Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundespolizei Virus eingefangen seitdem Pc laut

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 02.06.2013, 17:05   #1
starta
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



Guten Tag.

Ich habe mir gestern den Virus Bundespolizei eingefangen.
Habe dann im abgesicherten Modus eine Systemwiderherstellung gemacht, dann Malwarebytes durchlaufen lassen und die bereits mit Haken versehenden Viren entfernt.

Seit dem Virusbefall ist der CPU-Lüfter die ganze Zeit viel zu laut und wenn ich dann z.B. eine Website öffne wird er noch lauter. Aber selbst wenn nichts am PC mache wird er alle paar Sekunden für einen kurzen Moment was lauter und dann wieder was leiser, dann wieder lauter, also ständig im Wechsel.
Was soll ich tun?

Hatte schon mal diesen Virus und da hatte ich keine Probleme mehr nachdem ich Malwarebytes durchlaufen ließ.

In Malwarebytes wo bei den Viren kein Haken automatisch dran gesetzt wird zum entfernen, darf ich die eigentlich auch einfach mit Haken versehen und entfernen? Bin ein Laie was die Sache angeht.

Danke schon mal im vor raus.

Mit freundlichen Grüßen

Hier mal die Logdatei von gestern

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.26.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
christian :: CHRISTIAN-PC [Administrator]

01.06.2013 16:06:27
mbam-log-2013-06-01 (16-06-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 371644
Laufzeit: 57 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Löschen bei Neustart.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\christian\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt.
C:\Users\christian\AppData\Local\Temp\jpkoswu (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\christian\AppData\Roaming\skype.dat (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

Alt 02.06.2013, 17:14   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 02.06.2013, 17:34   #3
starta
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



Ja habe noch paar ältere Logs mit Funde.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.26.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
christian :: CHRISTIAN-PC [Administrator]

26.05.2013 14:19:20
mbam-log-2013-05-26 (14-19-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 367914
Laufzeit: 47 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Löschen bei Neustart.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\christian\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt.
C:\ProgramData\2433f433 (Trojan.Agent.TPL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\christian\AppData\Roaming\2433f433 (Trojan.Agent.TPL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\christian\AppData\Local\2433f433 (Trojan.Agent.TPL) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.11.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
christian :: CHRISTIAN-PC [Administrator]

11.05.2013 20:08:15
mbam-log-2013-05-11 (20-08-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 355351
Laufzeit: 58 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Löschen bei Neustart.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\christian\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt.
C:\Users\christian\AppData\Local\Temp\dabsihh (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\christian\AppData\Roaming\skype.dat (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.28.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
christian :: CHRISTIAN-PC [Administrator]

03.05.2013 17:09:34
mbam-log-2013-05-03 (17-09-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 352414
Laufzeit: 48 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Löschen bei Neustart.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Wotonoobzi (Trojan.Zbot.gen) -> Daten: C:\Users\christian\AppData\Roaming\Fore\dicek.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\christian\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt.
C:\Users\christian\AppData\Roaming\Fore\dicek.exe (Trojan.Zbot.gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.28.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
christian :: CHRISTIAN-PC [Administrator]

28.04.2013 10:20:02
mbam-log-2013-04-28 (10-20-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 343511
Laufzeit: 50 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 5
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt.
HKCR\CLSID\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Elivg (Trojan.FakeMS) -> Daten: C:\Users\christian\AppData\Roaming\Kyal\roci.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Putua (Trojan.FakeMS) -> Daten: C:\Users\christian\AppData\Roaming\Nogy\ceri.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 11
C:\Users\christian\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt.
C:\Users\christian\AppData\Roaming\Kyal\roci.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\christian\AppData\Roaming\Nogy\ceri.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\christian\AppData\Roaming\AcroIEHelpe.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-169190448-2637492132-308262306-1001\$827f458620d6e9b620600900ef3daaa9\U\00000004.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-169190448-2637492132-308262306-1001\$827f458620d6e9b620600900ef3daaa9\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-169190448-2637492132-308262306-1001\$827f458620d6e9b620600900ef3daaa9\U\000000cb.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-169190448-2637492132-308262306-1001\$827f458620d6e9b620600900ef3daaa9\U\80000000.@ (Trojan.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\2afca8de-283ae498 (Trojan.Agent.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\christian\AppData\Roaming\BAcroIEHelpe.dll (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.24.08

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
christian :: CHRISTIAN-PC [Administrator]

25.10.2012 02:21:46
mbam-log-2012-10-25 (02-21-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 336067
Laufzeit: 49 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt.
HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Downloader) -> Daten: C:\Users\christian\AppData\Roaming\appConf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\christian\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt.
C:\Users\christian\Downloads\etypesetup (1).exe (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt.
C:\Users\christian\Downloads\etypesetup.exe (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt.
C:\Users\christian\AppData\Roaming\appConf32.exe (Trojan.Downloader) -> Löschen bei Neustart.
C:\Users\christian\AppData\Roaming\loaupdt.jpg (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.24.08

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
christian :: CHRISTIAN-PC [Administrator]

25.10.2012 02:21:46
mbam-log-2012-10-25 (02-21-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 336067
Laufzeit: 49 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt.
HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Downloader) -> Daten: C:\Users\christian\AppData\Roaming\appConf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\christian\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt.
C:\Users\christian\Downloads\etypesetup (1).exe (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt.
C:\Users\christian\Downloads\etypesetup.exe (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt.
C:\Users\christian\AppData\Roaming\appConf32.exe (Trojan.Downloader) -> Löschen bei Neustart.
C:\Users\christian\AppData\Roaming\loaupdt.jpg (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.01.01

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
christian :: CHRISTIAN-PC [Administrator]

Schutz: Aktiviert

02.09.2012 03:34:41
mbam-log-2012-09-02 (03-34-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 290365
Laufzeit: 37 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 3
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\christian\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt.

