:00
.
Vor Suchlauf: 18 Verzeichnis(se), 100.344.844.288 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 100.183.216.128 Bytes frei
.
- - End Of File - - 5F3CB99BCBFCD3048C0CB2B7054435B4
         
--- --- ---

so hier sind meine combofix files

Alt 05.11.2012, 14:56   #8
markusg
/// Malware-holic
 
Mein Google geht mit primosearch fremd - Standard

Mein Google geht mit primosearch fremd



hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.11.2012, 18:10   #9
Ilahja
 
Mein Google geht mit primosearch fremd - Standard

Mein Google geht mit primosearch fremd



hab das programm geladen kann es aber nicht starten ... es geht immer das Fenster auf wo er frägt ob ich sicher bin ... dann nix mehr

19:15:59.0022 3464 TDSS rootkit removing tool 2.8.14.0 Oct 30 2012 13:37:33
19:16:17.0741 3464 ============================================================
19:16:17.0741 3464 Current date / time: 2012/11/05 19:16:17.0741
19:16:17.0741 3464 SystemInfo:
19:16:17.0741 3464
19:16:17.0741 3464 OS Version: 6.1.7601 ServicePack: 1.0
19:16:17.0741 3464 Product type: Workstation
19:16:17.0741 3464 ComputerName: CHRISSI-PC
19:16:17.0741 3464 UserName: Chrissi
19:16:17.0741 3464 Windows directory: C:\Windows
19:16:17.0741 3464 System windows directory: C:\Windows
19:16:17.0741 3464 Processor architecture: Intel x86
19:16:17.0741 3464 Number of processors: 2
19:16:17.0741 3464 Page size: 0x1000
19:16:17.0741 3464 Boot type: Normal boot
19:16:17.0741 3464 ============================================================
19:16:18.0390 3464 BG loaded
19:16:19.0127 3464 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8BD5E00 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:16:19.0138 3464 ============================================================
19:16:19.0138 3464 \Device\Harddisk0\DR0:
19:16:19.0139 3464 MBR partitions:
19:16:19.0139 3464 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x5753E670
19:16:19.0139 3464 ============================================================
19:16:19.0182 3464 C: <-> \Device\Harddisk0\DR0\Partition1
19:16:19.0182 3464 ============================================================
19:16:19.0182 3464 Initialize success
19:16:19.0182 3464 ============================================================
19:16:31.0825 3284 ============================================================
19:16:31.0825 3284 Scan started
19:16:31.0825 3284 Mode: Manual; SigCheck; TDLFS;
19:16:31.0825 3284 ============================================================
19:16:33.0307 3284 ================ Scan system memory ========================
19:16:33.0307 3284 System memory - ok
19:16:33.0307 3284 ================ Scan services =============================
19:16:33.0479 3284 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:16:38.0736 3284 1394ohci - ok
19:16:38.0767 3284 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:16:38.0783 3284 ACPI - ok
19:16:38.0829 3284 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:16:38.0923 3284 AcpiPmi - ok
19:16:39.0048 3284 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:16:39.0063 3284 AdobeARMservice - ok
19:16:39.0095 3284 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:16:39.0126 3284 adp94xx - ok
19:16:39.0173 3284 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:16:39.0188 3284 adpahci - ok
19:16:39.0204 3284 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:16:39.0219 3284 adpu320 - ok
19:16:39.0266 3284 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:16:39.0375 3284 AeLookupSvc - ok
19:16:39.0422 3284 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:16:39.0500 3284 AFD - ok
19:16:39.0594 3284 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:16:39.0641 3284 agp440 - ok
19:16:39.0750 3284 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:16:39.0765 3284 aic78xx - ok
19:16:39.0812 3284 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:16:39.0875 3284 ALG - ok
19:16:39.0906 3284 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:16:39.0906 3284 aliide - ok
19:16:39.0953 3284 [ EC98CA8298F67926FA50876348534B1D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:16:40.0031 3284 AMD External Events Utility - ok
19:16:40.0046 3284 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:16:40.0062 3284 amdagp - ok
19:16:40.0077 3284 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:16:40.0093 3284 amdide - ok
19:16:40.0124 3284 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:16:40.0155 3284 AmdK8 - ok
19:16:40.0327 3284 [ 65B44179CF184B08E86097BFFBF03F24 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:16:40.0655 3284 amdkmdag - ok
19:16:40.0701 3284 [ 5E1C65524FF1713711CE27879D813384 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
19:16:40.0811 3284 amdkmdap - ok
19:16:40.0857 3284 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:16:40.0904 3284 AmdPPM - ok
19:16:40.0967 3284 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:16:40.0982 3284 amdsata - ok
19:16:40.0998 3284 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:16:41.0013 3284 amdsbs - ok
19:16:41.0060 3284 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:16:41.0060 3284 amdxata - ok
19:16:41.0138 3284 [ A5569C4429D1C5494049FBFE2B2D20FF ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:16:41.0201 3284 AntiVirSchedulerService - ok
19:16:41.0216 3284 [ CB7EA00A4E70DF6828EBB68633D000D2 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:16:41.0232 3284 AntiVirService - ok
19:16:41.0263 3284 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:16:41.0310 3284 AppID - ok
19:16:41.0357 3284 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:16:41.0403 3284 AppIDSvc - ok
19:16:41.0419 3284 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
19:16:41.0481 3284 Appinfo - ok
19:16:41.0591 3284 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:16:41.0606 3284 Apple Mobile Device - ok
19:16:41.0653 3284 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
19:16:41.0715 3284 AppMgmt - ok
19:16:41.0747 3284 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
19:16:41.0762 3284 arc - ok
19:16:41.0809 3284 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:16:41.0825 3284 arcsas - ok
19:16:41.0856 3284 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:16:41.0949 3284 AsyncMac - ok
19:16:41.0965 3284 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:16:41.0981 3284 atapi - ok
19:16:42.0027 3284 [ 7725AECCEDDF81BD8374C77157E450EA ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys
19:16:42.0059 3284 AtiHDAudioService - ok
19:16:42.0885 3284 [ 65B44179CF184B08E86097BFFBF03F24 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:16:42.0963 3284 atikmdag - ok
19:16:43.0010 3284 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:16:43.0073 3284 AudioEndpointBuilder - ok
19:16:43.0104 3284 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:16:43.0119 3284 Audiosrv - ok
19:16:43.0182 3284 [ 583B68234A159BA64090F3CAE7360F03 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:16:43.0197 3284 avgntflt - ok
19:16:43.0244 3284 [ CCBF1BB6FA35268C1D39FC10DC2DB25D ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:16:43.0260 3284 avipbb - ok
