Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: bundestrojaner; suchlauf mit malwarebytes: pup.blabbers

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.02.2013, 18:19   #1
OLI VAN DEN
 
bundestrojaner; suchlauf mit malwarebytes: pup.blabbers - Standard

bundestrojaner; suchlauf mit malwarebytes: pup.blabbers



nach laden einer webseite wurde explorer gesperrt und eine neue version der altbekannten bundestrojaner erschien.
windows 7 (64bit) - start im abgesicherten modus (ohne netzwerktreiber, da dies nicht möglich war, wurde angezeigt, trojaner erschien nach start, deshalb abgesicherter modus mit eingabeaufforderung).
unter ms-dos in console explorer.exe eingegeben, malwarebytes über 2.pc geladen, auf infiziertem installiert und schnellscann durchgeführt: 166 infizierte dateien gefunden.
alles pup.blabbers
laut benutzeroberfläche lässt sich nur die auswahl entfernen, ignorieren, logdatei speichern und zum hauptmenü zurückgehen.
welches weitere vorgehen kann empfohlen werden?
thx

evtl hilft folgender ausschnitt aus der logdatei weiter:

Infizierte Registrierungsschlüssel: 47
HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\f (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 6
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: Funmoods Toolbar -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Daten: -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|shell (Trojan.Agent.RNS) -> Daten: explorer.exe,C:\Users\OLI\AppData\Roaming\skype.dat -> Keine Aktion durchgeführt.

und so weiter und so ähnlich

Geändert von OLI VAN DEN (22.02.2013 um 19:06 Uhr)

Alt 22.02.2013, 18:54   #2
aharonov
/// TB-Ausbilder
 
bundestrojaner; suchlauf mit malwarebytes: pup.blabbers - Standard

bundestrojaner; suchlauf mit malwarebytes: pup.blabbers



Hi,

Zitat:
laut benutzeroberfläche lässt sich nur die auswahl entfernen, ignorieren, logdatei speichern und zum hauptmenü zurückgehen.
welches weitere vorgehen kann empfohlen werden?
Markiere nach diesem Malwarebytes-Scan alle Funde und wähle Auswahl entfernen.
Danach solltest du auch wieder wie gewohnt in den normalen Modus booten können. MBAM hat die für den Sperrbildschirm verantworlichen Einträge erkannt.

Danach kannst du diese Anleitung abarbeiten und die Logs posten, damit man deinen Rechner noch eingehender untersuchen kann.
__________________

__________________

Alt 23.02.2013, 16:53   #3
OLI VAN DEN
 
bundestrojaner; suchlauf mit malwarebytes: pup.blabbers - Standard

bundestrojaner; suchlauf mit malwarebytes: pup.blabbers



danke für die infos,
wenn GMER als admin gestartet wird erscheint folgende error-nachricht:
"C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird."

hatte diese mit ok bestätigt und hacken an gewünschten stellen entfernt.
bin allerdings nicht ganz sicher ob nun hacken bei festplatte c:\ oder quickscan gesetzt werden soll (anleitung ist in diesem punkt nicht eindeutig)

Hey,

nach erneuter suche mit installiertem antivirenprogramm wurde dieses fündig auf eine bedrohung: Win32:LockScreen-RV[Trj]

unter c:\users\oli\appdata\local\temp\g1a0siss8zjm2v1uckua0a.exe

verschiebe dieses nun in container.


status der logfiles siehe status GMER-error.
__________________

Alt 23.02.2013, 21:20   #4
aharonov
/// TB-Ausbilder
 
bundestrojaner; suchlauf mit malwarebytes: pup.blabbers - Standard

bundestrojaner; suchlauf mit malwarebytes: pup.blabbers



Hi,

Zitat:
status der logfiles siehe status GMER-error.
Sorry, ich versteh das grad nicht ganz. Du kannst weder einen OTL noch einen Gmer-Scan durchführen?
(Bei GMER sollte man C:\ anhaken, nicht Quickscan)

Kannst du dann diese Scans mal im abgesicherten Modus versuchen?
__________________
cheers,
Leo

Alt 24.02.2013, 16:22   #5
OLI VAN DEN
 
bundestrojaner; suchlauf mit malwarebytes: pup.blabbers - Standard

bundestrojaner; suchlauf mit malwarebytes: pup.blabbers



defogger und otl suchen lassen. (logfiles in diesen thread posten oder neuen erstellen? wenn ja wie benennen? gehe von aus in log-file analyse...)

bei GMER gab es die genannte fehlernachricht. ("C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.")

werde GMER im abgesicherten modus erneut ausführen.

fehler tritt auch im abgesicherten modus auf. lass trotzdem suchen. oder?


Geändert von OLI VAN DEN (24.02.2013 um 16:38 Uhr)

Alt 24.02.2013, 16:40   #6
aharonov
/// TB-Ausbilder
 
bundestrojaner; suchlauf mit malwarebytes: pup.blabbers - Standard

bundestrojaner; suchlauf mit malwarebytes: pup.blabbers



Hi,

dann poste die beiden Logfiles von OTL (defogger brauch ich nicht) bitte hier in den Thread und mach mal noch nichts anderes.
(Den Inhalt der Logfiles direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code].)
__________________
--> bundestrojaner; suchlauf mit malwarebytes: pup.blabbers

Alt 24.02.2013, 16:50   #7
OLI VAN DEN
 
bundestrojaner; suchlauf mit malwarebytes: pup.blabbers - Standard

bundestrojaner; suchlauf mit malwarebytes: pup.blabbers



hoffe das ist so richtig eingefügt:

Code:
ATTFilter
OTL logfile created on: 23.02.2013 15:30:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\M02Y13\malewarediagnose
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,46 Gb Available Physical Memory | 81,08% Memory free
15,92 Gb Paging File | 14,31 Gb Available in Paging File | 89,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,04 Gb Total Space | 909,42 Gb Free Space | 65,10% Space Free | Partition Type: NTFS
Drive F: | 14,81 Gb Total Space | 14,58 Gb Free Space | 98,44% Space Free | Partition Type: FAT32
 
Computer Name: OLIVENOEL-PC | User Name: OLIVENOEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.23 15:20:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\M02Y13\malewarediagnose\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.09.27 19:12:35 | 000,245,168 | ---- | M] (hxxp://yourfiledownloader.com) -- C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
PRC - [2012.08.20 11:42:23 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012.08.20 11:42:15 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.05 12:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011.12.16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.05.20 14:26:28 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.10 12:23:16 | 002,068,504 | ---- | M] () -- c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2011.09.19 08:07:38 | 000,058,368 | ---- | M] () -- C:\Windows\SysWOW64\bdmpega.acm
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.01.10 15:09:50 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2011.05.24 22:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2013.02.22 14:53:07 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.05 18:11:17 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.10 12:24:19 | 002,309,656 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012.08.20 11:42:23 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012.08.20 11:42:15 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.12.16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.12.01 17:11:48 | 000,743,936 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\CPUCooL\CooLSrv.exe -- (CPUCooLServer)
SRV - [2011.08.30 14:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2011.06.29 12:26:06 | 000,520,216 | ---- | M] (Ant.com) [Disabled | Stopped] -- C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe -- (AntUpdaterService)
SRV - [2011.03.31 04:45:56 | 000,454,208 | ---- | M] (Ralink Technology, Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS USB-N53 Utility\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2011.03.31 04:45:18 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS USB-N53 Utility\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010.05.20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 18:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.09.21 20:01:30 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.09.21 20:01:30 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.08.21 10:13:11 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.08.18 11:03:01 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.10 15:09:44 | 002,184,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012.01.06 09:59:48 | 000,084,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012.01.06 09:59:48 | 000,059,392 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012.01.05 12:58:48 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.01.05 12:58:48 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.01.05 12:58:48 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011.11.10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.11.02 09:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011.08.11 23:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.05.24 23:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.24 21:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.28 07:20:30 | 001,617,472 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2011.03.30 13:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.11 20:12:02 | 000,019,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ntiopnp.sys -- (ntiopnp)
DRV:64bit: - [2010.05.20 14:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2009.09.19 04:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2009.09.19 04:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2009.09.19 04:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.08.21 09:00:22 | 001,041,920 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WlanGZG.sys -- (XG762_VS)
DRV - [2012.05.30 13:22:07 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012.05.30 13:21:56 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{32C2F6A6-E468-16F6-E3C6-24F90A04345F}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={131E4F7B-EF8E-11E1-BC1C-50E549CEDE4F}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT280194
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 1A 43 A6 E9 3D CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{04AACE3D-6BEC-44EF-9545-1F5ACDB8D9E2}: "URL" = hxxp://www.ant.com/search?s=browser&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=bandext_3312_2&babsrc=SP_ss&mntrId=aec44ff9000000000000f46d045e502c
IE - HKCU\..\SearchScopes\{1D2A669D-1647-4114-957F-197E22191314}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKCU\..\SearchScopes\{32C2F6A6-E468-16F6-E3C6-24F90A04345F}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=bandext_3312_2&babsrc=SP_ss&mntrId=aec44ff9000000000000f46d045e502c
IE - HKCU\..\SearchScopes\{3EAB826C-3FFA-7BE6-5B6A-180C3F32ACCD}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=bandext_3312_2&babsrc=SP_ss&mntrId=aec44ff9000000000000f46d045e502c
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKCU\..\SearchScopes\{8DA6C749-3FA6-4900-96F7-70EE2A503CCE}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=de171efa-a06d-44fa-9227-742195c7860d&apn_sauid=225CE576-68D0-4AF8-9DD4-95DF0951DDD3
IE - HKCU\..\SearchScopes\{C6F4A357-FDC3-4227-B4FD-6AF9CDD21F24}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKCU\..\SearchScopes\{DD63DF7A-5381-4724-9F2C-7B6E3A3D481B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={131E4F7B-EF8E-11E1-BC1C-50E549CEDE4F}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\opencandy.com/Ignite: C:\Users\OLIVENOEL\AppData\Local\Ignite\npOCDM.1.1.4.0.dll (OpenCandy, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.31 15:13:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.01 18:26:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.18 11:06:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.31 15:13:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.10.10 16:31:07 | 000,000,000 | ---D | M]
 