(Ende)
         
Code:
ATTFilter
christian :: CHRISTIAN-PC [Administrator]

Schutz: Aktiviert

29.08.2012 02:39:54
mbam-log-2012-08-29 (02-39-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 316408
Laufzeit: 42 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Keine Aktion durchgeführt.
HKCR\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\gencrawler_gc.GenCrawler (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D} (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files\TSearch (Adware.TSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 7
C:\Users\christian\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt.
C:\Users\christian\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll (Trojan.Downloader) -> Löschen bei Neustart.
C:\Program Files\smartdl\vfd.exe (Adware.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T09W9YGP\vfd-ob2[1].exe (Adware.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5bbddca1-260e243a (Trojan.PWS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files\TSearch\results (Adware.TSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Das wäre dann alles was ich habe.
__________________

Alt 02.06.2013, 22:54   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.06.2013, 23:22   #5
starta
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



Hier die zwei Logfiles

Code:
ATTFilter
OTL Extras logfile created on: 03.06.2013 00:02:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\christian\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 48,55% Memory free
5,87 Gb Paging File | 3,68 Gb Available in Paging File | 62,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,95 Gb Total Space | 39,69 Gb Free Space | 27,01% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-PC | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0043B1B1-4ADF-4399-976D-170E6BF67D98}" = rport=139 | protocol=6 | dir=out | app=system | 
"{02B454A0-77A7-4CD6-85DA-51AC39EE4586}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{21A572B5-E7F5-4379-A4C5-B2FE1F9FCD5C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2335967D-2397-4B7B-A190-1B84BC7D3F6E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2EBC63DA-74EF-4AD5-A429-CF884F7AFFA2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2F93EC86-1958-4138-A557-2B4C626E9014}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3F3CDEC8-451E-42BA-9662-C6AAE5DAE376}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3F44D59E-6B6C-4983-AF26-59C5E31FFE07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{49FCA299-F92A-4435-BAD1-8C99A8AD076A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4B3F807E-3B16-483D-9263-3CC3350B52D6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{564CFD75-D79A-45FB-8DD9-A0ACD35285AF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{57AA0D82-004F-4D12-BB7E-1DBF67E65CF7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{617F8F74-29AA-4D9F-B2D0-A0786AD8BBC0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6A05BD3B-A572-4A9A-8CB4-8031A8AFFE8C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6B02A4C4-42B7-4D2B-A593-5F45616955EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6FA622F9-15F1-40D2-AEFB-BD6472124E37}" = lport=137 | protocol=17 | dir=in | app=system | 
"{72E1306B-6D79-452C-B039-98E2C49E27F1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{80D40AD6-ECA1-4581-9096-521EEF85E8DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BE0B9893-6D30-4466-8110-726B72C5403D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BED7BC52-A47B-49E3-94CF-3973F6E1A488}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CE6D8056-2560-4A4A-9467-5F7AEAEAB376}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D3E500CE-6D80-4164-8409-A38A0D580C04}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EFF2543B-9D65-4592-B390-C72BF9043BC1}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5B632F-BA10-411D-AA70-7FD5C40574BD}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{0F0F2A25-F1C4-4EEE-9357-D7C9D66322B8}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | 
"{0FA1FB00-8F35-48A6-BF98-1D822781E3E3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{12050029-741F-437E-9EE6-DA904BC055FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1FFA7CB6-4D84-448C-A227-FD8D3F482349}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{232FAC31-4989-4EE2-B67E-EB327057E8ED}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{23FB0F58-4580-49D1-AFA1-EA1D7E55A5C2}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{2A99FBE5-16E2-420A-AB8A-9749E0F71A3E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2FE246A3-6D94-4749-AB22-7349A4E25746}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{38959AD0-F4EA-4088-92B8-E3725449F209}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{41354A1F-19B1-4BA9-AF61-F8C6F45A9FEF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{434DDC38-A711-4463-9E5A-B77140E4A8C8}" = dir=in | app=c:\program files\acr\autoclubrev\web\acrlauncher.exe | 
"{491BD2CB-C59B-4B0C-9276-44F5FD5747C1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4B314CB6-A9FF-41A1-892B-FACF9FE707F2}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{4D976349-DD8F-4AD7-B840-E8CE8B220C91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4E8A4160-FA26-499C-A514-CEA76AB9529F}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{5F07C518-4FF0-4AF6-91AF-CE1BA96B0BA5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{6052C571-3971-4078-87E1-EB5178EBDE1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62633842-8B2E-4A1A-8241-B304A4E5C450}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\homefront\binaries\homefront.exe | 
"{6CF54414-A6A8-4FFA-ACA6-432636087C79}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{71E38912-E46E-4B9C-85C8-1536AEB65B70}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{76429C89-CA3E-47AD-B260-E98D8CB778CD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{799E3303-B7BF-4EE2-9654-8406C9C8D07B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{7C885785-F59D-4A7A-AE38-949583A26C34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7D474FD4-08CC-4BE9-B9CD-1D9B9A64B5FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{81A6DB89-E30D-43A4-AA41-E11374AA7236}" = protocol=6 | dir=out | app=system | 
"{8A574993-2E62-4964-904A-AEA759E4E453}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | 
"{90D05CC1-0EF6-48BE-BB5A-2FB1C10A1D26}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9D8A4DC7-33A2-43AE-AFEB-C45E6BEC9624}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{9EB52FC1-E1F0-4E84-BF1A-ED27568ABB0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9F1C7599-C882-4904-89F8-C1387665E854}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\homefront\binaries\homefront.exe | 
"{AC9D3256-AD7B-46D9-98B5-08B78E9225F0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{AF8EED70-1AFE-440D-A611-6A6FE5D6CD34}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{B35436B7-FE99-4109-B401-17FC15FCB2A0}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{B5A601EF-8457-4EEC-A3A1-5635856BC980}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{B686EA00-8553-4B86-B6C9-FA11C7891950}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | 