19:16:43.0291 3284 [ 52EC5F852B42136C513B9009A3C27891 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:16:43.0307 3284 avkmgr - ok
19:16:43.0353 3284 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:16:43.0431 3284 AxInstSV - ok
19:16:43.0494 3284 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
19:16:43.0572 3284 b06bdrv - ok
19:16:43.0619 3284 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:16:43.0665 3284 b57nd60x - ok
19:16:43.0712 3284 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:16:43.0775 3284 BDESVC - ok
19:16:43.0806 3284 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:16:43.0837 3284 Beep - ok
19:16:43.0884 3284 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:16:43.0931 3284 BFE - ok
19:16:44.0024 3284 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
19:16:44.0071 3284 BITS - ok
19:16:44.0071 3284 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:16:44.0118 3284 blbdrive - ok
19:16:44.0227 3284 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:16:44.0258 3284 Bonjour Service - ok
19:16:44.0305 3284 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:16:44.0367 3284 bowser - ok
19:16:44.0399 3284 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:16:44.0445 3284 BrFiltLo - ok
19:16:44.0461 3284 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:16:44.0492 3284 BrFiltUp - ok
19:16:44.0555 3284 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
19:16:44.0601 3284 BridgeMP - ok
19:16:44.0648 3284 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:16:44.0711 3284 Browser - ok
19:16:44.0726 3284 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:16:44.0773 3284 Brserid - ok
19:16:44.0773 3284 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:16:44.0820 3284 BrSerWdm - ok
19:16:44.0835 3284 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:16:44.0851 3284 BrUsbMdm - ok
19:16:44.0867 3284 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:16:44.0913 3284 BrUsbSer - ok
19:16:44.0945 3284 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:16:44.0976 3284 BTHMODEM - ok
19:16:45.0038 3284 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:16:45.0085 3284 bthserv - ok
19:16:45.0257 3284 catchme - ok
19:16:45.0272 3284 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:16:45.0319 3284 cdfs - ok
19:16:45.0366 3284 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:16:45.0397 3284 cdrom - ok
19:16:45.0444 3284 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:16:45.0491 3284 CertPropSvc - ok
19:16:45.0537 3284 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
19:16:45.0569 3284 circlass - ok
19:16:45.0584 3284 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:16:45.0600 3284 CLFS - ok
19:16:45.0709 3284 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:16:45.0725 3284 clr_optimization_v2.0.50727_32 - ok
19:16:45.0771 3284 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:16:45.0818 3284 clr_optimization_v4.0.30319_32 - ok
19:16:45.0834 3284 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:16:45.0865 3284 CmBatt - ok
19:16:45.0896 3284 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:16:45.0912 3284 cmdide - ok
19:16:45.0974 3284 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
19:16:46.0021 3284 CNG - ok
19:16:46.0037 3284 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:16:46.0052 3284 Compbatt - ok
19:16:46.0083 3284 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
19:16:46.0115 3284 CompositeBus - ok
19:16:46.0146 3284 COMSysApp - ok
19:16:46.0161 3284 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:16:46.0161 3284 crcdisk - ok
19:16:46.0208 3284 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:16:46.0271 3284 CryptSvc - ok
19:16:46.0286 3284 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
19:16:46.0349 3284 CSC - ok
19:16:46.0380 3284 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
19:16:46.0427 3284 CscService - ok
19:16:46.0458 3284 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:16:46.0505 3284 DcomLaunch - ok
19:16:46.0583 3284 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:16:46.0645 3284 defragsvc - ok
19:16:46.0692 3284 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:16:46.0723 3284 DfsC - ok
19:16:46.0770 3284 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:16:46.0817 3284 Dhcp - ok
19:16:46.0848 3284 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:16:46.0879 3284 discache - ok
19:16:46.0926 3284 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
19:16:46.0941 3284 Disk - ok
19:16:46.0957 3284 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
19:16:47.0004 3284 dmvsc - ok
19:16:47.0035 3284 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:16:47.0097 3284 Dnscache - ok
19:16:47.0160 3284 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:16:47.0207 3284 dot3svc - ok
19:16:47.0253 3284 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:16:47.0300 3284 DPS - ok
19:16:47.0347 3284 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:16:47.0378 3284 drmkaud - ok
19:16:47.0425 3284 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:16:47.0456 3284 DXGKrnl - ok
19:16:47.0503 3284 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:16:47.0550 3284 EapHost - ok
19:16:47.0659 3284 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
19:16:47.0768 3284 ebdrv - ok
19:16:47.0815 3284 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:16:47.0877 3284 EFS - ok
19:16:47.0955 3284 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:16:48.0002 3284 ehRecvr - ok
19:16:48.0018 3284 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:16:48.0065 3284 ehSched - ok
19:16:48.0111 3284 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
19:16:48.0127 3284 ElbyCDIO - ok
19:16:48.0174 3284 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:16:48.0205 3284 elxstor - ok
19:16:48.0221 3284 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:16:48.0267 3284 ErrDev - ok
19:16:48.0345 3284 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:16:48.0377 3284 EventSystem - ok
19:16:48.0455 3284 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:16:48.0501 3284 exfat - ok
19:16:48.0517 3284 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:16:48.0548 3284 fastfat - ok
19:16:48.0595 3284 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:16:48.0642 3284 Fax - ok
19:16:48.0657 3284 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:16:48.0689 3284 fdc - ok
19:16:48.0720 3284 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:16:48.0751 3284 fdPHost - ok
19:16:48.0782 3284 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:16:48.0798 3284 FDResPub - ok
19:16:48.0829 3284 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:16:48.0829 3284 FileInfo - ok
19:16:48.0845 3284 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:16:48.0891 3284 Filetrace - ok
19:16:48.0923 3284 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:16:48.0954 3284 flpydisk - ok
19:16:48.0985 3284 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:16:49.0001 3284 FltMgr - ok
19:16:49.0047 3284 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
19:16:49.0141 3284 FontCache - ok