[2012.09.01 11:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.09.06 17:54:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2012.08.26 15:55:05 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
[2012.09.01 11:11:44 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com
[2012.06.14 16:20:22 | 000,036,333 | ---- | M] () (No name found) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\firefox\profiles\extensions\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012.09.01 11:07:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.01 11:07:07 | 000,000,000 | ---D | M] (DealPly) -- C:\Program Files (x86)\mozilla firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_2&babsrc=HP_ss&mntrId=aec44ff9000000000000f46d045e502c
CHR - default_search_provider: dict.cc (Enabled)
CHR - default_search_provider: search_url = hxxp://www.dict.cc/?s={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_2&babsrc=HP_ss&mntrId=aec44ff9000000000000f46d045e502c
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin:  (Enabled) = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll
CHR - plugin: Wajam (Enabled) = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - Extension: Babylon Toolbar = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: SpeedDial = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.3.7.2_0\
CHR - Extension: avast! WebRep = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: SweetIM for Facebook = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Wajam = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Settings Protector = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: OneClickDownload = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.3_0\
CHR - Extension: Babylon Toolbar = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: SpeedDial = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.3.7.2_0\
CHR - Extension: avast! WebRep = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: SweetIM for Facebook = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Wajam = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Settings Protector = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: OneClickDownload = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.3_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll (Ant.com)
O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\anttoolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\RunOnce: [Uninstall C:\Users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8:64bit: - Extra context menu item: Link an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Text an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Link an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Text an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll (Ant.com)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41DEE3FE-D533-437F-9D9D-D99B7E44B1CF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82AC0FAC-92C8-4CE8-904B-85A9E43C48F4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DD499B7-FCFA-4572-88A7-65C20A02DA6D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0173232c-e894-11e1-a5fc-50e549cede4f}\Shell - "" = AutoRun
O33 - MountPoints2\{0173232c-e894-11e1-a5fc-50e549cede4f}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{0173232c-e894-11e1-a5fc-50e549cede4f}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{0173232c-e894-11e1-a5fc-50e549cede4f}\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{494a1439-0415-11e2-808c-50e549cede4f}\Shell - "" = AutoRun
O33 - MountPoints2\{494a1439-0415-11e2-808c-50e549cede4f}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{e8e3f4d2-078e-11e2-9762-50e549cede4f}\Shell - "" = AutoRun
O33 - MountPoints2\{e8e3f4d2-078e-11e2-9762-50e549cede4f}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.22 17:23:34 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\Malwarebytes
[2013.02.22 17:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.22 17:23:22 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.22 17:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.22 17:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.22 17:22:09 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Local\Programs
[2013.02.22 17:21:24 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\OLIVENOEL\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.02 16:35:36 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\The Man Who Wasn't There (2001)
[2013.02.02 16:35:27 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Harold und Maude (1971)
[2013.02.02 16:35:23 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Gorillas im Nebel (1988)
[2013.02.02 16:35:20 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Filofax - Ich bin du und du bist nichts (1990)
[2013.02.02 16:35:10 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Bob Roberts (1992)
[2013.02.02 16:34:58 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Rosenkranz & Güldenstern (1990)
[2013.02.02 16:29:45 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\The Mosquito Coast (1986)
[2013.02.02 16:27:38 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Mary & Max - oder schrumpfen Schafe, wenn es regnet (2009)
[2013.01.29 19:59:10 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Documents\BIS Core Engine Other Profiles
[2013.01.29 19:58:56 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Documents\BIS Core Engine
[2013.01.29 18:56:00 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\TuneUp Software
[2013.01.29 18:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.29 18:55:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.29 18:55:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.01.29 17:52:16 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\Ignite
[2013.01.29 17:51:28 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Local\Ignite
[2013.01.29 17:50:35 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.01.29 17:49:40 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Local\Pokki
[2013.01.29 17:49:20 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.29 17:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.01.29 17:49:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.01.29 17:49:07 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\DVDVideoSoft
[2013.01.29 17:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.23 15:28:39 | 000,000,000 | ---- | M] () -- C:\Users\OLIVENOEL\defogger_reenable
[2013.02.23 15:27:15 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.23 15:27:15 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.23 15:27:15 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.23 15:27:15 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.23 15:27:15 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.23 15:05:25 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 15:05:25 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 14:59:26 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.23 14:58:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.23 14:58:05 | 2117,795,839 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.22 23:45:10 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.22 23:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.22 17:23:23 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.22 17:18:08 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\OLIVENOEL\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.22 16:18:40 | 000,000,004 | ---- | M] () -- C:\Users\OLIVENOEL\AppData\Roaming\skype.ini
[2013.02.22 16:16:35 | 000,000,178 | -H-- | M] () -- C:\Windows\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
[2013.02.22 15:37:54 | 000,017,751 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\StundenplanVollzeit.pdf
[2013.02.19 20:41:51 | 011,165,867 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\ARMA2_OA_Build_101747.zip
[2013.02.16 18:03:02 | 000,001,603 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\Start SU with Server The Wrecking Crew UK Operations Server, --execute=install,join, --shutdown.lnk
[2013.02.14 13:54:45 | 000,420,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.13 19:08:49 | 000,000,000 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\Neue Bitmap (2).bmp
[2013.02.02 12:21:42 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.02 12:19:40 | 000,162,552 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\VLCMediaPlayer_downloader_by_VLCMediaPlayer.exe
[2013.01.29 17:49:17 | 000,001,306 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\Free YouTube Download.lnk
[2013.01.29 17:49:17 | 000,001,243 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.29 17:27:06 | 000,000,828 | ---- | M] () -- C:\Users\OLIVENOEL\AppData\Local\recently-used.xbel
[2013.01.25 21:33:31 | 000,293,841 | ---- | M] () -- C:\Users\OLIVENOEL\Documents\ts3_clientui-win64-1351504843-2013-01-25 21_33_30.175307.dmp
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.23 15:28:39 | 000,000,000 | ---- | C] () -- C:\Users\OLIVENOEL\defogger_reenable
[2013.02.22 17:23:23 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.22 16:16:35 | 000,000,178 | -H-- | C] () -- C:\Windows\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
[2013.02.22 15:45:29 | 000,000,004 | ---- | C] () -- C:\Users\OLIVENOEL\AppData\Roaming\skype.ini
[2013.02.22 15:37:54 | 000,017,751 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\StundenplanVollzeit.pdf
[2013.02.19 20:40:58 | 011,165,867 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\ARMA2_OA_Build_101747.zip
[2013.02.13 19:08:49 | 000,000,000 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\Neue Bitmap (2).bmp
[2013.02.02 19:35:40 | 000,001,603 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\Start SU with Server The Wrecking Crew UK Operations Server, --execute=install,join, --shutdown.lnk
[2013.02.02 12:19:40 | 000,162,552 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\VLCMediaPlayer_downloader_by_VLCMediaPlayer.exe
[2013.01.29 17:49:17 | 000,001,306 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\Free YouTube Download.lnk
[2013.01.29 17:49:17 | 000,001,243 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.29 17:27:06 | 000,000,828 | ---- | C] () -- C:\Users\OLIVENOEL\AppData\Local\recently-used.xbel
[2013.01.25 21:33:30 | 000,293,841 | ---- | C] () -- C:\Users\OLIVENOEL\Documents\ts3_clientui-win64-1351504843-2013-01-25 21_33_30.175307.dmp
[2012.09.01 11:07:35 | 000,384,844 | ---- | C] () -- C:\Users\OLIVENOEL\AppData\Local\funmoods-speeddial.crx
[2012.08.18 11:15:23 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.18 11:15:22 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.10 12:47:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.10 12:44:43 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.07.12 20:36:43 | 000,004,608 | ---- | C] () -- C:\Users\OLIVENOEL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.30 12:43:28 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\RemoveWlan.exe
[2012.06.21 09:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.05.31 20:26:09 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.05.31 15:12:12 | 000,176,389 | ---- | C] () -- C:\Windows\hphins27.dat
[2012.05.31 15:12:12 | 000,000,349 | ---- | C] () -- C:\Windows\hphmdl27.dat
[2012.05.30 13:22:07 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012.05.30 12:17:22 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.05.24 22:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.07.05 19:16:10 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Amazon
[2012.05.30 21:31:17 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\ArmA II Launcher
[2012.08.20 16:08:58 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Audacity
[2012.08.18 12:53:23 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Babylon
[2012.08.18 12:53:50 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\BabylonToolbar
[2012.07.12 20:45:32 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\BANDISOFT
[2012.09.07 17:02:07 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\BitTorrent
[2012.09.08 03:51:30 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\BrowserCompanion
[2012.07.11 15:55:13 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2012.08.18 11:07:12 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\DAEMON Tools Lite
[2012.11.05 20:25:44 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\DarknessII
[2013.01.29 17:49:37 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\DVDVideoSoft
[2013.01.29 17:49:20 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.28 13:17:16 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\GoPro
[2013.01.29 17:52:16 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Ignite
[2013.01.29 18:56:33 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\OpenCandy
[2012.05.30 16:38:43 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Opera
[2012.07.11 21:29:56 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\PlayClaw3
[2012.08.18 11:15:07 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\PunkBuster
[2012.08.15 18:16:23 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\six-updater
[2012.05.30 14:51:37 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\six-zsync
[2012.10.09 22:47:51 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Sony
[2012.12.21 21:55:57 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Splashtop
[2012.08.30 16:42:44 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\TeamViewer
[2012.07.12 20:30:00 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\TechSmith
[2013.02.21 21:42:52 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\TS3Client
[2013.01.29 18:56:00 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\TuneUp Software
[2012.08.20 11:34:40 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Ubisoft
[2012.08.18 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\YourFileDownloader
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:054203E4

< End of report >
         

Alt 24.02.2013, 16:52   #8
OLI VAN DEN
 
bundestrojaner; suchlauf mit malwarebytes: pup.blabbers - Standard

bundestrojaner; suchlauf mit malwarebytes: pup.blabbers



Code:
ATTFilter
OTL logfile created on: 23.02.2013 15:30:31 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\M02Y13\malewarediagnose
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 6,46 Gb Available Physical Memory | 81,08% Memory free
15,92 Gb Paging File | 14,31 Gb Available in Paging File | 89,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,04 Gb Total Space | 909,42 Gb Free Space | 65,10% Space Free | Partition Type: NTFS
Drive F: | 14,81 Gb Total Space | 14,58 Gb Free Space | 98,44% Space Free | Partition Type: FAT32
 
Computer Name: OLIVENOEL-PC | User Name: OLIVENOEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.23 15:20:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\M02Y13\malewarediagnose\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.09.27 19:12:35 | 000,245,168 | ---- | M] (hxxp://yourfiledownloader.com) -- C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe
PRC - [2012.08.20 11:42:23 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012.08.20 11:42:15 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.05 12:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011.12.16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.05.20 14:26:28 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.10 12:23:16 | 002,068,504 | ---- | M] () -- c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2011.09.19 08:07:38 | 000,058,368 | ---- | M] () -- C:\Windows\SysWOW64\bdmpega.acm
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.01.10 15:09:50 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2011.05.24 22:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2013.02.22 14:53:07 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.05 18:11:17 | 000,049,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.10 12:24:19 | 002,309,656 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012.08.20 11:42:23 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012.08.20 11:42:15 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.12.16 11:30:38 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.12.01 17:11:48 | 000,743,936 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\CPUCooL\CooLSrv.exe -- (CPUCooLServer)
SRV - [2011.08.30 14:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2011.06.29 12:26:06 | 000,520,216 | ---- | M] (Ant.com) [Disabled | Stopped] -- C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe -- (AntUpdaterService)
SRV - [2011.03.31 04:45:56 | 000,454,208 | ---- | M] (Ralink Technology, Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS USB-N53 Utility\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2011.03.31 04:45:18 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS USB-N53 Utility\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2010.05.20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 18:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.09.21 20:01:30 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2012.09.21 20:01:30 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2012.08.21 10:13:11 | 000,019,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.08.18 11:03:01 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.10 15:09:44 | 002,184,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2012.01.06 09:59:48 | 000,084,608 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012.01.06 09:59:48 | 000,059,392 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012.01.05 12:58:48 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.01.05 12:58:48 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.01.05 12:58:48 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011.11.10 00:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.11.02 09:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2011.08.11 23:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.05.24 23:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.24 21:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.28 07:20:30 | 001,617,472 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2011.03.30 13:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.11 20:12:02 | 000,019,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ntiopnp.sys -- (ntiopnp)
DRV:64bit: - [2010.05.20 14:26:28 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VX1000.sys -- (VX1000)
DRV:64bit: - [2009.09.19 04:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2009.09.19 04:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2009.09.19 04:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.08.21 09:00:22 | 001,041,920 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WlanGZG.sys -- (XG762_VS)
DRV - [2012.05.30 13:22:07 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012.05.30 13:21:56 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{32C2F6A6-E468-16F6-E3C6-24F90A04345F}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={131E4F7B-EF8E-11E1-BC1C-50E549CEDE4F}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT280194
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 06 1A 43 A6 E9 3D CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{04AACE3D-6BEC-44EF-9545-1F5ACDB8D9E2}: "URL" = hxxp://www.ant.com/search?s=browser&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=bandext_3312_2&babsrc=SP_ss&mntrId=aec44ff9000000000000f46d045e502c
IE - HKCU\..\SearchScopes\{1D2A669D-1647-4114-957F-197E22191314}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKCU\..\SearchScopes\{32C2F6A6-E468-16F6-E3C6-24F90A04345F}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=bandext_3312_2&babsrc=SP_ss&mntrId=aec44ff9000000000000f46d045e502c
IE - HKCU\..\SearchScopes\{3EAB826C-3FFA-7BE6-5B6A-180C3F32ACCD}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=bandext_3312_2&babsrc=SP_ss&mntrId=aec44ff9000000000000f46d045e502c
IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
IE - HKCU\..\SearchScopes\{8DA6C749-3FA6-4900-96F7-70EE2A503CCE}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=de171efa-a06d-44fa-9227-742195c7860d&apn_sauid=225CE576-68D0-4AF8-9DD4-95DF0951DDD3
IE - HKCU\..\SearchScopes\{C6F4A357-FDC3-4227-B4FD-6AF9CDD21F24}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKCU\..\SearchScopes\{DD63DF7A-5381-4724-9F2C-7B6E3A3D481B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={131E4F7B-EF8E-11E1-BC1C-50E549CEDE4F}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\opencandy.com/Ignite: C:\Users\OLIVENOEL\AppData\Local\Ignite\npOCDM.1.1.4.0.dll (OpenCandy, Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.31 15:13:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.06.01 18:26:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.18 11:06:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.05.31 15:13:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.10.10 16:31:07 | 000,000,000 | ---D | M]
 