"{BA3C3DCA-A576-48C8-9D6E-816F250E3DD6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C0725131-A386-4553-AF1B-7BAA63EEE4D1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C171A88A-78E8-4414-A07A-63344EFEAD53}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{CD6F7D71-A456-44B4-89EF-AC2C9574E313}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D0C9151D-5B9A-4AC7-AB7D-9353BCAA52DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D279FDB8-DC58-4269-8B63-9678549A7BDB}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{D300E9AD-BCEC-4768-A131-CBAB4524E2D0}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{D697124E-D750-439C-970D-B9CB5C7871D0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{E0065CA9-E11D-45D5-927E-BA10DFA9FAC7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E529F1BF-517D-48B3-B7A7-2AC61D086158}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E5FEFA4D-D0E3-4498-9DA8-345304631D6A}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | 
"{ECBBC2C2-70D8-4447-8663-35C79EA778D9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EEA5E877-418E-4C5D-B763-430CA020881F}" = dir=in | app=c:\program files\acr\autoclubrev\bin\acr.exe | 
"{F4677B4C-49AC-426D-8B69-963DBFA71B8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F6536AD2-FF60-4742-9999-727B921A0F49}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{FC309E73-D704-4645-853E-E0A8F8E189CE}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"TCP Query User{06038E17-538C-42E8-90B8-00A27D295379}C:\program files\electronic arts\medal of honor\mp\mohmpgame.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\medal of honor\mp\mohmpgame.exe | 
"TCP Query User{304B1DBC-E52D-46FE-A14D-39C6E74D66DB}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{314863C1-772E-4A3E-9D9A-DF57ABEBC772}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{481D194F-8B13-4362-9851-77E582A27CB1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{4E144FB8-88A0-442C-A6C0-2A3E3F4F13CC}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{513062CB-E94D-4243-8AAC-A826EB6675CD}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{5910158A-981B-4188-966E-773355EB8FB3}C:\udk\paranormal - beta 4\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\paranormal - beta 4\binaries\win32\udk.exe | 
"TCP Query User{5C23BD90-2110-498E-A5B3-AF93C31120F2}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{5CA5C6C4-71AD-4F59-B8DF-48FAADA550F0}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{9F5D0BB9-00DA-43FE-906F-6D68F50E4E8D}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{A3544468-48BD-41B0-BF09-03A8B762947B}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{A4BD2B54-EE94-4A81-B53F-2487F50BC76A}C:\program files\electronic arts\medal of honor\binaries\moh.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\medal of honor\binaries\moh.exe | 
"TCP Query User{AEA6BCCD-C52A-4E86-B66C-8232996EB460}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{E2208F94-D025-444D-AF0B-80F0AF19920C}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{F453324D-3442-4912-B339-3C76F867DEBF}C:\program files\hercules\classic silver\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 
"TCP Query User{FD53C1BD-C29F-4E17-84F5-B011632CD8A8}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{03D29D41-B75B-41EC-8044-160532DDA779}C:\program files\electronic arts\medal of honor\binaries\moh.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\medal of honor\binaries\moh.exe | 
"UDP Query User{075445E8-2142-47EC-960F-F06569BE3A60}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{09DC2C09-68D6-492C-9F89-3AB0A415BF87}C:\program files\hercules\classic silver\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 
"UDP Query User{0ECF42CD-CC74-44C3-87AA-6565A25D27D6}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{377F22F4-0CCD-42B9-92C6-B94867C6D584}C:\program files\electronic arts\medal of honor\mp\mohmpgame.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\medal of honor\mp\mohmpgame.exe | 
"UDP Query User{391395CA-C694-424A-878D-03BCB50E9C98}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{546C6CA0-5DD7-4ECE-8627-47EEA01BFEFC}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{729C9629-0A08-45F1-898C-B22D71217521}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{82F5EA8A-12CE-4AB9-84C3-D905CD4D210F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{93CB7A51-8462-4F73-9918-D857812646F4}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{B5E01533-DCD3-4760-AA95-AE50B93D7074}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{B77DD564-8392-48D6-BDCA-35FC2EA5F2B9}C:\udk\paranormal - beta 4\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\paranormal - beta 4\binaries\win32\udk.exe | 
"UDP Query User{C446E2F9-43A2-4F53-9DFF-E52534DBA61A}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{D63A04A0-AFA8-42CC-9F12-B4CCAB926F7F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{EACC3CDF-BA2B-41F4-A1B4-022472DB05A3}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{EB5BC889-9F48-4AC0-BD10-9A58F2906B52}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.118.08260
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = Browser Manager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{D0353B68-A142-4F89-A46E-1C9A7745D636}" = Download Navigator
"{D137B59C-551C-4659-8AA8-206FA650BF40}" = LG USB Modem Drivers
"{D3D02004-0977-4BB1-8FE8-8BC4230DCEEC}}_is1" = ACR version 0.001
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FD4FE0F7-91FC-43A2-9C3A-187553991FFF}" = Hercules Classic Silver Webcam
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Any Video Converter_is1" = Any Video Converter 3.4.2
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v.10.0.15
"Ashampoo_DE Toolbar" = Ashampoo DE Toolbar
"AssaultCube_v1.1.0.4" = AssaultCube v1.1.0.4
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BFGC" = Big Fish Games: Game Manager
"BFG-Dream Chronicles 2 - The Eternal Maze" = Dream Chronicles ™ 2: The Eternal Maze
"CCleaner" = CCleaner
"Dream Chronicles" = Dream Chronicles
"EPSON Scanner" = EPSON Scan
"EPSON XP-102 103 Series" = EPSON XP-102 103 Series Printer Uninstall
"EPSON XP-102 103 Series Useg" = Benutzerhandbuch EPSON XP-102 103 Series
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Hardware Helper_is1" = Hardware Helper
"HitmanPro37" = HitmanPro 3.7
"HotspotShield" = Hotspot Shield 2.78
"HyperCam 3 3.5.1210.30" = HyperCam 3
"ICQToolbar" = ICQ Toolbar
"kikin Plugin (NO23 Edition)" = kikin Plugin (NO23 Edition) 1.11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OGPlanet Game Launcher" = OGPlanet Game Launcher
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"ScummVM_is1" = ScummVM 1.5.0
"SpeedFan" = SpeedFan (remove only)
"Steam App 55100" = Homefront
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ClubCooee" = Club Cooee
"Google Chrome" = Google Chrome
"TaomeeBrowser" = 淘米儿童浏览器
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.06.2013 09:02:15 | Computer Name = christian-PC | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 02.06.2013 09:02:15 | Computer Name = christian-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 02.06.2013 09:02:15 | Computer Name = christian-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 02.06.2013 09:02:22 | Computer Name = christian-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 02.06.2013 09:02:22 | Computer Name = christian-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 02.06.2013 09:02:22 | Computer Name = christian-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 02.06.2013 09:02:22 | Computer Name = christian-PC | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 02.06.2013 09:21:19 | Computer Name = christian-PC | Source = Application Hang | ID = 1002
Description = Programm everest.bin, Version 2.20.405.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 111c    Startzeit:
 01ce5f93d2d081fd    Endzeit: 28    Anwendungspfad: C:\Program Files\Lavalys\EVEREST Home
 Edition\everest.bin    Berichts-ID: 44e6525d-cb87-11e2-b9e7-00009236e0af  
 