19:16:49.0219 3284 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:16:49.0235 3284 FontCache3.0.0.0 - ok
19:16:49.0250 3284 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:16:49.0266 3284 FsDepends - ok
19:16:49.0297 3284 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:16:49.0313 3284 Fs_Rec - ok
19:16:49.0344 3284 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:16:49.0359 3284 fvevol - ok
19:16:49.0391 3284 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:16:49.0406 3284 gagp30kx - ok
19:16:49.0437 3284 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:16:49.0437 3284 GEARAspiWDM - ok
19:16:49.0500 3284 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\Windows\system32\giveio.sys
19:16:49.0531 3284 giveio ( UnsignedFile.Multi.Generic ) - warning
19:16:49.0531 3284 giveio - detected UnsignedFile.Multi.Generic (1)
19:16:49.0578 3284 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:16:49.0640 3284 gpsvc - ok
19:16:49.0703 3284 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:16:49.0718 3284 gupdate - ok
19:16:49.0718 3284 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:16:49.0734 3284 gupdatem - ok
19:16:49.0781 3284 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:16:49.0796 3284 gusvc - ok
19:16:49.0843 3284 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:16:49.0890 3284 hcw85cir - ok
19:16:49.0937 3284 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:16:49.0999 3284 HdAudAddService - ok
19:16:50.0030 3284 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:16:50.0061 3284 HDAudBus - ok
19:16:50.0093 3284 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:16:50.0139 3284 HidBatt - ok
19:16:50.0155 3284 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:16:50.0202 3284 HidBth - ok
19:16:50.0233 3284 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:16:50.0264 3284 HidIr - ok
19:16:50.0295 3284 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
19:16:50.0342 3284 hidserv - ok
19:16:50.0373 3284 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:16:50.0405 3284 HidUsb - ok
19:16:50.0451 3284 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:16:50.0483 3284 hkmsvc - ok
19:16:50.0498 3284 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:16:50.0576 3284 HomeGroupListener - ok
19:16:50.0607 3284 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:16:50.0654 3284 HomeGroupProvider - ok
19:16:50.0685 3284 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:16:50.0701 3284 HpSAMD - ok
19:16:50.0748 3284 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:16:50.0779 3284 HTTP - ok
19:16:50.0795 3284 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:16:50.0810 3284 hwpolicy - ok
19:16:50.0841 3284 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:16:50.0873 3284 i8042prt - ok
19:16:50.0966 3284 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:16:50.0982 3284 iaStorV - ok
19:16:51.0200 3284 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:16:51.0247 3284 idsvc - ok
19:16:51.0263 3284 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:16:51.0278 3284 iirsp - ok
19:16:51.0341 3284 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:16:51.0387 3284 IKEEXT - ok
19:16:51.0528 3284 [ DA6EE479071883D263E75BE7A67A70B8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:16:51.0575 3284 IntcAzAudAddService - ok
19:16:51.0606 3284 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:16:51.0637 3284 intelide - ok
19:16:51.0684 3284 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:16:51.0699 3284 intelppm - ok
19:16:51.0731 3284 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:16:51.0777 3284 IPBusEnum - ok
19:16:51.0809 3284 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:16:51.0840 3284 IpFilterDriver - ok
19:16:51.0855 3284 [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:16:51.0918 3284 iphlpsvc - ok
19:16:51.0933 3284 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:16:51.0949 3284 IPMIDRV - ok
19:16:51.0980 3284 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:16:52.0027 3284 IPNAT - ok
19:16:52.0089 3284 [ 33642C17C232AA272C68E446A2619899 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:16:52.0152 3284 iPod Service - ok
19:16:52.0167 3284 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:16:52.0199 3284 IRENUM - ok
19:16:52.0230 3284 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:16:52.0245 3284 isapnp - ok
19:16:52.0308 3284 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:16:52.0339 3284 iScsiPrt - ok
19:16:52.0370 3284 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:16:52.0386 3284 kbdclass - ok
19:16:52.0401 3284 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:16:52.0433 3284 kbdhid - ok
19:16:52.0448 3284 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:16:52.0464 3284 KeyIso - ok
19:16:52.0495 3284 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:16:52.0526 3284 KSecDD - ok
19:16:52.0557 3284 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:16:52.0589 3284 KSecPkg - ok
19:16:52.0604 3284 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:16:52.0651 3284 KtmRm - ok
19:16:52.0698 3284 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
19:16:52.0729 3284 LanmanServer - ok
19:16:52.0776 3284 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:16:52.0791 3284 LanmanWorkstation - ok
19:16:52.0885 3284 [ EE963D96BFD97E54BA6CE6D2AC58DE35 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
19:16:52.0916 3284 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
19:16:52.0916 3284 LightScribeService - detected UnsignedFile.Multi.Generic (1)
19:16:52.0979 3284 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:16:53.0025 3284 lltdio - ok
19:16:53.0072 3284 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:16:53.0103 3284 lltdsvc - ok
19:16:53.0103 3284 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:16:53.0150 3284 lmhosts - ok
19:16:53.0197 3284 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:16:53.0213 3284 LSI_FC - ok
19:16:53.0228 3284 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:16:53.0244 3284 LSI_SAS - ok
19:16:53.0259 3284 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:16:53.0275 3284 LSI_SAS2 - ok
19:16:53.0291 3284 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:16:53.0306 3284 LSI_SCSI - ok
19:16:53.0337 3284 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:16:53.0353 3284 luafv - ok
19:16:53.0384 3284 lxbk_device - ok
19:16:53.0415 3284 [ FEE74A4398896793A62C6E8423EDBD41 ] LycoFltr C:\Windows\system32\Drivers\Lycosa.sys
19:16:53.0462 3284 LycoFltr - ok
19:16:53.0478 3284 MBAMProtector - ok
19:16:53.0525 3284 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:16:53.0540 3284 MBAMScheduler - ok
19:16:53.0571 3284 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:16:53.0618 3284 MBAMService - ok
19:16:53.0727 3284 [ 034606B82FA5BD3E73AB427B6D55F915 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
19:16:53.0759 3284 McComponentHostService - ok
19:16:53.0790 3284 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:16:53.0805 3284 Mcx2Svc - ok
19:16:53.0837 3284 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