[2012.09.01 11:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2012.09.06 17:54:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2012.08.26 15:55:05 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\OneClickDownload@OneClickDownload.com
[2012.09.01 11:11:44 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions\ffxtlbr@funmoods.com
[2012.06.14 16:20:22 | 000,036,333 | ---- | M] () (No name found) -- C:\Users\OLIVENOEL\AppData\Roaming\mozilla\firefox\profiles\extensions\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012.09.01 11:07:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.01 11:07:07 | 000,000,000 | ---D | M] (DealPly) -- C:\Program Files (x86)\mozilla firefox\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_2&babsrc=HP_ss&mntrId=aec44ff9000000000000f46d045e502c
CHR - default_search_provider: dict.cc (Enabled)
CHR - default_search_provider: search_url = hxxp://www.dict.cc/?s={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_2&babsrc=HP_ss&mntrId=aec44ff9000000000000f46d045e502c
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin:  (Enabled) = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll
CHR - plugin: Wajam (Enabled) = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - Extension: Babylon Toolbar = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: SpeedDial = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.3.7.2_0\
CHR - Extension: avast! WebRep = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: SweetIM for Facebook = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Wajam = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Settings Protector = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: OneClickDownload = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.3_0\
CHR - Extension: Babylon Toolbar = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: SpeedDial = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.3.7.2_0\
CHR - Extension: avast! WebRep = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: SweetIM for Facebook = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of 
CHR - Extension: SweetIM for Facebook = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Wajam = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Settings Protector = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: OneClickDownload = C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.3_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll (Ant.com)
O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\anttoolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (NCH EN Toolbar) - {37483B40-C254-4A72-BDA4-22EE90182C1E} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\RunOnce: [Uninstall C:\Users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O4 - HKCU..\RunOnce: [Uninstall C:\Users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\OLIVENOEL\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8:64bit: - Extra context menu item: Link an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8:64bit: - Extra context menu item: Text an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: Link an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O8 - Extra context menu item: Text an MindManager senden - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll (Ant.com)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41DEE3FE-D533-437F-9D9D-D99B7E44B1CF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82AC0FAC-92C8-4CE8-904B-85A9E43C48F4}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DD499B7-FCFA-4572-88A7-65C20A02DA6D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0173232c-e894-11e1-a5fc-50e549cede4f}\Shell - "" = AutoRun
O33 - MountPoints2\{0173232c-e894-11e1-a5fc-50e549cede4f}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{0173232c-e894-11e1-a5fc-50e549cede4f}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{0173232c-e894-11e1-a5fc-50e549cede4f}\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{494a1439-0415-11e2-808c-50e549cede4f}\Shell - "" = AutoRun
O33 - MountPoints2\{494a1439-0415-11e2-808c-50e549cede4f}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{e8e3f4d2-078e-11e2-9762-50e549cede4f}\Shell - "" = AutoRun
O33 - MountPoints2\{e8e3f4d2-078e-11e2-9762-50e549cede4f}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.22 17:23:34 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\Malwarebytes
[2013.02.22 17:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.22 17:23:22 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.22 17:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.22 17:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.22 17:22:09 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Local\Programs
[2013.02.22 17:21:24 | 010,156,344 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\OLIVENOEL\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.02 16:35:36 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\The Man Who Wasn't There (2001)
[2013.02.02 16:35:27 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Harold und Maude (1971)
[2013.02.02 16:35:23 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Gorillas im Nebel (1988)
[2013.02.02 16:35:20 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Filofax - Ich bin du und du bist nichts (1990)
[2013.02.02 16:35:10 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Bob Roberts (1992)
[2013.02.02 16:34:58 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Rosenkranz & Güldenstern (1990)
[2013.02.02 16:29:45 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\The Mosquito Coast (1986)
[2013.02.02 16:27:38 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Desktop\Mary & Max - oder schrumpfen Schafe, wenn es regnet (2009)
[2013.01.29 19:59:10 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Documents\BIS Core Engine Other Profiles
[2013.01.29 19:58:56 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\Documents\BIS Core Engine
[2013.01.29 18:56:00 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\TuneUp Software
[2013.01.29 18:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2013.01.29 18:55:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013.01.29 18:55:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.01.29 17:52:16 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\Ignite
[2013.01.29 17:51:28 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Local\Ignite
[2013.01.29 17:50:35 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.01.29 17:49:40 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Local\Pokki
[2013.01.29 17:49:20 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.29 17:49:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.01.29 17:49:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.01.29 17:49:07 | 000,000,000 | ---D | C] -- C:\Users\OLIVENOEL\AppData\Roaming\DVDVideoSoft
[2013.01.29 17:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.23 15:28:39 | 000,000,000 | ---- | M] () -- C:\Users\OLIVENOEL\defogger_reenable
[2013.02.23 15:27:15 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.23 15:27:15 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.23 15:27:15 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.23 15:27:15 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.23 15:27:15 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.23 15:05:25 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 15:05:25 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.23 14:59:26 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.23 14:58:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.23 14:58:05 | 2117,795,839 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.22 23:45:10 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.22 23:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.22 17:23:23 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.22 17:18:08 | 010,156,344 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\OLIVENOEL\Desktop\mbam-setup-1.70.0.1100.exe
[2013.02.22 16:18:40 | 000,000,004 | ---- | M] () -- C:\Users\OLIVENOEL\AppData\Roaming\skype.ini
[2013.02.22 16:16:35 | 000,000,178 | -H-- | M] () -- C:\Windows\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
[2013.02.22 15:37:54 | 000,017,751 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\StundenplanVollzeit.pdf
[2013.02.19 20:41:51 | 011,165,867 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\ARMA2_OA_Build_101747.zip
[2013.02.16 18:03:02 | 000,001,603 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\Start SU with Server The Wrecking Crew UK Operations Server, --execute=install,join, --shutdown.lnk
[2013.02.14 13:54:45 | 000,420,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.13 19:08:49 | 000,000,000 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\Neue Bitmap (2).bmp
[2013.02.02 12:21:42 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.02.02 12:19:40 | 000,162,552 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\VLCMediaPlayer_downloader_by_VLCMediaPlayer.exe
[2013.01.29 17:49:17 | 000,001,306 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\Free YouTube Download.lnk
[2013.01.29 17:49:17 | 000,001,243 | ---- | M] () -- C:\Users\OLIVENOEL\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.29 17:27:06 | 000,000,828 | ---- | M] () -- C:\Users\OLIVENOEL\AppData\Local\recently-used.xbel
[2013.01.25 21:33:31 | 000,293,841 | ---- | M] () -- C:\Users\OLIVENOEL\Documents\ts3_clientui-win64-1351504843-2013-01-25 21_33_30.175307.dmp
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.23 15:28:39 | 000,000,000 | ---- | C] () -- C:\Users\OLIVENOEL\defogger_reenable
[2013.02.22 17:23:23 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.22 16:16:35 | 000,000,178 | -H-- | C] () -- C:\Windows\tasks\Microsoft_Hardware_Launch_vVX1000_exe.job
[2013.02.22 15:45:29 | 000,000,004 | ---- | C] () -- C:\Users\OLIVENOEL\AppData\Roaming\skype.ini
[2013.02.22 15:37:54 | 000,017,751 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\StundenplanVollzeit.pdf
[2013.02.19 20:40:58 | 011,165,867 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\ARMA2_OA_Build_101747.zip
[2013.02.13 19:08:49 | 000,000,000 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\Neue Bitmap (2).bmp
[2013.02.02 19:35:40 | 000,001,603 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\Start SU with Server The Wrecking Crew UK Operations Server, --execute=install,join, --shutdown.lnk
[2013.02.02 12:19:40 | 000,162,552 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\VLCMediaPlayer_downloader_by_VLCMediaPlayer.exe
[2013.01.29 17:49:17 | 000,001,306 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\Free YouTube Download.lnk
[2013.01.29 17:49:17 | 000,001,243 | ---- | C] () -- C:\Users\OLIVENOEL\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.29 17:27:06 | 000,000,828 | ---- | C] () -- C:\Users\OLIVENOEL\AppData\Local\recently-used.xbel
[2013.01.25 21:33:30 | 000,293,841 | ---- | C] () -- C:\Users\OLIVENOEL\Documents\ts3_clientui-win64-1351504843-2013-01-25 21_33_30.175307.dmp
[2012.09.01 11:07:35 | 000,384,844 | ---- | C] () -- C:\Users\OLIVENOEL\AppData\Local\funmoods-speeddial.crx
[2012.08.18 11:15:23 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.08.18 11:15:22 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.08.10 12:47:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.08.10 12:44:43 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.07.12 20:36:43 | 000,004,608 | ---- | C] () -- C:\Users\OLIVENOEL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.30 12:43:28 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\RemoveWlan.exe
[2012.06.21 09:37:14 | 003,166,792 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.05.31 20:26:09 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.05.31 15:12:12 | 000,176,389 | ---- | C] () -- C:\Windows\hphins27.dat
[2012.05.31 15:12:12 | 000,000,349 | ---- | C] () -- C:\Windows\hphmdl27.dat
[2012.05.30 13:22:07 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012.05.30 12:17:22 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.05.24 22:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.07.05 19:16:10 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Amazon
[2012.05.30 21:31:17 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\ArmA II Launcher
[2012.08.20 16:08:58 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Audacity
[2012.08.18 12:53:23 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Babylon
[2012.08.18 12:53:50 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\BabylonToolbar
[2012.07.12 20:45:32 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\BANDISOFT
[2012.09.07 17:02:07 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\BitTorrent
[2012.09.08 03:51:30 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\BrowserCompanion
[2012.07.11 15:55:13 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2012.08.18 11:07:12 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\DAEMON Tools Lite
[2012.11.05 20:25:44 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\DarknessII
[2013.01.29 17:49:37 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\DVDVideoSoft
[2013.01.29 17:49:20 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.28 13:17:16 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\GoPro
[2013.01.29 17:52:16 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Ignite
[2013.01.29 18:56:33 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\OpenCandy
[2012.05.30 16:38:43 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Opera
[2012.07.11 21:29:56 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\PlayClaw3
[2012.08.18 11:15:07 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\PunkBuster
[2012.08.15 18:16:23 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\six-updater
[2012.05.30 14:51:37 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\six-zsync
[2012.10.09 22:47:51 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Sony
[2012.12.21 21:55:57 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Splashtop
[2012.08.30 16:42:44 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\TeamViewer
[2012.07.12 20:30:00 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\TechSmith
[2013.02.21 21:42:52 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\TS3Client
[2013.01.29 18:56:00 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\TuneUp Software
[2012.08.20 11:34:40 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\Ubisoft
[2012.08.18 12:53:20 | 000,000,000 | ---D | M] -- C:\Users\OLIVENOEL\AppData\Roaming\YourFileDownloader
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:054203E4

< End of report >
         

Alt 24.02.2013, 17:39   #9
aharonov
/// TB-Ausbilder
 
bundestrojaner; suchlauf mit malwarebytes: pup.blabbers - Standard

bundestrojaner; suchlauf mit malwarebytes: pup.blabbers



Hi,

dann versuch bitte mal das:


Schritt 1

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinen Desktop.
  • Starte die aswMBR.exe.
    Vista und Win7 User mit Rechtsklick "als Admininstartor ausführen".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von avast! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff aufs Internet zulassen.)
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte, bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere die Datei auf dem Desktop.
Poste mir diese aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung.