Error - 02.06.2013 15:56:35 | Computer Name = christian-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 10.0.9200.16576 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 3588    Startzeit: 01ce5fcb3496c6f8    Endzeit: 176    Anwendungspfad:
 C:\Program Files\Internet Explorer\iexplore.exe    Berichts-ID:   
 
Error - 02.06.2013 16:13:55 | Computer Name = christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16576,
 Zeitstempel: 0x515e30fe  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x858dfffc  ID des fehlerhaften
 Prozesses: 0x2948  Startzeit der fehlerhaften Anwendung: 0x01ce5fa0f2ad151f  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: f2c50688-cbc0-11e2-b9e7-00009236e0af
 
[ System Events ]
Error - 11.05.2013 10:25:34 | Computer Name = christian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst 
"NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 11.05.2013 10:25:34 | Computer Name = christian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.05.2013 10:25:34 | Computer Name = christian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Hotspot Shield Service" ist vom Dienst "DHCP-Client" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.05.2013 10:25:34 | Computer Name = christian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.05.2013 10:25:34 | Computer Name = christian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst 
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 11.05.2013 10:25:34 | Computer Name = christian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.05.2013 10:25:34 | Computer Name = christian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.05.2013 10:25:34 | Computer Name = christian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 11.05.2013 10:25:36 | Computer Name = christian-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  CSC  DfsC  discache  HssDRV6  NetBIOS  NetBT  nsiproxy  Psched  rdbss  spldr  tdx  Wanarpv6  WfpLwf
 
Error - 14.05.2013 18:31:16 | Computer Name = christian-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         
Code:
ATTFilter
OTL logfile created on: 03.06.2013 00:02:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\christian\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 1,43 Gb Available Physical Memory | 48,55% Memory free
5,87 Gb Paging File | 3,68 Gb Available in Paging File | 62,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,95 Gb Total Space | 39,69 Gb Free Space | 27,01% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-PC | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\christian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
PRC - C:\Programme\Origin\Origin.exe (Electronic Arts)
PRC - C:\Programme\Sony\Sony PC Companion\PCCompanion.exe (Sony)
PRC - C:\Programme\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
PRC - C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Hotspot Shield\HssWPR\HssSrv.exe (AnchorFree Inc.)
PRC - C:\Programme\Hotspot Shield\bin\openvpntray.exe (AnchorFree Inc.)
PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.)
PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIINE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Windows\System32\escsvc.exe (Seiko Epson Corporation)
PRC - C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\CHRIST~1\AppData\Local\Temp\sfamcc00002.dll ()
MOD - C:\Users\CHRIST~1\AppData\Local\Temp\sfareca00002.dll ()
MOD - C:\Users\CHRIST~1\AppData\Local\Temp\sfamcc00001.dll ()
MOD - C:\Users\CHRIST~1\AppData\Local\Temp\sfareca00001.dll ()
MOD - C:\Programme\Steam\bin\chromehtml.dll ()
MOD - C:\Programme\Steam\SDL2.dll ()
MOD - C:\Programme\Steam\bin\libcef.dll ()
MOD - C:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
MOD - c:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
MOD - C:\Programme\Origin\tufao.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe ()
MOD - C:\Programme\Sony\Sony PC Companion\sqlite3.dll ()
MOD - C:\Programme\Steam\bin\avcodec-53.dll ()
MOD - C:\Programme\Steam\bin\avformat-53.dll ()
MOD - C:\Programme\Steam\bin\avutil-51.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\MExplorer.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\PhoneUpdate.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\TMonitorAPI.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\Report.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\VObject.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe ()
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\HssSrv.exe (AnchorFree Inc.)
SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.)
SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe ()
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (EpsonScanSvc) -- C:\Windows\System32\escsvc.exe (Seiko Epson Corporation)
SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (taphss6) -- C:\Windows\System32\drivers\taphss6.sys (Anchorfree Inc.)
DRV - (HssDRV6) -- C:\Windows\System32\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.)
DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (camfilt2) -- C:\Windows\System32\drivers\camfilt2.sys (Guillemot Corporation)
DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (EverestDriver) -- C:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.babylon.com/?affID=113480&tt=bandext_3312_6&babsrc=HP_ss&mntrId=b0e1c846000000000000001a9236e0af
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\christian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\christian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
 