19:16:53.0852 3284 megasas - ok
19:16:53.0868 3284 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:16:53.0883 3284 MegaSR - ok
19:16:53.0915 3284 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:16:53.0961 3284 MMCSS - ok
19:16:53.0993 3284 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:16:54.0039 3284 Modem - ok
19:16:54.0071 3284 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:16:54.0117 3284 monitor - ok
19:16:54.0149 3284 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:16:54.0164 3284 mouclass - ok
19:16:54.0180 3284 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:16:54.0227 3284 mouhid - ok
19:16:54.0242 3284 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:16:54.0273 3284 mountmgr - ok
19:16:54.0320 3284 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:16:54.0336 3284 MozillaMaintenance - ok
19:16:54.0367 3284 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:16:54.0383 3284 mpio - ok
19:16:54.0383 3284 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:16:54.0414 3284 mpsdrv - ok
19:16:54.0445 3284 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:16:54.0507 3284 MpsSvc - ok
19:16:54.0523 3284 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:16:54.0570 3284 MRxDAV - ok
19:16:54.0601 3284 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:16:54.0648 3284 mrxsmb - ok
19:16:54.0679 3284 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:16:54.0726 3284 mrxsmb10 - ok
19:16:54.0757 3284 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:16:54.0788 3284 mrxsmb20 - ok
19:16:54.0835 3284 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:16:54.0835 3284 msahci - ok
19:16:54.0851 3284 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:16:54.0866 3284 msdsm - ok
19:16:54.0913 3284 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:16:54.0960 3284 MSDTC - ok
19:16:54.0991 3284 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:16:55.0007 3284 Msfs - ok
19:16:55.0022 3284 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:16:55.0069 3284 mshidkmdf - ok
19:16:55.0085 3284 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:16:55.0100 3284 msisadrv - ok
19:16:55.0147 3284 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:16:55.0209 3284 MSiSCSI - ok
19:16:55.0209 3284 msiserver - ok
19:16:55.0241 3284 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:16:55.0256 3284 MSKSSRV - ok
19:16:55.0287 3284 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:16:55.0334 3284 MSPCLOCK - ok
19:16:55.0350 3284 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:16:55.0397 3284 MSPQM - ok
19:16:55.0428 3284 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:16:55.0459 3284 MsRPC - ok
19:16:55.0475 3284 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:16:55.0490 3284 mssmbios - ok
19:16:55.0490 3284 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:16:55.0521 3284 MSTEE - ok
19:16:55.0537 3284 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:16:55.0568 3284 MTConfig - ok
19:16:55.0584 3284 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:16:55.0599 3284 Mup - ok
19:16:55.0693 3284 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:16:55.0755 3284 napagent - ok
19:16:55.0818 3284 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:16:55.0865 3284 NativeWifiP - ok
19:16:56.0005 3284 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:16:56.0223 3284 NDIS - ok
19:16:56.0270 3284 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:16:56.0317 3284 NdisCap - ok
19:16:56.0348 3284 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:16:56.0411 3284 NdisTapi - ok
19:16:56.0442 3284 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:16:56.0489 3284 Ndisuio - ok
19:16:56.0504 3284 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:16:56.0535 3284 NdisWan - ok
19:16:56.0567 3284 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:16:56.0582 3284 NDProxy - ok
19:16:56.0816 3284 [ A0101E836D2A39682E134C47B1565256 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
19:16:56.0863 3284 Nero BackItUp Scheduler 3 - ok
19:16:56.0894 3284 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:16:56.0925 3284 NetBIOS - ok
19:16:56.0957 3284 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:16:57.0003 3284 NetBT - ok
19:16:57.0035 3284 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:16:57.0035 3284 Netlogon - ok
19:16:57.0081 3284 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:16:57.0128 3284 Netman - ok
19:16:57.0159 3284 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:16:57.0222 3284 netprofm - ok
19:16:57.0300 3284 [ 76B1157EF850830C5ECE61D3E591CA8B ] netr73 C:\Windows\system32\DRIVERS\netr73.sys
19:16:57.0347 3284 netr73 - ok
19:16:57.0378 3284 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:16:57.0425 3284 NetTcpPortSharing - ok
19:16:57.0471 3284 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:16:57.0503 3284 nfrd960 - ok
19:16:57.0534 3284 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:16:57.0596 3284 NlaSvc - ok
19:16:57.0705 3284 [ CC5329EC37117B3CD7CB8674BC118519 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
19:16:57.0737 3284 NMIndexingService - ok
19:16:57.0752 3284 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:16:57.0799 3284 Npfs - ok
19:16:57.0861 3284 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:16:57.0908 3284 nsi - ok
19:16:57.0939 3284 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:16:57.0971 3284 nsiproxy - ok
19:16:58.0033 3284 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:16:58.0111 3284 Ntfs - ok
19:16:58.0127 3284 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:16:58.0173 3284 Null - ok
19:16:58.0220 3284 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:16:58.0236 3284 nvraid - ok
19:16:58.0283 3284 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:16:58.0298 3284 nvstor - ok
19:16:58.0314 3284 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:16:58.0329 3284 nv_agp - ok
19:16:58.0345 3284 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:16:58.0376 3284 ohci1394 - ok
19:16:58.0423 3284 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:16:58.0501 3284 p2pimsvc - ok
19:16:58.0532 3284 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:16:58.0595 3284 p2psvc - ok
19:16:58.0657 3284 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:16:58.0688 3284 Parport - ok
19:16:58.0704 3284 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:16:58.0719 3284 partmgr - ok
19:16:58.0735 3284 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:16:58.0735 3284 Parvdm - ok
19:16:58.0751 3284 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:16:58.0782 3284 PcaSvc - ok
19:16:58.0782 3284 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:16:58.0797 3284 pci - ok
19:16:58.0813 3284 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:16:58.0829 3284 pciide - ok
19:16:58.0829 3284 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:16:58.0860 3284 pcmcia - ok
19:16:58.0860 3284 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:16:58.0875 3284 pcw - ok
19:16:58.0891 3284 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:16:58.0953 3284 PEAUTH - ok