Hinweis: Sollte der Scan Button ausgeblendet sein, schliesse das Tool und starte es erneut. Sollte es erneut nicht klappen, teile mir das bitte mit.



Schritt 2

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts löschen, sondern nur einen Scan-Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop.
  • Starte die TDSSKiller.exe.
  • Drücke Start Scan.
  • Warnung: Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
  • TDSSKiller wird ein Logfile auf deinem Systemlaufwerk speichern (C:\TDSSKiller.<version_date_time>log.txt).
  • Poste bitte den Inhalt dieses Logfiles hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von aswMBR
  • Log von TDSSKiller
__________________
cheers,
Leo

Alt 24.02.2013, 19:10   #10
OLI VAN DEN
 
bundestrojaner; suchlauf mit malwarebytes: pup.blabbers - Standard

bundestrojaner; suchlauf mit malwarebytes: pup.blabbers



Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-24 19:00:42
-----------------------------
19:00:42.479    OS Version: Windows x64 6.1.7601 Service Pack 1
19:00:42.479    Number of processors: 4 586 0x2A07
19:00:42.479    ComputerName: OLIVENOEL-PC  UserName: OLIVENOEL
19:00:42.479    Initialze error 1 Unzulässige Funktion.
19:00:42.526    AVAST engine defs: 13022301
19:01:56.143    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
19:01:56.143    Disk 0 Vendor: ST1500DL003-9VT16L CC32 Size: 1430799MB BusType: 3
19:01:56.174    Disk 0 MBR read successfully
19:01:56.174    Disk 0 MBR scan
19:01:56.439    Disk 0 unknown MBR code
19:01:56.439    Disk 0 Partition 1 00     EE          GPT           2097151 MB offset 1
19:01:56.767    Disk 0 scanning C:\Windows\system32\drivers
19:01:56.767    Service scanning
19:01:58.233    Modules scanning
19:01:58.233    Disk 0 trace - called modules:
19:01:58.249    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
19:01:58.249    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800768e060]
19:01:58.249    3 CLASSPNP.SYS[fffff880018c543f] -> nt!IofCallDriver -> [0xfffffa80075e19b0]
19:01:58.249    5 ACPI.sys[fffff88000f327a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0xfffffa8006745680]
19:01:58.264    AVAST engine scan C:\Windows
19:01:58.264    AVAST engine scan C:\Windows\system32
19:01:58.264    AVAST engine scan C:\Windows\system32\drivers
19:01:58.264    AVAST engine scan C:\Users\OLIVENOEL
19:01:58.264    AVAST engine scan C:\ProgramData
19:01:58.264    Scan finished successfully
19:03:14.704    Disk 0 MBR has been saved successfully to "F:\M02Y13\malewarediagnose\MBR.dat"
19:03:15.874    The log file has been saved successfully to "F:\M02Y13\malewarediagnose\aswMBR.txt"
         