[2012.08.24 00:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions
[2012.08.19 04:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\
CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.2.0.5\
CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.5_0\
CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkjoiggkbepedjmjjbhhecjiimlckcga\10.15.2.523_0\
CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\
CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Programme\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Reg Error: Value error.) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {213C8ED6-1D78-4D8F-8729-25006AA86A76} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKCU..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIINE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab (Battlefield Play4Free Updater)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F98AB5C-CD42-4622-B106-570EFF8C74A4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF60E1C4-E5FC-4153-A9FF-AF3B11BF6D9C}: DhcpNameServer = 8.8.8.8
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261249~1.132\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5a17eeea-ba72-11e2-97e7-001a9236e0af}\Shell - "" = AutoRun
O33 - MountPoints2\{5a17eeea-ba72-11e2-97e7-001a9236e0af}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O33 - MountPoints2\{95e676f3-d8a2-11e1-937a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{95e676f3-d8a2-11e1-937a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe
O33 - MountPoints2\{d27ce2ea-3e36-11e2-873e-001a9236e0af}\Shell - "" = AutoRun
O33 - MountPoints2\{d27ce2ea-3e36-11e2-873e-001a9236e0af}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.03 00:00:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2013.06.02 16:55:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.06.02 15:22:43 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013.06.02 15:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013.06.02 15:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2013.06.02 15:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2013.06.02 15:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2013.06.02 14:25:46 | 000,154,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2013.06.02 14:25:46 | 000,028,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2013.06.02 14:25:45 | 021,096,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013.06.02 14:25:45 | 009,053,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013.06.02 14:25:45 | 006,324,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013.06.02 14:25:45 | 000,214,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2013.06.02 14:25:45 | 000,181,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2013.06.02 14:25:44 | 007,682,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013.06.02 14:25:44 | 002,754,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013.06.02 14:25:44 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013.06.02 14:25:44 | 001,024,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3232018.dll
[2013.06.02 14:25:44 | 000,893,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3232018.dll
[2013.06.02 14:25:44 | 000,443,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2013.06.02 14:25:44 | 000,421,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2013.06.02 14:25:43 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013.06.02 14:06:35 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.06.02 13:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.06.02 13:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.06.02 13:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.06.01 23:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.06.01 23:03:56 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.06.01 23:03:56 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.06.01 23:03:53 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.06.01 23:03:52 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.06.01 23:03:52 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.06.01 23:03:46 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.06.01 23:03:44 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.06.01 23:03:12 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.06.01 23:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.06.01 23:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.05.30 16:21:17 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Battlefield 2
[2013.05.30 14:34:50 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.05.30 14:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013.05.25 19:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.05.25 19:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dream Chronicles 2 - The Eternal Maze
[2013.05.25 19:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Dream Chronicles 2 - The Eternal Maze
[2013.05.25 19:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2013.05.25 19:16:50 | 000,235,080 | ---- | C] (Big Fish Games) -- C:\Users\christian\Desktop\bigfishgames_p182285445_s2_l2.exe
[2013.05.22 21:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst
[2013.05.22 21:56:06 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\PlayFirst
[2013.05.22 21:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayFirst
[2013.05.22 21:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\PlayFirst
[2013.05.22 20:40:37 | 000,000,000 | R--D | C] -- C:\Users\christian\Desktop\Discworld 2 (CD DOS)
[2013.05.22 20:30:11 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\bewerbung
[2013.05.22 20:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScummVM
[2013.05.22 20:29:37 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\ScummVM
[2013.05.22 20:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\ScummVM
[2013.05.22 20:16:09 | 000,618,912 | ---- | C] (www.download-sponsor.de) -- C:\Users\christian\Desktop\Discworld.exe
[2013.05.22 16:23:29 | 000,079,256 | ---- | C] (OGPlanet) -- C:\Windows\System32\npOGPPlugin.dll
[2013.05.22 16:23:28 | 000,271,768 | ---- | C] (OGPlanet) -- C:\Windows\System32\OGPIEPlugin.ocx
[2013.05.22 16:23:27 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OGPlanet
[2013.05.22 16:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\OGPlanet