19:16:59.0016 3284 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
19:16:59.0125 3284 PeerDistSvc - ok
19:16:59.0187 3284 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:16:59.0297 3284 pla - ok
19:16:59.0421 3284 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:16:59.0546 3284 PlugPlay - ok
19:16:59.0546 3284 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:16:59.0593 3284 PNRPAutoReg - ok
19:16:59.0609 3284 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:16:59.0624 3284 PNRPsvc - ok
19:16:59.0671 3284 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:16:59.0749 3284 PolicyAgent - ok
19:16:59.0780 3284 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:16:59.0843 3284 Power - ok
19:16:59.0905 3284 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:16:59.0936 3284 PptpMiniport - ok
19:16:59.0952 3284 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
19:16:59.0983 3284 Processor - ok
19:17:00.0014 3284 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:17:00.0077 3284 ProfSvc - ok
19:17:00.0092 3284 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:17:00.0108 3284 ProtectedStorage - ok
19:17:00.0139 3284 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:17:00.0186 3284 Psched - ok
19:17:00.0248 3284 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:17:00.0326 3284 ql2300 - ok
19:17:00.0342 3284 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:17:00.0357 3284 ql40xx - ok
19:17:00.0404 3284 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:17:00.0435 3284 QWAVE - ok
19:17:00.0467 3284 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:17:00.0482 3284 QWAVEdrv - ok
19:17:00.0498 3284 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:17:00.0529 3284 RasAcd - ok
19:17:00.0591 3284 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:17:00.0607 3284 RasAgileVpn - ok
19:17:00.0623 3284 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:17:00.0669 3284 RasAuto - ok
19:17:00.0685 3284 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:17:00.0732 3284 Rasl2tp - ok
19:17:00.0779 3284 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:17:00.0841 3284 RasMan - ok
19:17:00.0857 3284 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:17:00.0888 3284 RasPppoe - ok
19:17:00.0935 3284 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:17:00.0997 3284 RasSstp - ok
19:17:01.0028 3284 [ 116C340ACF37602D12CAC6DE6B8107CD ] Razerlow C:\Windows\system32\Drivers\DB3G.sys
19:17:01.0091 3284 Razerlow - ok
19:17:01.0106 3284 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:17:01.0153 3284 rdbss - ok
19:17:01.0184 3284 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:17:01.0200 3284 rdpbus - ok
19:17:01.0215 3284 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:17:01.0262 3284 RDPCDD - ok
19:17:01.0278 3284 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
19:17:01.0340 3284 RDPDR - ok
19:17:01.0356 3284 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:17:01.0387 3284 RDPENCDD - ok
19:17:01.0418 3284 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:17:01.0434 3284 RDPREFMP - ok
19:17:01.0496 3284 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:17:01.0527 3284 RDPWD - ok
19:17:01.0543 3284 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:17:01.0559 3284 rdyboost - ok
19:17:01.0605 3284 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:17:01.0637 3284 RemoteAccess - ok
19:17:01.0699 3284 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:17:01.0746 3284 RemoteRegistry - ok
19:17:01.0761 3284 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:17:01.0824 3284 RpcEptMapper - ok
19:17:01.0855 3284 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:17:01.0886 3284 RpcLocator - ok
19:17:01.0917 3284 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:17:01.0949 3284 RpcSs - ok
19:17:01.0980 3284 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:17:02.0042 3284 rspndr - ok
19:17:02.0089 3284 [ 2FDC33B63F80FBFE95203C2186AF0CE8 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
19:17:02.0105 3284 RTHDMIAzAudService - ok
19:17:02.0167 3284 [ 3983CEA05BB855351D75F5482B6C42CE ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
19:17:02.0198 3284 RTL8167 - ok
19:17:02.0229 3284 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
19:17:02.0276 3284 s3cap - ok
19:17:02.0292 3284 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:17:02.0307 3284 SamSs - ok
19:17:02.0323 3284 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:17:02.0339 3284 sbp2port - ok
19:17:02.0432 3284 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
19:17:02.0463 3284 SBSDWSCService - ok
19:17:02.0479 3284 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:17:02.0573 3284 SCardSvr - ok
19:17:02.0588 3284 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:17:02.0635 3284 scfilter - ok
19:17:02.0682 3284 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:17:02.0744 3284 Schedule - ok
19:17:02.0760 3284 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:17:02.0791 3284 SCPolicySvc - ok
19:17:02.0791 3284 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:17:02.0885 3284 SDRSVC - ok
19:17:02.0963 3284 [ 0F4A80438E7286A0E623582F5F2395BD ] SearchAnonymizer C:\Users\Chrissi\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
19:17:02.0994 3284 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - warning
19:17:02.0994 3284 SearchAnonymizer - detected UnsignedFile.Multi.Generic (1)
19:17:03.0072 3284 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:17:03.0103 3284 secdrv - ok
19:17:03.0134 3284 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:17:03.0165 3284 seclogon - ok
19:17:03.0212 3284 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
19:17:03.0243 3284 SENS - ok
19:17:03.0275 3284 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:17:03.0321 3284 SensrSvc - ok
19:17:03.0337 3284 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:17:03.0353 3284 Serenum - ok
19:17:03.0353 3284 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
19:17:03.0399 3284 Serial - ok
19:17:03.0431 3284 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:17:03.0446 3284 sermouse - ok
19:17:03.0462 3284 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:17:03.0524 3284 SessionEnv - ok
19:17:03.0540 3284 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:17:03.0587 3284 sffdisk - ok
19:17:03.0618 3284 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:17:03.0899 3284 sffp_mmc - ok
19:17:03.0961 3284 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:17:04.0008 3284 sffp_sd - ok
19:17:04.0039 3284 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:17:04.0070 3284 sfloppy - ok
19:17:04.0117 3284 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:17:04.0179 3284 SharedAccess - ok
19:17:04.0211 3284 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:17:04.0273 3284 ShellHWDetection - ok
19:17:04.0289 3284 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:17:04.0304 3284 sisagp - ok
19:17:04.0335 3284 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:17:04.0351 3284 SiSRaid2 - ok