Code:
ATTFilter
19:04:36.0573 2008  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:04:36.0573 2008  UEFI system
19:04:36.0714 2008  ============================================================
19:04:36.0714 2008  Current date / time: 2013/02/24 19:04:36.0714
19:04:36.0714 2008  SystemInfo:
19:04:36.0714 2008  
19:04:36.0714 2008  OS Version: 6.1.7601 ServicePack: 1.0
19:04:36.0714 2008  Product type: Workstation
19:04:36.0714 2008  ComputerName: OLIVENOEL-PC
19:04:36.0714 2008  UserName: OLIVENOEL
19:04:36.0714 2008  Windows directory: C:\Windows
19:04:36.0714 2008  System windows directory: C:\Windows
19:04:36.0714 2008  Running under WOW64
19:04:36.0714 2008  Processor architecture: Intel x64
19:04:36.0714 2008  Number of processors: 4
19:04:36.0714 2008  Page size: 0x1000
19:04:36.0714 2008  Boot type: Safe boot
19:04:36.0714 2008  ============================================================
19:04:37.0572 2008  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:04:37.0587 2008  Drive \Device\Harddisk1\DR1 - Size: 0x3B4C00000 (14.82 Gb), SectorSize: 0x200, Cylinders: 0x78F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:04:37.0587 2008  ============================================================
19:04:37.0587 2008  \Device\Harddisk0\DR0:
19:04:37.0587 2008  GPT partitions:
19:04:37.0587 2008  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {0A3C5989-A02A-4848-A7E6-E046B8FCBD6A}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
19:04:37.0587 2008  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {AEB4033B-23DB-4D92-9E2C-3BFB7C9C505C}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x40000
19:04:37.0587 2008  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A5954350-BC56-4881-9297-3FB949604DAE}, Name: Basic data partition, StartLBA 0x72800, BlocksNum 0xAEA15000
19:04:37.0587 2008  MBR partitions:
19:04:37.0587 2008  \Device\Harddisk1\DR1:
19:04:37.0587 2008  MBR partitions:
19:04:37.0587 2008  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1DA5FE0
19:04:37.0587 2008  ============================================================
19:04:37.0619 2008  C: <-> \Device\Harddisk0\DR0\Partition3
19:04:37.0619 2008  ============================================================
19:04:37.0619 2008  Initialize success
19:04:37.0619 2008  ============================================================
19:04:45.0497 2036  ============================================================
19:04:45.0497 2036  Scan started
19:04:45.0497 2036  Mode: Manual; 
19:04:45.0497 2036  ============================================================
19:04:45.0746 2036  ================ Scan system memory ========================
19:04:45.0746 2036  System memory - ok
19:04:45.0746 2036  ================ Scan services =============================
19:04:45.0871 2036  [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:04:45.0871 2036  !SASCORE - ok
19:04:46.0401 2036  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:04:46.0417 2036  1394ohci - ok
19:04:46.0433 2036  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:04:46.0448 2036  ACPI - ok
19:04:46.0464 2036  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:04:46.0464 2036  AcpiPmi - ok
19:04:46.0620 2036  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:04:46.0620 2036  AdobeARMservice - ok
19:04:48.0320 2036  [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:04:48.0336 2036  AdobeFlashPlayerUpdateSvc - ok
19:04:48.0383 2036  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
19:04:48.0383 2036  adp94xx - ok
19:04:48.0414 2036  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
19:04:48.0414 2036  adpahci - ok
19:04:48.0445 2036  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
19:04:48.0445 2036  adpu320 - ok
19:04:48.0476 2036  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:04:48.0476 2036  AeLookupSvc - ok
19:04:48.0523 2036  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:04:48.0523 2036  AFD - ok
19:04:48.0539 2036  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:04:48.0554 2036  agp440 - ok
19:04:48.0570 2036  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:04:48.0570 2036  ALG - ok
19:04:48.0585 2036  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:04:48.0585 2036  aliide - ok
19:04:48.0663 2036  [ 514089CB4A7DF38DC4DD936ADE4114D3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:04:48.0663 2036  AMD External Events Utility - ok
19:04:48.0663 2036  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:04:48.0663 2036  amdide - ok
19:04:48.0679 2036  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
19:04:48.0679 2036  AmdK8 - ok
19:04:48.0819 2036  [ 9A4B92150A5E259A7159D914CC3A60D7 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
19:04:48.0913 2036  amdkmdag - ok
19:04:48.0960 2036  [ 9DEB889D152F9C9DBA98BE8986084535 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
19:04:48.0960 2036  amdkmdap - ok
19:04:48.0991 2036  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
19:04:48.0991 2036  AmdPPM - ok
19:04:49.0007 2036  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:04:49.0007 2036  amdsata - ok
19:04:49.0038 2036  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
19:04:49.0038 2036  amdsbs - ok
19:04:49.0053 2036  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:04:49.0053 2036  amdxata - ok
19:04:49.0178 2036  [ C710B5D634DCCF966661939193175DE4 ] AntUpdaterService C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe
19:04:49.0178 2036  AntUpdaterService - ok
19:04:49.0209 2036  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:04:49.0209 2036  AppID - ok
19:04:49.0209 2036  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:04:49.0209 2036  AppIDSvc - ok
19:04:49.0241 2036  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:04:49.0241 2036  Appinfo - ok
19:04:49.0256 2036  [ BA957E7ACD2B44FA3B01FAA64F6A9060 ] AppleCharger    C:\Windows\system32\DRIVERS\AppleCharger.sys
19:04:49.0256 2036  AppleCharger - ok
19:04:49.0272 2036  [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
19:04:49.0272 2036  AppleChargerSrv - ok
19:04:49.0287 2036  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
19:04:49.0287 2036  arc - ok
19:04:49.0303 2036  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
19:04:49.0303 2036  arcsas - ok
19:04:49.0365 2036  [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
19:04:49.0365 2036  aswFsBlk - ok
19:04:49.0443 2036  [ F146F83E8F7AC22BD011D5942E4C155C ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
19:04:49.0443 2036  aswKbd - ok
19:04:49.0459 2036  [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
19:04:49.0459 2036  aswMonFlt - ok
19:04:49.0506 2036  [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
19:04:49.0506 2036  aswRdr - ok
19:04:49.0521 2036  [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
19:04:49.0537 2036  aswSnx - ok
19:04:49.0568 2036  [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
19:04:49.0568 2036  aswSP - ok
19:04:49.0584 2036  [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
19:04:49.0584 2036  aswTdi - ok
19:04:49.0599 2036  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:04:49.0599 2036  AsyncMac - ok
19:04:49.0599 2036  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:04:49.0599 2036  atapi - ok
19:04:49.0662 2036  [ CBD14F698DEF12EE3557604B726CB8EB ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
19:04:49.0662 2036  AtiHDAudioService - ok
19:04:49.0677 2036  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:04:49.0677 2036  AudioEndpointBuilder - ok
19:04:49.0693 2036  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:04:49.0693 2036  AudioSrv - ok
19:04:49.0833 2036  [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:04:49.0833 2036  avast! Antivirus - ok
19:04:49.0849 2036  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:04:49.0849 2036  AxInstSV - ok
19:04:49.0896 2036  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
19:04:49.0896 2036  b06bdrv - ok
19:04:49.0958 2036  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:04:49.0958 2036  b57nd60a - ok
19:04:50.0005 2036  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:04:50.0005 2036  BDESVC - ok
19:04:50.0036 2036  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:04:50.0036 2036  Beep - ok
19:04:50.0083 2036  [ 06C1E887BF34C0E31EB8E2C999E4842F ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
19:04:50.0083 2036  BEService - ok
19:04:50.0145 2036  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:04:50.0161 2036  BFE - ok
19:04:50.0177 2036  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:04:50.0395 2036  BITS - ok
19:04:50.0411 2036  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:04:50.0411 2036  blbdrive - ok
19:04:50.0489 2036  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:04:50.0489 2036  bowser - ok
19:04:50.0489 2036  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
19:04:50.0489 2036  BrFiltLo - ok
19:04:50.0489 2036  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
19:04:50.0489 2036  BrFiltUp - ok
19:04:50.0535 2036  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:04:50.0535 2036  Browser - ok
19:04:50.0738 2036  [ 9FCD0930616714A752F48DDBA54F3109 ] Browser Manager C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
19:04:50.0769 2036  Browser Manager - ok
19:04:50.0785 2036  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:04:50.0801 2036  Brserid - ok
19:04:50.0801 2036  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:04:50.0801 2036  BrSerWdm - ok
19:04:50.0816 2036  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:04:50.0816 2036  BrUsbMdm - ok
19:04:50.0816 2036  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:04:50.0816 2036  BrUsbSer - ok
19:04:50.0832 2036  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
19:04:50.0832 2036  BTHMODEM - ok
19:04:50.0863 2036  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:04:50.0879 2036  bthserv - ok
19:04:50.0894 2036  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:04:50.0894 2036  cdfs - ok
19:04:50.0925 2036  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
19:04:50.0925 2036  cdrom - ok
19:04:50.0972 2036  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:04:50.0972 2036  CertPropSvc - ok
19:04:50.0972 2036  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
19:04:50.0988 2036  circlass - ok
19:04:51.0003 2036  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:04:51.0003 2036  CLFS - ok
19:04:51.0206 2036  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:04:51.0206 2036  clr_optimization_v2.0.50727_32 - ok
19:04:51.0253 2036  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:04:51.0253 2036  clr_optimization_v2.0.50727_64 - ok
19:04:51.0331 2036  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:04:51.0378 2036  clr_optimization_v4.0.30319_32 - ok
19:04:51.0393 2036  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:04:51.0425 2036  clr_optimization_v4.0.30319_64 - ok
19:04:51.0440 2036  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
19:04:51.0440 2036  CmBatt - ok
19:04:51.0440 2036  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:04:51.0440 2036  cmdide - ok
19:04:51.0487 2036  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
19:04:51.0487 2036  CNG - ok
19:04:51.0518 2036  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
19:04:51.0518 2036  Compbatt - ok
19:04:51.0534 2036  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
19:04:51.0534 2036  CompositeBus - ok
19:04:51.0549 2036  COMSysApp - ok
19:04:51.0627 2036  [ F4FD82F5D6617A45CC3C4B9D4E7DF2C0 ] CPUCooLServer   C:\Program Files (x86)\CPUCooL\CooLSrv.exe
19:04:51.0643 2036  CPUCooLServer - ok
19:04:51.0643 2036  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
19:04:51.0659 2036  crcdisk - ok
19:04:51.0705 2036  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:04:51.0705 2036  CryptSvc - ok
19:04:51.0737 2036  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:04:51.0752 2036  DcomLaunch - ok
19:04:51.0783 2036  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:04:51.0783 2036  defragsvc - ok
19:04:51.0783 2036  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:04:51.0783 2036  DfsC - ok
19:04:51.0799 2036  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:04:51.0799 2036  Dhcp - ok
19:04:51.0830 2036  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:04:51.0830 2036  discache - ok
19:04:51.0830 2036  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
19:04:51.0830 2036  Disk - ok
19:04:51.0861 2036  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:04:51.0861 2036  Dnscache - ok
19:04:51.0877 2036  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:04:51.0877 2036  dot3svc - ok
19:04:51.0893 2036  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:04:51.0893 2036  DPS - ok
19:04:51.0924 2036  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:04:51.0924 2036  drmkaud - ok
19:04:51.0971 2036  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:04:51.0971 2036  dtsoftbus01 - ok
19:04:52.0002 2036  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:04:52.0017 2036  DXGKrnl - ok
19:04:52.0033 2036  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:04:52.0033 2036  EapHost - ok
19:04:52.0080 2036  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
19:04:52.0173 2036  ebdrv - ok
19:04:52.0205 2036  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:04:52.0205 2036  EFS - ok
19:04:52.0283 2036  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:04:52.0283 2036  ehRecvr - ok
19:04:52.0314 2036  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:04:52.0314 2036  ehSched - ok
19:04:52.0329 2036  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
19:04:52.0329 2036  elxstor - ok
19:04:52.0345 2036  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:04:52.0345 2036  ErrDev - ok
19:04:52.0392 2036  [ F4845B5EECA94D200F621BBAAF7946C1 ] EtronHub3       C:\Windows\system32\Drivers\EtronHub3.sys
19:04:52.0392 2036  EtronHub3 - ok
19:04:52.0407 2036  [ 4A5945B5CDCF8EC3F842AE8AAA146A1F ] EtronXHCI       C:\Windows\system32\Drivers\EtronXHCI.sys
19:04:52.0423 2036  EtronXHCI - ok
19:04:52.0439 2036  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:04:52.0439 2036  EventSystem - ok
19:04:52.0470 2036  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:04:52.0470 2036  exfat - ok
19:04:52.0485 2036  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:04:52.0485 2036  fastfat - ok
19:04:52.0517 2036  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:04:52.0532 2036  Fax - ok
19:04:52.0548 2036  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
19:04:52.0548 2036  fdc - ok
19:04:52.0563 2036  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:04:52.0563 2036  fdPHost - ok
19:04:52.0579 2036  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:04:52.0579 2036  FDResPub - ok
19:04:52.0579 2036  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:04:52.0595 2036  FileInfo - ok
19:04:52.0595 2036  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:04:52.0595 2036  Filetrace - ok
19:04:52.0610 2036  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
19:04:52.0610 2036  flpydisk - ok
19:04:52.0626 2036  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:04:52.0641 2036  FltMgr - ok
19:04:52.0688 2036  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
19:04:52.0704 2036  FontCache - ok
19:04:52.0751 2036  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:04:52.0751 2036  FontCache3.0.0.0 - ok
19:04:52.0766 2036  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:04:52.0766 2036  FsDepends - ok
19:04:52.0782 2036  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:04:52.0782 2036  Fs_Rec - ok
19:04:52.0829 2036  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:04:52.0829 2036  fvevol - ok
19:04:52.0844 2036  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
19:04:52.0844 2036  gagp30kx - ok
19:04:52.0875 2036  [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv            C:\Windows\gdrv.sys
19:04:52.0875 2036  gdrv - ok
19:04:52.0922 2036  [ 16C2A6BCDDA8952C2035DEC861492A19 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
19:04:52.0922 2036  ggflt - ok
19:04:52.0969 2036  [ 6B503DF845EABF3457E49FBBDA26C10E ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
19:04:52.0969 2036  ggsemc - ok
19:04:52.0985 2036  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:04:52.0985 2036  gpsvc - ok
19:04:53.0078 2036  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:04:53.0078 2036  gupdate - ok
19:04:53.0109 2036  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:04:53.0109 2036  gupdatem - ok
19:04:53.0125 2036  [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64        C:\Windows\GVTDrv64.sys
19:04:53.0125 2036  GVTDrv64 - ok
19:04:53.0141 2036  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:04:53.0141 2036  hcw85cir - ok
19:04:53.0172 2036  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:04:53.0172 2036  HdAudAddService - ok
19:04:53.0187 2036  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
19:04:53.0187 2036  HDAudBus - ok
19:04:53.0187 2036  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
19:04:53.0187 2036  HidBatt - ok
19:04:53.0203 2036  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