[2013.05.16 03:15:30 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.16 03:15:29 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 03:15:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.16 03:15:29 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 03:15:28 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 03:15:28 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 03:15:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.16 03:15:28 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.16 03:15:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.16 03:15:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.15 20:25:46 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.15 20:25:45 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.15 20:25:45 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.15 20:25:36 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.15 20:25:36 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.15 06:53:15 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\NVIDIA
[2013.05.15 00:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.05.15 00:31:05 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll
[2013.05.15 00:29:09 | 001,009,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2013.05.15 00:29:09 | 000,888,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll
[2013.05.15 00:28:47 | 013,403,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2013.05.15 00:28:45 | 000,925,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll
[2013.05.15 00:28:43 | 012,426,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2013.05.15 00:28:33 | 002,597,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2013.05.12 15:43:36 | 000,566,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe
[2013.05.11 22:27:03 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\LG Electronics
[2013.05.11 22:19:50 | 000,000,000 | ---D | C] -- C:\Temp
[2013.05.11 22:18:59 | 000,131,072 | ---- | C] (LG Electronics) -- C:\Users\christian\Documents\LGMobileDL.dll
[2013.05.11 22:18:57 | 000,172,032 | ---- | C] (LG Electronics) -- C:\Users\christian\Documents\LGPsLvDL.dll
[2013.05.11 22:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013.05.11 22:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite III
[2013.05.11 22:15:35 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\System32\NMSDVDXU.dll
[2013.05.11 22:15:35 | 000,630,784 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsflex8u.ocx
[2013.05.11 22:15:35 | 000,419,240 | ---- | C] (VideoSoft) -- C:\Windows\System32\Vsflex7L.ocx
[2013.05.11 22:15:35 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msflxgrd.ocx
[2013.05.11 22:15:31 | 000,000,000 | -H-D | C] -- C:\Users\christian\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2013.05.11 22:15:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LG Electronics
[2013.05.11 22:15:31 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\LG Electronics
[2013.05.11 22:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2013.05.11 19:18:23 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2013.05.11 19:18:22 | 000,877,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2013.05.11 18:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013.05.11 18:09:10 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3231422.dll
[2013.05.11 18:09:10 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3231422.dll
[2013.05.11 16:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.05.11 15:34:15 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Battlefield 3
[2013.05.11 15:33:06 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\ESN
[2013.05.11 15:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Battlelog Web Plugins
[2013.05.11 15:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2013.05.11 15:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2013.05.11 14:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2013.05.11 14:02:37 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\EAInstaller
[2013.05.11 12:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2013.05.11 12:59:16 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\Origin
[2013.05.11 12:57:51 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Origin
[2013.05.11 12:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.05.11 12:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013.05.11 12:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Origin
[2013.05.04 20:54:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2013.05.04 20:54:50 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\EA Games
[2013.05.04 20:29:12 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\christian\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\christian\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\christian\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\christian\AppData\Local\bass.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\christian\AppData\Roaming\*.tmp files -> C:\Users\christian\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.03 00:00:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2013.06.02 23:57:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-169190448-2637492132-308262306-1001UA.job
[2013.06.02 23:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.02 21:57:01 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-169190448-2637492132-308262306-1001Core.job
[2013.06.02 17:45:27 | 000,001,204 | ---- | M] () -- C:\Users\christian\Documents\virusfrage2.rtf
[2013.06.02 17:39:31 | 000,001,108 | ---- | M] () -- C:\Users\christian\Documents\virusfrage.rtf
[2013.06.02 15:22:43 | 000,000,965 | ---- | M] () -- C:\Users\christian\Desktop\SpeedFan.lnk
[2013.06.02 15:22:42 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2013.06.02 15:22:41 | 000,000,000 | ---- | M] () -- C:\Users\christian\Desktop\initdebug.nfo
[2013.06.02 15:15:14 | 000,001,072 | ---- | M] () -- C:\Users\christian\Desktop\EVEREST Home Edition.lnk
[2013.06.02 15:11:06 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.02 15:11:06 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.02 15:01:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.02 15:01:33 | 2364,399,616 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.02 14:06:35 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.06.02 13:58:14 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.06.02 13:56:09 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.02 13:56:09 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.02 13:56:09 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.02 13:56:09 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.01 23:03:57 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.06.01 23:03:46 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.05.30 14:15:00 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk
[2013.05.30 14:15:00 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[2013.05.26 13:59:40 | 000,139,424 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.05.26 13:59:15 | 000,282,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013.05.25 23:39:46 | 001,764,840 | ---- | M] () -- C:\Users\christian\Desktop\Installer_DC_TheChosenChild_DE.exe
[2013.05.25 19:20:51 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Spiel Dream Chronicles 2 - The Eternal Maze.lnk