19:17:04.0351 3284 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:17:04.0367 3284 SiSRaid4 - ok
19:17:04.0445 3284 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:17:04.0445 3284 SkypeUpdate - ok
19:17:04.0476 3284 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:17:04.0523 3284 Smb - ok
19:17:04.0569 3284 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:17:04.0585 3284 SNMPTRAP - ok
19:17:04.0632 3284 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\Windows\system32\speedfan.sys
19:17:04.0757 3284 speedfan - ok
19:17:04.0788 3284 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:17:04.0803 3284 spldr - ok
19:17:04.0881 3284 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:17:04.0944 3284 Spooler - ok
19:17:05.0037 3284 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:17:05.0162 3284 sppsvc - ok
19:17:05.0162 3284 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:17:05.0209 3284 sppuinotify - ok
19:17:05.0287 3284 [ A80CD850D69D996C832BEA37E3A6AA1E ] sptd C:\Windows\system32\Drivers\sptd.sys
19:17:05.0287 3284 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: A80CD850D69D996C832BEA37E3A6AA1E
19:17:05.0287 3284 sptd ( LockedFile.Multi.Generic ) - warning
19:17:05.0287 3284 sptd - detected LockedFile.Multi.Generic (1)
19:17:05.0349 3284 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:17:05.0412 3284 srv - ok
19:17:05.0427 3284 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:17:05.0474 3284 srv2 - ok
19:17:05.0490 3284 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:17:05.0537 3284 srvnet - ok
19:17:05.0583 3284 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:17:05.0615 3284 SSDPSRV - ok
19:17:05.0677 3284 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
19:17:05.0693 3284 ssmdrv - ok
19:17:05.0708 3284 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:17:05.0771 3284 SstpSvc - ok
19:17:05.0817 3284 Steam Client Service - ok
19:17:05.0849 3284 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:17:05.0864 3284 stexstor - ok
19:17:05.0911 3284 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:17:05.0958 3284 StiSvc - ok
19:17:05.0989 3284 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
19:17:06.0020 3284 storflt - ok
19:17:06.0051 3284 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
19:17:06.0083 3284 StorSvc - ok
19:17:06.0114 3284 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
19:17:06.0129 3284 storvsc - ok
19:17:06.0145 3284 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:17:06.0161 3284 swenum - ok
19:17:06.0176 3284 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:17:06.0254 3284 swprv - ok
19:17:06.0441 3284 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:17:06.0473 3284 SysMain - ok
19:17:06.0504 3284 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:17:06.0551 3284 TabletInputService - ok
19:17:06.0597 3284 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:17:06.0660 3284 TapiSrv - ok
19:17:06.0691 3284 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:17:06.0738 3284 TBS - ok
19:17:06.0816 3284 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:17:06.0894 3284 Tcpip - ok
19:17:06.0925 3284 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:17:06.0941 3284 TCPIP6 - ok
19:17:07.0003 3284 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:17:07.0050 3284 tcpipreg - ok
19:17:07.0081 3284 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:17:07.0112 3284 TDPIPE - ok
19:17:07.0143 3284 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:17:07.0175 3284 TDTCP - ok
19:17:07.0190 3284 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:17:07.0206 3284 tdx - ok
19:17:07.0237 3284 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:17:07.0253 3284 TermDD - ok
19:17:07.0362 3284 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:17:07.0409 3284 TermService - ok
19:17:07.0424 3284 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:17:07.0487 3284 Themes - ok
19:17:07.0518 3284 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:17:07.0533 3284 THREADORDER - ok
19:17:07.0596 3284 [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
19:17:07.0596 3284 TomTomHOMEService - ok
19:17:07.0627 3284 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:17:07.0674 3284 TrkWks - ok
19:17:07.0736 3284 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:17:07.0783 3284 TrustedInstaller - ok
19:17:07.0814 3284 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:17:07.0861 3284 tssecsrv - ok
19:17:07.0892 3284 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:17:07.0955 3284 TsUsbFlt - ok
19:17:07.0986 3284 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:17:08.0001 3284 TsUsbGD - ok
19:17:08.0017 3284 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:17:08.0048 3284 tunnel - ok
19:17:08.0064 3284 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:17:08.0079 3284 uagp35 - ok
19:17:08.0095 3284 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:17:08.0142 3284 udfs - ok
19:17:08.0173 3284 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:17:08.0235 3284 UI0Detect - ok
19:17:08.0267 3284 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:17:08.0282 3284 uliagpkx - ok
19:17:08.0298 3284 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:17:08.0313 3284 umbus - ok
19:17:08.0360 3284 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
19:17:08.0391 3284 UmPass - ok
19:17:08.0423 3284 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
19:17:08.0485 3284 UmRdpService - ok
19:17:08.0516 3284 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:17:08.0579 3284 upnphost - ok
19:17:08.0641 3284 [ 83CAFCB53201BBAC04D822F32438E244 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
19:17:08.0672 3284 USBAAPL - ok
19:17:08.0703 3284 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:17:08.0750 3284 usbccgp - ok
19:17:08.0781 3284 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:17:08.0797 3284 usbcir - ok
19:17:08.0844 3284 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:17:08.0875 3284 usbehci - ok
19:17:08.0922 3284 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:17:08.0937 3284 usbhub - ok
19:17:08.0953 3284 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:17:09.0000 3284 usbohci - ok
19:17:09.0062 3284 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:17:09.0093 3284 usbprint - ok
19:17:09.0156 3284 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:17:09.0187 3284 usbscan - ok
19:17:09.0218 3284 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:17:09.0281 3284 USBSTOR - ok
19:17:09.0296 3284 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:17:09.0327 3284 usbuhci - ok
19:17:09.0374 3284 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:17:09.0421 3284 UxSms - ok
19:17:09.0452 3284 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:17:09.0468 3284 VaultSvc - ok
19:17:09.0499 3284 [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
19:17:09.0515 3284 VClone - ok
19:17:09.0577 3284 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:17:09.0593 3284 vdrvroot - ok
19:17:09.0733 3284 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:17:09.0842 3284 vds - ok