19:04:53.0203 2036  HidBth - ok
19:04:53.0234 2036  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
19:04:53.0250 2036  HidIr - ok
19:04:53.0250 2036  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:04:53.0250 2036  hidserv - ok
19:04:53.0281 2036  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:04:53.0281 2036  HidUsb - ok
19:04:53.0281 2036  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:04:53.0297 2036  hkmsvc - ok
19:04:53.0312 2036  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:04:53.0312 2036  HomeGroupListener - ok
19:04:53.0328 2036  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:04:53.0328 2036  HomeGroupProvider - ok
19:04:53.0406 2036  [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
19:04:53.0421 2036  hpqcxs08 - ok
19:04:53.0437 2036  [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
19:04:53.0437 2036  hpqddsvc - ok
19:04:53.0468 2036  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:04:53.0468 2036  HpSAMD - ok
19:04:53.0484 2036  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:04:53.0484 2036  HTTP - ok
19:04:53.0499 2036  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:04:53.0499 2036  hwpolicy - ok
19:04:53.0515 2036  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
19:04:53.0515 2036  i8042prt - ok
19:04:53.0531 2036  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:04:53.0546 2036  iaStorV - ok
19:04:53.0609 2036  [ 33D4D4A24791587E83F7EE05A446FB7E ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
19:04:53.0609 2036  ICCS - ok
19:04:53.0655 2036  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:04:53.0655 2036  IDriverT - ok
19:04:53.0687 2036  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:04:53.0687 2036  idsvc - ok
19:04:53.0702 2036  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
19:04:53.0702 2036  iirsp - ok
19:04:53.0749 2036  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:04:53.0765 2036  IKEEXT - ok
19:04:53.0765 2036  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:04:53.0765 2036  intelide - ok
19:04:53.0780 2036  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:04:53.0780 2036  intelppm - ok
19:04:53.0780 2036  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:04:53.0796 2036  IPBusEnum - ok
19:04:53.0811 2036  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:04:53.0811 2036  IpFilterDriver - ok
19:04:53.0905 2036  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:04:53.0905 2036  iphlpsvc - ok
19:04:53.0921 2036  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:04:53.0921 2036  IPMIDRV - ok
19:04:53.0936 2036  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:04:53.0936 2036  IPNAT - ok
19:04:53.0952 2036  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:04:53.0952 2036  IRENUM - ok
19:04:53.0967 2036  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:04:53.0967 2036  isapnp - ok
19:04:53.0999 2036  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:04:53.0999 2036  iScsiPrt - ok
19:04:54.0030 2036  [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
19:04:54.0030 2036  iusb3hcs - ok
19:04:54.0061 2036  [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
19:04:54.0061 2036  iusb3hub - ok
19:04:54.0077 2036  [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
19:04:54.0077 2036  iusb3xhc - ok
19:04:54.0108 2036  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:04:54.0108 2036  kbdclass - ok
19:04:54.0108 2036  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:04:54.0108 2036  kbdhid - ok
19:04:54.0123 2036  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:04:54.0123 2036  KeyIso - ok
19:04:54.0170 2036  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:04:54.0170 2036  KSecDD - ok
19:04:54.0186 2036  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:04:54.0186 2036  KSecPkg - ok
19:04:54.0186 2036  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:04:54.0186 2036  ksthunk - ok
19:04:54.0201 2036  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:04:54.0201 2036  KtmRm - ok
19:04:54.0217 2036  [ B8040D3B97B16B89701E31A17353856C ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
19:04:54.0233 2036  L1C - ok
19:04:54.0248 2036  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:04:54.0248 2036  LanmanServer - ok
19:04:54.0279 2036  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:04:54.0279 2036  LanmanWorkstation - ok
19:04:54.0295 2036  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:04:54.0311 2036  lltdio - ok
19:04:54.0326 2036  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:04:54.0326 2036  lltdsvc - ok
19:04:54.0326 2036  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:04:54.0326 2036  lmhosts - ok
19:04:54.0373 2036  [ C56E64BA70DC822B84D100A6F8D690D3 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:04:54.0373 2036  LMS - ok
19:04:54.0389 2036  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
19:04:54.0389 2036  LSI_FC - ok
19:04:54.0435 2036  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
19:04:54.0435 2036  LSI_SAS - ok
19:04:54.0467 2036  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
19:04:54.0467 2036  LSI_SAS2 - ok
19:04:54.0513 2036  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
19:04:54.0513 2036  LSI_SCSI - ok
19:04:54.0545 2036  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:04:54.0545 2036  luafv - ok
19:04:54.0607 2036  [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
19:04:54.0607 2036  MBAMProtector - ok
19:04:54.0669 2036  [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:04:54.0685 2036  MBAMScheduler - ok
19:04:54.0701 2036  [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:04:54.0716 2036  MBAMService - ok
19:04:54.0732 2036  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:04:54.0732 2036  Mcx2Svc - ok
19:04:54.0747 2036  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
19:04:54.0747 2036  megasas - ok
19:04:54.0763 2036  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
19:04:54.0763 2036  MegaSR - ok
19:04:54.0794 2036  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
19:04:54.0794 2036  MEIx64 - ok
19:04:54.0888 2036  Microsoft SharePoint Workspace Audit Service - ok
19:04:54.0919 2036  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:04:54.0919 2036  MMCSS - ok
19:04:54.0935 2036  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:04:54.0935 2036  Modem - ok
19:04:54.0966 2036  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:04:54.0966 2036  monitor - ok
19:04:54.0981 2036  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:04:54.0981 2036  mouclass - ok
19:04:54.0997 2036  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:04:54.0997 2036  mouhid - ok
19:04:55.0013 2036  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:04:55.0013 2036  mountmgr - ok
19:04:55.0028 2036  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:04:55.0028 2036  mpio - ok
19:04:55.0028 2036  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:04:55.0028 2036  mpsdrv - ok
19:04:55.0059 2036  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:04:55.0059 2036  MpsSvc - ok
19:04:55.0075 2036  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:04:55.0075 2036  MRxDAV - ok
19:04:55.0106 2036  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:04:55.0106 2036  mrxsmb - ok
19:04:55.0122 2036  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:04:55.0122 2036  mrxsmb10 - ok
19:04:55.0137 2036  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:04:55.0137 2036  mrxsmb20 - ok
19:04:55.0153 2036  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:04:55.0153 2036  msahci - ok
19:04:55.0215 2036  [ A592A054D78750B4D73ABAA4C94DECDF ] MSCamSvc        C:\Program Files\Microsoft LifeCam\MSCamS64.exe
19:04:55.0215 2036  MSCamSvc - ok
19:04:55.0231 2036  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:04:55.0231 2036  msdsm - ok
19:04:55.0262 2036  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:04:55.0262 2036  MSDTC - ok
19:04:55.0278 2036  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:04:55.0278 2036  Msfs - ok
19:04:55.0293 2036  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:04:55.0293 2036  mshidkmdf - ok
19:04:55.0309 2036  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:04:55.0309 2036  msisadrv - ok
19:04:55.0340 2036  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:04:55.0340 2036  MSiSCSI - ok
19:04:55.0340 2036  msiserver - ok
19:04:55.0340 2036  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:04:55.0340 2036  MSKSSRV - ok
19:04:55.0356 2036  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:04:55.0356 2036  MSPCLOCK - ok
19:04:55.0387 2036  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:04:55.0387 2036  MSPQM - ok
19:04:55.0403 2036  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:04:55.0403 2036  MsRPC - ok
19:04:55.0403 2036  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
19:04:55.0403 2036  mssmbios - ok
19:04:55.0418 2036  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:04:55.0418 2036  MSTEE - ok
19:04:55.0418 2036  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
19:04:55.0418 2036  MTConfig - ok
19:04:55.0434 2036  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:04:55.0434 2036  Mup - ok
19:04:55.0449 2036  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:04:55.0465 2036  napagent - ok
19:04:55.0496 2036  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:04:55.0496 2036  NativeWifiP - ok
19:04:55.0543 2036  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:04:55.0543 2036  NDIS - ok
19:04:55.0559 2036  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:04:55.0559 2036  NdisCap - ok
19:04:55.0574 2036  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:04:55.0574 2036  NdisTapi - ok
19:04:55.0605 2036  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:04:55.0605 2036  Ndisuio - ok
19:04:55.0605 2036  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:04:55.0605 2036  NdisWan - ok
19:04:55.0621 2036  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:04:55.0621 2036  NDProxy - ok
19:04:55.0637 2036  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:04:55.0637 2036  NetBIOS - ok
19:04:55.0652 2036  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:04:55.0668 2036  NetBT - ok
19:04:55.0668 2036  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:04:55.0668 2036  Netlogon - ok
19:04:55.0730 2036  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:04:55.0730 2036  Netman - ok
19:04:55.0730 2036  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:04:55.0730 2036  netprofm - ok
19:04:55.0777 2036  [ D60945C192EC4A7C6455B11B0D7C4610 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
19:04:55.0808 2036  netr28ux - ok
19:04:55.0824 2036  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:04:55.0824 2036  NetTcpPortSharing - ok
19:04:55.0855 2036  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
19:04:55.0855 2036  nfrd960 - ok
19:04:55.0886 2036  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:04:55.0886 2036  NlaSvc - ok
19:04:55.0902 2036  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:04:55.0902 2036  Npfs - ok
19:04:55.0917 2036  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:04:55.0917 2036  nsi - ok
19:04:55.0917 2036  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:04:55.0933 2036  nsiproxy - ok
19:04:55.0980 2036  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:04:56.0011 2036  Ntfs - ok
19:04:56.0058 2036  [ 69E894C5A09C6A6E6372E35653BB05F3 ] ntiopnp         C:\Windows\system32\drivers\ntiopnp.sys
19:04:56.0058 2036  ntiopnp - ok
19:04:56.0089 2036  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:04:56.0089 2036  Null - ok
19:04:56.0261 2036  [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:04:56.0448 2036  nvlddmkm - ok
19:04:56.0526 2036  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:04:56.0526 2036  nvraid - ok
19:04:56.0541 2036  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:04:56.0541 2036  nvstor - ok
19:04:56.0573 2036  [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:04:56.0588 2036  nvsvc - ok
19:04:56.0619 2036  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:04:56.0619 2036  nv_agp - ok
19:04:56.0635 2036  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:04:56.0635 2036  ohci1394 - ok
19:04:56.0744 2036  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:04:56.0744 2036  ose - ok
19:04:56.0869 2036  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:04:56.0931 2036  osppsvc - ok
19:04:56.0963 2036  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:04:56.0963 2036  p2pimsvc - ok
19:04:56.0978 2036  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:04:56.0978 2036  p2psvc - ok
19:04:57.0009 2036  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
19:04:57.0009 2036  Parport - ok
19:04:57.0025 2036  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:04:57.0025 2036  partmgr - ok
19:04:57.0041 2036  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:04:57.0041 2036  PcaSvc - ok
19:04:57.0056 2036  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:04:57.0056 2036  pci - ok
19:04:57.0056 2036  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:04:57.0072 2036  pciide - ok
19:04:57.0087 2036  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
19:04:57.0087 2036  pcmcia - ok
19:04:57.0103 2036  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:04:57.0103 2036  pcw - ok
19:04:57.0134 2036  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:04:57.0134 2036  PEAUTH - ok
19:04:58.0788 2036  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:04:58.0788 2036  PerfHost - ok
19:04:58.0835 2036  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:04:58.0850 2036  pla - ok
19:04:58.0881 2036  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:04:58.0881 2036  PlugPlay - ok
19:04:58.0881 2036  PnkBstrA - ok
19:04:58.0913 2036  PnkBstrB - ok
19:04:58.0928 2036  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:04:58.0928 2036  PNRPAutoReg - ok
19:04:58.0928 2036  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:04:58.0928 2036  PNRPsvc - ok
19:04:58.0959 2036  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:04:58.0975 2036  PolicyAgent - ok
19:04:58.0991 2036  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:04:58.0991 2036  Power - ok
19:04:59.0006 2036  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:04:59.0022 2036  PptpMiniport - ok
19:04:59.0037 2036  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
19:04:59.0037 2036  Processor - ok
19:04:59.0069 2036  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:04:59.0069 2036  ProfSvc - ok
19:04:59.0069 2036  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:04:59.0069 2036  ProtectedStorage - ok
19:04:59.0100 2036  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:04:59.0100 2036  Psched - ok
19:04:59.0131 2036  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
19:04:59.0147 2036  ql2300 - ok
19:04:59.0162 2036  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
19:04:59.0178 2036  ql40xx - ok
19:04:59.0193 2036  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:04:59.0193 2036  QWAVE - ok
19:04:59.0193 2036  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:04:59.0193 2036  QWAVEdrv - ok
19:04:59.0271 2036  [ F502A4B72524D21C5CA7183E61FB522E ] RalinkRegistryWriter C:\Program Files (x86)\ASUS USB-N53 Utility\RaRegistry.exe
19:04:59.0271 2036  RalinkRegistryWriter - ok
19:04:59.0303 2036  [ 56B2EED5F1F150519DFAC03AA9825AF5 ] RalinkRegistryWriter64 C:\Program Files (x86)\ASUS USB-N53 Utility\RaRegistry64.exe
19:04:59.0318 2036  RalinkRegistryWriter64 - ok
19:04:59.0334 2036  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:04:59.0334 2036  RasAcd - ok
19:04:59.0381 2036  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:04:59.0381 2036  RasAgileVpn - ok
19:04:59.0381 2036  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:04:59.0381 2036  RasAuto - ok
19:04:59.0412 2036  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:04:59.0412 2036  Rasl2tp - ok
19:04:59.0427 2036  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:04:59.0427 2036  RasMan - ok
19:04:59.0459 2036  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:04:59.0459 2036  RasPppoe - ok
19:04:59.0474 2036  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:04:59.0474 2036  RasSstp - ok
19:04:59.0490 2036  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:04:59.0490 2036  rdbss - ok
19:04:59.0505 2036  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
19:04:59.0505 2036  rdpbus - ok
19:04:59.0521 2036  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:04:59.0521 2036  RDPCDD - ok
19:04:59.0537 2036  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:04:59.0537 2036  RDPENCDD - ok
19:04:59.0537 2036  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:04:59.0552 2036  RDPREFMP - ok
19:04:59.0568 2036  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:04:59.0568 2036  RDPWD - ok
19:04:59.0599 2036  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:04:59.0599 2036  rdyboost - ok
19:04:59.0615 2036  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:04:59.0615 2036  RemoteAccess - ok
19:04:59.0615 2036  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:04:59.0615 2036  RemoteRegistry - ok