[2013.05.25 19:20:51 | 000,001,280 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
[2013.05.25 19:19:54 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2013.05.25 19:19:54 | 000,000,225 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.url
[2013.05.25 19:17:17 | 000,235,080 | ---- | M] (Big Fish Games) -- C:\Users\christian\Desktop\bigfishgames_p182285445_s2_l2.exe
[2013.05.23 22:58:10 | 000,002,388 | ---- | M] () -- C:\Users\christian\Desktop\Google Chrome.lnk
[2013.05.23 00:40:11 | 000,282,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2013.05.22 21:56:06 | 000,001,102 | ---- | M] () -- C:\Users\christian\Desktop\PlayFirst.com.lnk
[2013.05.22 21:56:06 | 000,001,052 | ---- | M] () -- C:\Users\christian\Desktop\Dream Chronicles.lnk
[2013.05.22 20:57:02 | 623,922,266 | ---- | M] () -- C:\Users\christian\Desktop\Discworld 2.7z
[2013.05.22 20:40:17 | 722,797,309 | ---- | M] () -- C:\Users\christian\Desktop\Discworld 2 (CD DOS).zip
[2013.05.22 20:29:41 | 000,000,983 | ---- | M] () -- C:\Users\christian\Desktop\ScummVM.lnk
[2013.05.22 20:16:12 | 000,618,912 | ---- | M] (www.download-sponsor.de) -- C:\Users\christian\Desktop\Discworld.exe
[2013.05.22 16:30:32 | 000,001,125 | ---- | M] () -- C:\Users\christian\Desktop\Game Launcher.lnk
[2013.05.22 16:23:20 | 004,350,224 | ---- | M] () -- C:\Users\christian\Desktop\ogpdownload_ti.exe
[2013.05.16 03:40:00 | 000,294,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 01:54:23 | 000,001,305 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.05.15 00:50:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 00:50:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.12 23:37:58 | 021,096,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013.05.12 23:37:58 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013.05.12 23:37:58 | 013,403,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2013.05.12 23:37:58 | 012,426,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2013.05.12 23:37:58 | 009,053,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013.05.12 23:37:58 | 007,682,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013.05.12 23:37:58 | 006,324,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013.05.12 23:37:58 | 002,754,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013.05.12 23:37:58 | 002,597,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2013.05.12 23:37:58 | 002,002,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013.05.12 23:37:58 | 001,024,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3232018.dll
[2013.05.12 23:37:58 | 000,925,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll
[2013.05.12 23:37:58 | 000,893,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3232018.dll
[2013.05.12 23:37:58 | 000,443,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2013.05.12 23:37:58 | 000,421,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2013.05.12 23:37:58 | 000,214,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2013.05.12 23:37:58 | 000,181,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2013.05.12 23:37:58 | 000,015,885 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2013.05.12 21:58:09 | 004,188,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2013.05.12 21:58:09 | 003,045,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2013.05.12 21:58:06 | 002,555,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2013.05.12 21:58:06 | 000,223,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2013.05.12 21:58:06 | 000,062,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2013.05.12 15:43:36 | 000,566,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe
[2013.05.11 22:32:32 | 000,198,799 | ---- | M] () -- C:\Users\christian\Desktop\ich neu.jpg
[2013.05.11 22:30:19 | 000,165,600 | ---- | M] () -- C:\Users\christian\Documents\(00)04-07-10_0532.jpg
[2013.05.11 22:30:11 | 000,193,480 | ---- | M] () -- C:\Users\christian\Documents\IMG060.jpg
[2013.05.11 22:30:01 | 000,203,627 | ---- | M] () -- C:\Users\christian\Documents\IMG016.jpg
[2013.05.11 22:29:48 | 000,726,101 | ---- | M] () -- C:\Users\christian\Documents\IMG062.jpg
[2013.05.11 22:27:18 | 000,172,032 | ---- | M] (LG Electronics) -- C:\Users\christian\Documents\LGPsLvDL.dll
[2013.05.11 22:22:06 | 000,003,841 | ---- | M] () -- C:\Users\christian\Documents\Skizzen_0.png
[2013.05.11 22:22:01 | 000,004,251 | ---- | M] () -- C:\Users\christian\Documents\Skizzen_4.png
[2013.05.11 22:21:59 | 000,005,661 | ---- | M] () -- C:\Users\christian\Documents\Skizzen_6.png
[2013.05.11 22:21:39 | 000,022,008 | ---- | M] () -- C:\Users\christian\Documents\(00)04-07-10_0528.jpg
[2013.05.11 22:21:36 | 000,023,097 | ---- | M] () -- C:\Users\christian\Documents\(00)04-07-10_0527.jpg
[2013.05.11 22:21:28 | 000,185,872 | ---- | M] () -- C:\Users\christian\Documents\IMG017.jpg
[2013.05.11 22:21:23 | 000,184,205 | ---- | M] () -- C:\Users\christian\Documents\IMG018.jpg
[2013.05.11 22:21:06 | 000,202,362 | ---- | M] () -- C:\Users\christian\Documents\IMG298.jpg
[2013.05.11 22:21:02 | 000,089,081 | ---- | M] () -- C:\Users\christian\Documents\Img340057.jpg
[2013.05.11 22:20:55 | 000,180,606 | ---- | M] () -- C:\Users\christian\Documents\IMG065.jpg
[2013.05.11 22:20:06 | 000,004,899 | ---- | M] () -- C:\Users\christian\Documents\image_0003.jpg
[2013.05.11 22:20:03 | 000,005,741 | ---- | M] () -- C:\Users\christian\Documents\image_0009.jpg
[2013.05.11 22:20:00 | 000,004,774 | ---- | M] () -- C:\Users\christian\Documents\image_0008.jpg
[2013.05.11 22:19:57 | 000,004,866 | ---- | M] () -- C:\Users\christian\Documents\image_0006.jpg
[2013.05.11 22:19:50 | 000,005,022 | ---- | M] () -- C:\Users\christian\Documents\image_0010.jpg
[2013.05.11 22:15:46 | 000,001,212 | ---- | M] () -- C:\Users\christian\Desktop\LG PC Suite III.lnk
[2013.05.11 16:52:37 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2013.05.11 16:52:20 | 000,138,056 | ---- | M] () -- C:\Users\christian\AppData\Roaming\PnkBstrK.sys
[2013.05.11 16:46:54 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.05.09 10:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.09 10:59:10 | 000,061,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.05.09 10:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.05.09 06:32:35 | 003,165,737 | ---- | M] () -- C:\Windows\System32\nvcoproc.bin
[2013.05.04 21:14:00 | 000,000,712 | ---- | M] () -- C:\Users\christian\Desktop\Medal of Honor - Verknüpfung.lnk
[2013.05.04 14:11:29 | 000,840,264 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\christian\AppData\Roaming\*.tmp files -> C:\Users\christian\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.02 17:45:27 | 000,001,204 | ---- | C] () -- C:\Users\christian\Documents\virusfrage2.rtf
[2013.06.02 17:39:31 | 000,001,108 | ---- | C] () -- C:\Users\christian\Documents\virusfrage.rtf