19:17:09.0858 3284 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:17:09.0905 3284 vga - ok
19:17:09.0920 3284 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:17:09.0951 3284 VgaSave - ok
19:17:09.0983 3284 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:17:10.0014 3284 vhdmp - ok
19:17:10.0029 3284 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:17:10.0045 3284 viaagp - ok
19:17:10.0061 3284 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:17:10.0107 3284 ViaC7 - ok
19:17:10.0139 3284 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:17:10.0154 3284 viaide - ok
19:17:10.0217 3284 [ 07C20E596A0838809BC5FF5DE5A65973 ] VKbms C:\Windows\system32\DRIVERS\VKbms.sys
19:17:10.0248 3284 VKbms - ok
19:17:10.0279 3284 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
19:17:10.0310 3284 vmbus - ok
19:17:10.0326 3284 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
19:17:10.0388 3284 VMBusHID - ok
19:17:10.0404 3284 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:17:10.0419 3284 volmgr - ok
19:17:10.0466 3284 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:17:10.0497 3284 volmgrx - ok
19:17:10.0544 3284 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:17:10.0560 3284 volsnap - ok
19:17:10.0607 3284 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:17:10.0700 3284 vsmraid - ok
19:17:10.0794 3284 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:17:10.0887 3284 VSS - ok
19:17:10.0903 3284 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:17:10.0919 3284 vwifibus - ok
19:17:10.0965 3284 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:17:11.0028 3284 vwififlt - ok
19:17:11.0106 3284 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:17:11.0137 3284 vwifimp - ok
19:17:11.0153 3284 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:17:11.0293 3284 W32Time - ok
19:17:11.0309 3284 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:17:11.0418 3284 WacomPen - ok
19:17:11.0511 3284 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:17:11.0558 3284 WANARP - ok
19:17:11.0574 3284 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:17:11.0589 3284 Wanarpv6 - ok
19:17:11.0652 3284 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:17:11.0855 3284 wbengine - ok
19:17:11.0886 3284 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:17:11.0933 3284 WbioSrvc - ok
19:17:11.0948 3284 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:17:11.0979 3284 wcncsvc - ok
19:17:11.0995 3284 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:17:12.0057 3284 WcsPlugInService - ok
19:17:12.0089 3284 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
19:17:12.0104 3284 Wd - ok
19:17:12.0135 3284 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:17:12.0182 3284 Wdf01000 - ok
19:17:12.0198 3284 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:17:12.0245 3284 WdiServiceHost - ok
19:17:12.0245 3284 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:17:12.0260 3284 WdiSystemHost - ok
19:17:12.0307 3284 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:17:12.0369 3284 WebClient - ok
19:17:12.0416 3284 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:17:12.0432 3284 Wecsvc - ok
19:17:12.0447 3284 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:17:12.0479 3284 wercplsupport - ok
19:17:12.0494 3284 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:17:12.0557 3284 WerSvc - ok
19:17:12.0603 3284 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:17:12.0619 3284 WfpLwf - ok
19:17:12.0635 3284 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:17:12.0650 3284 WIMMount - ok
19:17:12.0775 3284 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:17:12.0822 3284 WinDefend - ok
19:17:12.0822 3284 WinHttpAutoProxySvc - ok
19:17:12.0915 3284 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:17:12.0947 3284 Winmgmt - ok
19:17:13.0103 3284 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:17:13.0243 3284 WinRM - ok
19:17:13.0337 3284 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:17:13.0368 3284 WinUsb - ok
19:17:13.0461 3284 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:17:13.0524 3284 Wlansvc - ok
19:17:13.0555 3284 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:17:13.0586 3284 WmiAcpi - ok
19:17:13.0649 3284 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:17:13.0695 3284 wmiApSrv - ok
19:17:13.0805 3284 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:17:13.0914 3284 WMPNetworkSvc - ok
19:17:13.0945 3284 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:17:14.0007 3284 WPCSvc - ok
19:17:14.0023 3284 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:17:14.0101 3284 WPDBusEnum - ok
19:17:14.0117 3284 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:17:14.0179 3284 ws2ifsl - ok
19:17:14.0210 3284 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
19:17:14.0226 3284 wscsvc - ok
19:17:14.0226 3284 WSearch - ok
19:17:14.0538 3284 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:17:14.0600 3284 wuauserv - ok
19:17:14.0616 3284 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:17:14.0663 3284 WudfPf - ok
19:17:14.0709 3284 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:17:14.0741 3284 WUDFRd - ok
19:17:14.0803 3284 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:17:14.0819 3284 wudfsvc - ok
19:17:14.0834 3284 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:17:14.0881 3284 WwanSvc - ok
19:17:14.0912 3284 ================ Scan global ===============================
19:17:14.0943 3284 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:17:14.0975 3284 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
19:17:15.0006 3284 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
19:17:15.0037 3284 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:17:15.0099 3284 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:17:15.0099 3284 [Global] - ok
19:17:15.0099 3284 ================ Scan MBR ==================================
19:17:15.0115 3284 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:17:16.0176 3284 \Device\Harddisk0\DR0 - ok
19:17:16.0176 3284 ================ Scan VBR ==================================
19:17:16.0191 3284 [ 82BA8292179750482D0FE122120868DA ] \Device\Harddisk0\DR0\Partition1
19:17:16.0207 3284 \Device\Harddisk0\DR0\Partition1 - ok
19:17:16.0207 3284 ============================================================
19:17:16.0207 3284 Scan finished
19:17:16.0207 3284 ============================================================
19:17:16.0207 3304 Detected object count: 4
19:17:16.0207 3304 Actual detected object count: 4
19:23:52.0604 3304 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
19:23:52.0604 3304 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:23:52.0604 3304 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
19:23:52.0604 3304 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:23:52.0604 3304 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - skipped by user
19:23:52.0604 3304 SearchAnonymizer ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:23:52.0604 3304 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:23:52.0604 3304 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