19:04:59.0630 2036  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:04:59.0646 2036  RpcEptMapper - ok
19:04:59.0646 2036  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:04:59.0646 2036  RpcLocator - ok
19:04:59.0677 2036  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:04:59.0677 2036  RpcSs - ok
19:04:59.0693 2036  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:04:59.0693 2036  rspndr - ok
19:04:59.0708 2036  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:04:59.0708 2036  SamSs - ok
19:04:59.0802 2036  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:04:59.0802 2036  SASDIFSV - ok
19:04:59.0833 2036  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:04:59.0833 2036  SASKUTIL - ok
19:04:59.0833 2036  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:04:59.0849 2036  sbp2port - ok
19:04:59.0849 2036  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:04:59.0849 2036  SCardSvr - ok
19:04:59.0864 2036  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:04:59.0864 2036  scfilter - ok
19:04:59.0880 2036  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:04:59.0895 2036  Schedule - ok
19:04:59.0911 2036  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:04:59.0911 2036  SCPolicySvc - ok
19:04:59.0927 2036  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:04:59.0927 2036  SDRSVC - ok
19:04:59.0942 2036  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:04:59.0942 2036  secdrv - ok
19:04:59.0958 2036  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:04:59.0958 2036  seclogon - ok
19:04:59.0973 2036  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:04:59.0973 2036  SENS - ok
19:04:59.0989 2036  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:05:00.0005 2036  SensrSvc - ok
19:05:00.0005 2036  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:05:00.0005 2036  Serenum - ok
19:05:00.0020 2036  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:05:00.0020 2036  Serial - ok
19:05:00.0020 2036  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
19:05:00.0036 2036  sermouse - ok
19:05:00.0036 2036  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:05:00.0036 2036  SessionEnv - ok
19:05:00.0051 2036  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:05:00.0051 2036  sffdisk - ok
19:05:00.0067 2036  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:05:00.0067 2036  sffp_mmc - ok
19:05:00.0067 2036  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:05:00.0067 2036  sffp_sd - ok
19:05:00.0083 2036  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
19:05:00.0083 2036  sfloppy - ok
19:05:00.0114 2036  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:05:00.0114 2036  SharedAccess - ok
19:05:00.0129 2036  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:05:00.0129 2036  ShellHWDetection - ok
19:05:00.0145 2036  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
19:05:00.0145 2036  SiSRaid2 - ok
19:05:00.0161 2036  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
19:05:00.0161 2036  SiSRaid4 - ok
19:05:00.0223 2036  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:05:00.0223 2036  SkypeUpdate - ok
19:05:00.0254 2036  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:05:00.0254 2036  Smb - ok
19:05:00.0301 2036  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:05:00.0301 2036  SNMPTRAP - ok
19:05:00.0410 2036  [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
19:05:00.0410 2036  Sony PC Companion - ok
19:05:00.0426 2036  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:05:00.0426 2036  spldr - ok
19:05:00.0473 2036  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:05:00.0473 2036  Spooler - ok
19:05:00.0535 2036  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:05:00.0566 2036  sppsvc - ok
19:05:00.0582 2036  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:05:00.0582 2036  sppuinotify - ok
19:05:00.0597 2036  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:05:00.0613 2036  srv - ok
19:05:00.0629 2036  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:05:00.0629 2036  srv2 - ok
19:05:00.0644 2036  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:05:00.0644 2036  srvnet - ok
19:05:00.0660 2036  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:05:00.0660 2036  SSDPSRV - ok
19:05:00.0691 2036  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:05:00.0691 2036  SstpSvc - ok
19:05:00.0722 2036  [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus         C:\Windows\system32\DRIVERS\ss_bbus.sys
19:05:00.0722 2036  ss_bbus - ok
19:05:00.0769 2036  [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
19:05:00.0769 2036  ss_bmdfl - ok
19:05:00.0800 2036  [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm         C:\Windows\system32\DRIVERS\ss_bmdm.sys
19:05:00.0800 2036  ss_bmdm - ok
19:05:00.0816 2036  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
19:05:00.0831 2036  stexstor - ok
19:05:00.0863 2036  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:05:00.0863 2036  stisvc - ok
19:05:00.0878 2036  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
19:05:00.0878 2036  swenum - ok
19:05:00.0894 2036  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:05:00.0894 2036  swprv - ok
19:05:00.0925 2036  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:05:00.0956 2036  SysMain - ok
19:05:00.0972 2036  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:05:00.0972 2036  TabletInputService - ok
19:05:00.0987 2036  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:05:00.0987 2036  TapiSrv - ok
19:05:01.0019 2036  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:05:01.0019 2036  TBS - ok
19:05:01.0081 2036  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:05:01.0112 2036  Tcpip - ok
19:05:01.0143 2036  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:05:01.0143 2036  TCPIP6 - ok
19:05:01.0190 2036  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:05:01.0190 2036  tcpipreg - ok
19:05:01.0206 2036  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:05:01.0206 2036  TDPIPE - ok
19:05:01.0221 2036  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:05:01.0221 2036  TDTCP - ok
19:05:01.0253 2036  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:05:01.0253 2036  tdx - ok
19:05:01.0346 2036  [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7     C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
19:05:01.0377 2036  TeamViewer7 - ok
19:05:01.0393 2036  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
19:05:01.0393 2036  TermDD - ok
19:05:01.0409 2036  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:05:01.0409 2036  TermService - ok
19:05:01.0471 2036  [ FA5BFB71E561D279EDAE7E118435C1C9 ] TfFsMon         C:\Windows\system32\drivers\TfFsMon.sys
19:05:01.0471 2036  TfFsMon - ok
19:05:01.0502 2036  [ FA8400D74345EC4BF10E476CA0AAA2DF ] TfNetMon        C:\Windows\system32\drivers\TfNetMon.sys
19:05:01.0518 2036  TfNetMon - ok
19:05:01.0549 2036  [ F11AA1A704A4C027E5E8E0F355523834 ] TfSysMon        C:\Windows\system32\drivers\TfSysMon.sys
19:05:01.0565 2036  TfSysMon - ok
19:05:01.0565 2036  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:05:01.0565 2036  Themes - ok
19:05:01.0580 2036  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:05:01.0596 2036  THREADORDER - ok
19:05:01.0627 2036  ThreatFire - ok
19:05:01.0643 2036  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:05:01.0643 2036  TrkWks - ok
19:05:01.0674 2036  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:05:01.0674 2036  TrustedInstaller - ok
19:05:01.0674 2036  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:05:01.0689 2036  tssecsrv - ok
19:05:01.0705 2036  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:05:01.0705 2036  TsUsbFlt - ok
19:05:01.0721 2036  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
19:05:01.0721 2036  TsUsbGD - ok
19:05:01.0752 2036  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:05:01.0752 2036  tunnel - ok
19:05:01.0767 2036  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
19:05:01.0767 2036  uagp35 - ok
19:05:01.0783 2036  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:05:01.0783 2036  udfs - ok
19:05:01.0799 2036  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:05:01.0799 2036  UI0Detect - ok
19:05:01.0830 2036  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:05:01.0830 2036  uliagpkx - ok
19:05:01.0845 2036  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:05:01.0845 2036  umbus - ok
19:05:01.0861 2036  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
19:05:01.0861 2036  UmPass - ok
19:05:01.0877 2036  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:05:01.0877 2036  upnphost - ok
19:05:01.0923 2036  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:05:01.0923 2036  usbaudio - ok
19:05:01.0939 2036  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:05:01.0939 2036  usbccgp - ok
19:05:01.0955 2036  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:05:01.0955 2036  usbcir - ok
19:05:01.0955 2036  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
19:05:01.0955 2036  usbehci - ok
19:05:01.0970 2036  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:05:01.0970 2036  usbhub - ok
19:05:01.0986 2036  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
19:05:01.0986 2036  usbohci - ok
19:05:02.0017 2036  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:05:02.0017 2036  usbprint - ok
19:05:02.0033 2036  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:05:02.0033 2036  USBSTOR - ok
19:05:02.0048 2036  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:05:02.0048 2036  usbuhci - ok
19:05:02.0064 2036  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:05:02.0064 2036  UxSms - ok
19:05:02.0064 2036  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:05:02.0064 2036  VaultSvc - ok
19:05:02.0079 2036  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:05:02.0079 2036  vdrvroot - ok
19:05:02.0111 2036  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:05:02.0111 2036  vds - ok
19:05:02.0142 2036  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:05:02.0142 2036  vga - ok
19:05:02.0142 2036  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:05:02.0142 2036  VgaSave - ok
19:05:02.0157 2036  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:05:02.0157 2036  vhdmp - ok
19:05:02.0220 2036  [ E8AF45C4FE2457D003E1842806F38748 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
19:05:02.0251 2036  VIAHdAudAddService - ok
19:05:02.0267 2036  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:05:02.0267 2036  viaide - ok
19:05:02.0282 2036  [ 05D6657A9CCFD269D05D41BFFDCE9498 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
19:05:02.0282 2036  VIAKaraokeService - ok
19:05:02.0298 2036  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:05:02.0298 2036  volmgr - ok
19:05:02.0298 2036  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:05:02.0298 2036  volmgrx - ok
19:05:02.0313 2036  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:05:02.0329 2036  volsnap - ok
19:05:02.0329 2036  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
19:05:02.0345 2036  vsmraid - ok
19:05:02.0376 2036  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:05:02.0407 2036  VSS - ok
19:05:02.0423 2036  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
19:05:02.0423 2036  vwifibus - ok
19:05:02.0438 2036  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
19:05:02.0438 2036  vwififlt - ok
19:05:02.0516 2036  [ CE6C085771812D5EE863CC7EF93CAEF2 ] VX1000          C:\Windows\system32\DRIVERS\VX1000.sys
19:05:02.0547 2036  VX1000 - ok
19:05:02.0563 2036  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:05:02.0579 2036  W32Time - ok
19:05:02.0594 2036  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
19:05:02.0594 2036  WacomPen - ok
19:05:02.0610 2036  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:05:02.0610 2036  WANARP - ok
19:05:02.0625 2036  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:05:02.0625 2036  Wanarpv6 - ok
19:05:02.0657 2036  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:05:02.0688 2036  wbengine - ok
19:05:02.0703 2036  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:05:02.0703 2036  WbioSrvc - ok
19:05:02.0719 2036  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:05:02.0719 2036  wcncsvc - ok
19:05:02.0735 2036  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:05:02.0735 2036  WcsPlugInService - ok
19:05:02.0750 2036  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
19:05:02.0750 2036  Wd - ok
19:05:02.0813 2036  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:05:02.0813 2036  Wdf01000 - ok
19:05:02.0828 2036  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:05:02.0828 2036  WdiServiceHost - ok
19:05:02.0828 2036  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:05:02.0828 2036  WdiSystemHost - ok
19:05:02.0844 2036  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:05:02.0844 2036  WebClient - ok
19:05:02.0859 2036  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:05:02.0859 2036  Wecsvc - ok
19:05:02.0891 2036  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:05:02.0891 2036  wercplsupport - ok
19:05:02.0906 2036  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:05:02.0906 2036  WerSvc - ok
19:05:02.0953 2036  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:05:02.0953 2036  WfpLwf - ok
19:05:02.0953 2036  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:05:02.0953 2036  WIMMount - ok
19:05:02.0969 2036  WinDefend - ok
19:05:02.0969 2036  WinHttpAutoProxySvc - ok
19:05:03.0171 2036  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:05:03.0171 2036  Winmgmt - ok
19:05:03.0218 2036  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:05:03.0249 2036  WinRM - ok
19:05:03.0327 2036  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:05:03.0327 2036  WinUsb - ok
19:05:03.0343 2036  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:05:03.0359 2036  Wlansvc - ok
19:05:03.0468 2036  [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:05:03.0499 2036  wlidsvc - ok
19:05:03.0499 2036  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:05:03.0499 2036  WmiAcpi - ok
19:05:03.0515 2036  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:05:03.0530 2036  wmiApSrv - ok
19:05:03.0530 2036  WMPNetworkSvc - ok
19:05:03.0546 2036  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:05:03.0546 2036  WPCSvc - ok
19:05:03.0561 2036  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:05:03.0561 2036  WPDBusEnum - ok
19:05:03.0577 2036  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:05:03.0577 2036  ws2ifsl - ok
19:05:03.0593 2036  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:05:03.0593 2036  wscsvc - ok
19:05:03.0593 2036  WSearch - ok
19:05:03.0655 2036  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:05:03.0686 2036  wuauserv - ok
19:05:03.0733 2036  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:05:03.0749 2036  WudfPf - ok
19:05:03.0764 2036  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:05:03.0764 2036  WUDFRd - ok
19:05:03.0811 2036  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:05:03.0811 2036  wudfsvc - ok
19:05:03.0827 2036  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:05:03.0889 2036  WwanSvc - ok
19:05:03.0936 2036  [ AEC505976EF01BBD8F57CBA912F39259 ] XG762_VS        C:\Windows\system32\DRIVERS\WlanGZG.sys
19:05:03.0936 2036  XG762_VS - ok
19:05:03.0967 2036  ================ Scan global ===============================
19:05:03.0983 2036  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:05:04.0014 2036  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:05:04.0014 2036  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
19:05:04.0045 2036  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:05:04.0045 2036  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:05:04.0061 2036  [Global] - ok
19:05:04.0061 2036  ================ Scan MBR ==================================
19:05:04.0076 2036  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
19:05:04.0076 2036  \Device\Harddisk0\DR0 - ok
19:05:04.0076 2036  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
19:05:04.0092 2036  \Device\Harddisk1\DR1 - ok
19:05:04.0092 2036  ================ Scan VBR ==================================
19:05:04.0092 2036  [ 9132931FDB2E7A79E0E303FB799F4F05 ] \Device\Harddisk0\DR0\Partition1
19:05:04.0092 2036  \Device\Harddisk0\DR0\Partition1 - ok
19:05:04.0092 2036  [ A1A1CC4BA4AE1C51FC0245E9B1587FFB ] \Device\Harddisk0\DR0\Partition2
19:05:04.0092 2036  \Device\Harddisk0\DR0\Partition2 - ok
19:05:04.0092 2036  [ B57AAE6C79CC0AC4104657D0DE9BD155 ] \Device\Harddisk0\DR0\Partition3
19:05:04.0107 2036  \Device\Harddisk0\DR0\Partition3 - ok
19:05:04.0107 2036  [ 5BBF4EDCB2F105EB4F594D567469EBCD ] \Device\Harddisk1\DR1\Partition1
19:05:04.0107 2036  \Device\Harddisk1\DR1\Partition1 - ok
19:05:04.0107 2036  ============================================================
19:05:04.0107 2036  Scan finished
19:05:04.0107 2036  ============================================================
19:05:04.0107 2028  Detected object count: 0
19:05:04.0107 2028  Actual detected object count: 0
19:05:51.0672 2000  Deinitialize success
         

Alt 24.02.2013, 19:41   #11
aharonov
/// TB-Ausbilder
 
bundestrojaner; suchlauf mit malwarebytes: pup.blabbers - Standard

bundestrojaner; suchlauf mit malwarebytes: pup.blabbers



Hallo,

bitte wenn immer möglich im normalen Modus arbeiten und alle Tools auf den Desktop speichern und von dort ausführen.


Schritt 1

Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
  • Schliesse alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



Schritt 2

Warnung für Mitleser:
Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde!


Downloade dir bitte Combofix.
  • WICHTIG: Speichere Combofix auf deinen Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft, bitte gar nichts am Computer arbeiten, auch nicht die Maus bewegen!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen (C:\Combofix.txt).
  • Bitte poste den Inhalt dieses Logfiles in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von Combofix
  • Log von OTL
__________________
cheers,
Leo

Alt 24.02.2013, 20:05   #12
OLI VAN DEN
 
bundestrojaner; suchlauf mit malwarebytes: pup.blabbers - Standard

bundestrojaner; suchlauf mit malwarebytes: pup.blabbers



gerade windows im normalen modus gebootet.
desktophintergrundbild sowie komplette untere startleitste wird angezeigt.
allerdings reagiert pc auf keine aktion, kein taskmanager aufrufbar.

was nun. wieder im abgesicherten modus mit Malwarebytes scannen um auf normalmodus zugreifen zu können oder im abgesicherten modus deine vorher genannten 3 programme durchlaufen lassen?

Alt 24.02.2013, 20:25   #13
aharonov
/// TB-Ausbilder
 
bundestrojaner; suchlauf mit malwarebytes: pup.blabbers - Standard

bundestrojaner; suchlauf mit malwarebytes: pup.blabbers



Ok, dann geh wieder in den abgesicherten Modus und versuche obige Schritte dort auszuführen.
__________________
cheers,
Leo

Alt 24.02.2013, 20:57   #14
OLI VAN DEN
 
bundestrojaner; suchlauf mit malwarebytes: pup.blabbers - Standard

bundestrojaner; suchlauf mit malwarebytes: pup.blabbers



im abgesicherten modus adwcleaner durchlaufen. nach neustart im normalmodus weiterhin genanntes problem-->start im abgesicherten modus hier logfile

Code:
ATTFilter
# AdwCleaner v2.113 - Datei am 24/02/2013 um 20:32:50 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : OLIVENOEL - OLIVENOEL-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\OLIVENOEL\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : Browser Manager

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\OLIVENOEL\AppData\Local\funmoods-speeddial.crx
Datei Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Ordner Gelöscht : C:\Program Files (x86)\1ClickDownload
Ordner Gelöscht : C:\Program Files (x86)\BabylonToolbar
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\Program Files (x86)\NCH_EN
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\yourfiledownloader
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\LocalLow\NCH_EN
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Roaming\BabylonToolbar
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\OLIVENOEL\AppData\Roaming\yourfiledownloader
Ordner Gelöscht : C:\Users\OLIVENOEL\Funmoods
Ordner Gelöscht : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Ordner Gelöscht : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\23787~1.43\{16cdf~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\NCH_EN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\BrowserMngr
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\a538dddb06aba48
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\Software\BrowserMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\1ClicktorrentFile
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\1ClicktorrentFile1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\254796BF4AC84B64891B61C529A2E23F
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\254796BF4AC84B64891B61C529A2E23F
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\oneclick
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\oneclickmg
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sim-packages
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2801948
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{125B7A09-B405-46FB-95FB-96CF6B72992D}
Schlüssel Gelöscht : HKLM\Software\NCH_EN
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\a538dddb06aba48
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{125B7A09-B405-46FB-95FB-96CF6B72992D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{544F518B-727B-45DA-AA64-C64FB2631BA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7E83544B-A4F2-4027-975A-4C3B808A2FED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37483B40-C254-4A72-BDA4-22EE90182C1E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{774C0434-9948-4DEE-A14E-69CDD316E36C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\NCH_EN Toolbar
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{37483B40-C254-4A72-BDA4-22EE90182C1E}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16464

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801948 --> hxxp://www.google.com
Gelöscht : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page]
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318 --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyD0EyDtDtB0CyE0F0FzytN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=458433318 --> hxxp://www.google.com

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\OLIVENOEL\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.39] : homepage = "hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_2&babsrc=HP_ss&mntrId=aec[...]
Gelöscht [l.44] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_2&[...]
Gelöscht [l.1947] : homepage = "hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_2&babsrc=HP_ss&mntrId=aec44f[...]
Gelöscht [l.2408] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112555&tt=bandext_3312_2&bab[...]

-\\ Opera v12.14.1738.0

Datei : C:\Users\OLIVENOEL\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [27124 octets] - [24/02/2013 20:32:50]

########## EOF - C:\AdwCleaner[S1].txt - [27185 octets] ##########
         

combofix meldet, dass avast im hintergrund läuft. allerdings kein avast prozess offen ist. auch kein avast dienst aktiv. somit mit ok bestätigt, 2tes fenster erscheint, in welchem erneut darauf hingewiesen wird, dass avast aktiv ist.
was nun

werde den combofix-suchlauf trotz der warnmeldung , dass avast aktiv ist und demnach daten beschädigt werden könnten, starten.
kenne keine andere möglichkeit avast zu beenden, außer über taskmanager prozess und dienst zu beenden.
besserer vorschlag vorhanden?

Alt 24.02.2013, 22:39   #15
aharonov
/// TB-Ausbilder
 
bundestrojaner; suchlauf mit malwarebytes: pup.blabbers - Standard

bundestrojaner; suchlauf mit malwarebytes: pup.blabbers



Zitat:
kenne keine andere möglichkeit avast zu beenden, außer über taskmanager prozess und dienst zu beenden.
Du kannst in der Taskleiste und rechts einen Rechtsklick auf das avast-Symbol machen und dann avast! Schutzsteuerung -> Dauerhaft deaktivieren auswählen.
__________________
cheers,
Leo

Antwort

Themen zu bundestrojaner; suchlauf mit malwarebytes: pup.blabbers
abgesicherten, abgesicherter, angezeigt, bundestrojaner, dateien, durchgeführt, eingabeaufforderung, entfernen, explorer.exe, geladen, gesperrt, installiert, malwarebytes, modus, ms-dos, netzwerk, neue version, neuer bundestrojaner, nicht möglich, pup.blabbers, pup.funmoods, speicher, speichern, trojan.agent.rns, version, vorgehen, webseite



Ähnliche Themen: bundestrojaner; suchlauf mit malwarebytes: pup.blabbers


  1. Pup.Optional.DownloadSponsor von Malwarebytes free beim Suchlauf gefunden, Avast hat nichts angezeigt.
    Plagegeister aller Art und deren Bekämpfung - 18.02.2015 (6)
  2. Malwarebytes Pro hängt sich bei vollständigem Suchlauf auf, dann friert auch der PC ein
    Log-Analyse und Auswertung - 14.11.2014 (17)
  3. Malwarebytes Suchlauf 2 infizierte Objekte
    Plagegeister aller Art und deren Bekämpfung - 01.02.2014 (5)
  4. Malwarebytes Suchlauf ca. 140 infizierte Objekte :(
    Plagegeister aller Art und deren Bekämpfung - 19.01.2014 (13)
  5. suchlauf mit malwarebytes
    Log-Analyse und Auswertung - 01.01.2014 (3)
  6. Fund bei Suchlauf mit Malwarebytes Anti-Malware
    Plagegeister aller Art und deren Bekämpfung - 15.12.2013 (15)
  7. Suchlauf mit Malwarebytes Win XP
    Log-Analyse und Auswertung - 10.08.2013 (9)
  8. PUP.Blabbers mit Malwarebytes gefunden. Was tun?
    Plagegeister aller Art und deren Bekämpfung - 26.01.2013 (11)
  9. Malwarebytes findet 40 Objekte pup.blabbers
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (34)
  10. PUP.Blabbers bei Malwarebytes Anti-Malware Scan gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (14)
  11. Malwarebytes findet einige Objekte pup.blabbers
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (3)
  12. Malwarebytes findet pup.blabbers (36 Objekte) was mache denn nun ?
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (9)
  13. Trojaner - wie weiter vorgehen nach Malwarebytes Suchlauf?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (1)
  14. Malwarebytes Suchlauf->Ergebnis: Malware.Trace,PUP.Dealio, PUM.Disabled.SecurityCenter
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  15. Bei vollständigem Suchlauf mit Malwarebytes' 4 mal Trojan.Banker gefunden
    Log-Analyse und Auswertung - 12.04.2012 (7)
  16. Windows aus Sicherheitsgründen gesperrt - Trojaner, malwarebytes Suchlauf ohne Fund
    Plagegeister aller Art und deren Bekämpfung - 04.01.2012 (10)
  17. PC stürzt während Malwarebytes Anti-Malware Suchlauf ab!
    Plagegeister aller Art und deren Bekämpfung - 28.10.2011 (1)

Zum Thema bundestrojaner; suchlauf mit malwarebytes: pup.blabbers - nach laden einer webseite wurde explorer gesperrt und eine neue version der altbekannten bundestrojaner erschien. windows 7 (64bit) - start im abgesicherten modus (ohne netzwerktreiber, da dies nicht möglich war, - bundestrojaner; suchlauf mit malwarebytes: pup.blabbers...
Archiv
Du betrachtest: bundestrojaner; suchlauf mit malwarebytes: pup.blabbers auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.