so hoffe passt so . Gruß Christian

Alt 07.11.2012, 15:58   #10
markusg
/// Malware-holic
 
Mein Google geht mit primosearch fremd - Standard

Mein Google geht mit primosearch fremd



öffne malwarebytes, aktualisierung, update einspielen.
öffne malwarebytes, scan, vollständiger scan, funde löschen log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.11.2012, 18:17   #11
Ilahja
 
Mein Google geht mit primosearch fremd - Standard

Mein Google geht mit primosearch fremd



Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.07.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Chrissi :: CHRISSI-PC [Administrator]

Schutz: Deaktiviert

07.11.2012 17:20:36
mbam-log-2012-11-07 (17-20-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 381053
Laufzeit: 1 Stunde(n), 25 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Christian\Desktop\allerlei\RemoveWGA12.exe (PUP.RemoveWGA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Christian\Desktop\allerlei\bloodbowlpromo-ch\Blood Bowl Promo Trainer.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Christian\Desktop\allerlei\Antiwpa-v3.4.6\IA64\antiwpa.dll (PUP.Wpakill) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Christian\Desktop\allerlei\Antiwpa-v3.4.6\X86\antiwpa.dll (PUP.Wpakill) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 07.11.2012, 18:23   #12
markusg
/// Malware-holic
 
Mein Google geht mit primosearch fremd - Standard

Mein Google geht mit primosearch fremd



da du cracks bzw weitere illegale software nutzt
C:\Dokumente und Einstellungen\Christian\Desktop\allerlei\RemoveWGA12.exe (PUP.RemoveWGA) -> Erfolgreich gelöscht und in Quarantäne gestellt.
zb, muss ich den suport hier leider einstellen.
helfen kann ich dir nur beim neu aufsetzen
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.11.2012, 19:29   #13
Ilahja
 
Mein Google geht mit primosearch fremd - Standard

Mein Google geht mit primosearch fremd



sag ich mal vielen Dank für deine Hilfe bis hier

Antwort

Themen zu Mein Google geht mit primosearch fremd
adware.adon, ahnung, dsl, extrem, extrem langsam, fremd, google, hänge, keine ahnung, langsam, leidet, light, lockedfile.multi.generic, primosearch, probleme, punkt, pup.removewga, pup.wpakill, riskware.tool.ck, schnell, seite, totale, was das ist., wirkt



Ähnliche Themen: Mein Google geht mit primosearch fremd


  1. Microsofts Outlook-App schleust E-Mails über Fremd-Server
    Nachrichten - 30.01.2015 (0)
  2. Windows 7: Benutzerkonto wird fremd geleitet
    Log-Analyse und Auswertung - 09.04.2014 (9)
  3. lollipop geht nicht zu deinstallieren und mein pc geht neuerdings immer aus, der akku ist dann auf 0%
    Plagegeister aller Art und deren Bekämpfung - 24.02.2014 (1)
  4. Mein PC wurde am 07.11.2012 fremd gesteuert
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (26)
  5. Twitter Acc. fremd benutzt, Steam PW von irgendwem angefordert
    Log-Analyse und Auswertung - 24.09.2012 (5)
  6. Kontrolle über Fremd PC - Wie leicht ist es wirklich?
    Diskussionsforum - 10.06.2011 (17)
  7. google geht wieder
    Plagegeister aller Art und deren Bekämpfung - 13.09.2010 (0)
  8. Mein PC geht einfach aus
    Log-Analyse und Auswertung - 13.07.2010 (2)
  9. Mein internet geht so gut wie gar nicht
    Log-Analyse und Auswertung - 16.05.2010 (0)
  10. Browser biegt beim surfen zu Primosearch ab, Sicherheitsseiten werden blockiert
    Log-Analyse und Auswertung - 03.12.2009 (35)
  11. Google geht nicht
    Log-Analyse und Auswertung - 21.04.2009 (13)
  12. Hilfe... Mein PC geht einfach aus.
    Log-Analyse und Auswertung - 15.04.2009 (11)
  13. Mit dem SP2 geht mein W-lan nicht mehr...
    Netzwerk und Hardware - 02.06.2007 (2)
  14. PC fremd runtergefahren
    Log-Analyse und Auswertung - 11.08.2006 (1)
  15. google geht ned...
    Alles rund um Windows - 05.05.2005 (16)
  16. Hilfe mein Pc geht immer aus
    Plagegeister aller Art und deren Bekämpfung - 18.09.2004 (3)

Zum Thema Mein Google geht mit primosearch fremd - Hallo, hab seid den letzten Tag bissel Probleme mit meinem Browser. Google leidet mich über eine primosearch seite um. Keine Ahnung was das ist. Da ich in diesem Punkt der - Mein Google geht mit primosearch fremd...
Archiv
Du betrachtest: Mein Google geht mit primosearch fremd auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.