[2013.06.02 15:22:43 | 000,000,965 | ---- | C] () -- C:\Users\christian\Desktop\SpeedFan.lnk
[2013.06.02 15:22:41 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2013.06.02 15:22:41 | 000,000,000 | ---- | C] () -- C:\Users\christian\Desktop\initdebug.nfo
[2013.06.02 15:15:14 | 000,001,072 | ---- | C] () -- C:\Users\christian\Desktop\EVEREST Home Edition.lnk
[2013.06.02 14:25:45 | 000,015,885 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2013.06.02 13:58:14 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.06.01 23:03:57 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.06.01 23:03:51 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.06.01 23:03:49 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.30 14:15:00 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk
[2013.05.30 14:15:00 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[2013.05.25 23:38:11 | 001,764,840 | ---- | C] () -- C:\Users\christian\Desktop\Installer_DC_TheChosenChild_DE.exe
[2013.05.25 19:20:51 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\Spiel Dream Chronicles 2 - The Eternal Maze.lnk
[2013.05.25 19:20:51 | 000,001,280 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
[2013.05.25 19:19:54 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2013.05.25 19:19:54 | 000,000,225 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.url
[2013.05.25 19:18:59 | 000,001,873 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2013.05.25 19:18:59 | 000,001,224 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Weitere fantastische Spiele.lnk
[2013.05.22 21:56:06 | 000,001,102 | ---- | C] () -- C:\Users\christian\Desktop\PlayFirst.com.lnk
[2013.05.22 21:56:06 | 000,001,052 | ---- | C] () -- C:\Users\christian\Desktop\Dream Chronicles.lnk
[2013.05.22 20:48:10 | 623,922,266 | ---- | C] () -- C:\Users\christian\Desktop\Discworld 2.7z
[2013.05.22 20:29:41 | 000,000,983 | ---- | C] () -- C:\Users\christian\Desktop\ScummVM.lnk
[2013.05.22 20:24:35 | 722,797,309 | ---- | C] () -- C:\Users\christian\Desktop\Discworld 2 (CD DOS).zip
[2013.05.22 16:23:27 | 000,001,125 | ---- | C] () -- C:\Users\christian\Desktop\Game Launcher.lnk
[2013.05.22 16:22:56 | 004,350,224 | ---- | C] () -- C:\Users\christian\Desktop\ogpdownload_ti.exe
[2013.05.15 01:54:23 | 000,001,305 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.05.15 00:10:56 | 003,165,737 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2013.05.11 22:30:56 | 000,198,799 | ---- | C] () -- C:\Users\christian\Desktop\ich neu.jpg
[2013.05.11 22:30:19 | 000,165,600 | ---- | C] () -- C:\Users\christian\Documents\(00)04-07-10_0532.jpg
[2013.05.11 22:30:10 | 000,193,480 | ---- | C] () -- C:\Users\christian\Documents\IMG060.jpg
[2013.05.11 22:30:01 | 000,203,627 | ---- | C] () -- C:\Users\christian\Documents\IMG016.jpg
[2013.05.11 22:29:46 | 000,726,101 | ---- | C] () -- C:\Users\christian\Documents\IMG062.jpg
[2013.05.11 22:22:06 | 000,003,841 | ---- | C] () -- C:\Users\christian\Documents\Skizzen_0.png
[2013.05.11 22:22:01 | 000,004,251 | ---- | C] () -- C:\Users\christian\Documents\Skizzen_4.png
[2013.05.11 22:21:58 | 000,005,661 | ---- | C] () -- C:\Users\christian\Documents\Skizzen_6.png
[2013.05.11 22:21:39 | 000,022,008 | ---- | C] () -- C:\Users\christian\Documents\(00)04-07-10_0528.jpg
[2013.05.11 22:21:36 | 000,023,097 | ---- | C] () -- C:\Users\christian\Documents\(00)04-07-10_0527.jpg
[2013.05.11 22:21:27 | 000,185,872 | ---- | C] () -- C:\Users\christian\Documents\IMG017.jpg
[2013.05.11 22:21:22 | 000,184,205 | ---- | C] () -- C:\Users\christian\Documents\IMG018.jpg
[2013.05.11 22:21:05 | 000,202,362 | ---- | C] () -- C:\Users\christian\Documents\IMG298.jpg
[2013.05.11 22:21:02 | 000,089,081 | ---- | C] () -- C:\Users\christian\Documents\Img340057.jpg
[2013.05.11 22:20:55 | 000,180,606 | ---- | C] () -- C:\Users\christian\Documents\IMG065.jpg
[2013.05.11 22:20:06 | 000,004,899 | ---- | C] () -- C:\Users\christian\Documents\image_0003.jpg
[2013.05.11 22:20:03 | 000,005,741 | ---- | C] () -- C:\Users\christian\Documents\image_0009.jpg
[2013.05.11 22:20:00 | 000,004,774 | ---- | C] () -- C:\Users\christian\Documents\image_0008.jpg
[2013.05.11 22:19:56 | 000,004,866 | ---- | C] () -- C:\Users\christian\Documents\image_0006.jpg
[2013.05.11 22:19:50 | 000,005,022 | ---- | C] () -- C:\Users\christian\Documents\image_0010.jpg
[2013.05.11 22:15:46 | 000,001,212 | ---- | C] () -- C:\Users\christian\Desktop\LG PC Suite III.lnk
[2013.05.11 16:52:37 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2013.05.11 16:46:54 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.05.04 21:14:00 | 000,000,712 | ---- | C] () -- C:\Users\christian\Desktop\Medal of Honor - Verknüpfung.lnk
[2013.05.04 20:48:27 | 002,601,752 | ---- | C] () -- C:\Windows\System32\pbsvc_moh.exe
[2013.05.04 14:13:26 | 000,139,424 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.05.04 14:12:48 | 000,282,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013.05.04 14:12:32 | 000,840,264 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2013.05.03 23:47:44 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.12.28 22:37:37 | 003,600,384 | ---- | C] () -- C:\Windows\ffmpeg.exe
[2012.12.28 22:37:24 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2012.12.28 22:37:22 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2012.12.28 22:37:22 | 000,015,478 | ---- | C] () -- C:\Windows\snpstd3.ini
[2012.12.24 18:53:08 | 000,003,584 | ---- | C] () -- C:\Users\christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.19 14:41:10 | 000,000,026 | ---- | C] () -- C:\Users\christian\AppData\Roaming\urhtps.dat
[2012.10.19 01:40:23 | 000,000,017 | ---- | C] () -- C:\Users\christian\AppData\Roaming\blckdom.res
[2012.08.29 01:48:39 | 083,023,306 | ---- | C] () -- C:\ProgramData\ism_0_llatsni.pad
[2012.08.04 01:17:35 | 000,138,056 | ---- | C] () -- C:\Users\christian\AppData\Roaming\PnkBstrK.sys
[2012.08.01 00:54:07 | 000,001,475 | ---- | C] () -- C:\Users\christian\AppData\Local\RecConfig.xml
[2012.07.30 13:15:28 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.07.30 13:14:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\christian\AppData\Local\lame_enc.dll
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\christian\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\christian\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\christian\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\christian\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\christian\AppData\Local\no23xwrapper.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2012.07.28 18:51:14 | 000,002,464 | ---- | M] ()(C:\Users\christian\Desktop\???????.lnk) -- C:\Users\christian\Desktop\淘米儿童浏览器.lnk
[2012.07.28 18:51:14 | 000,002,464 | ---- | C] ()(C:\Users\christian\Desktop\???????.lnk) -- C:\Users\christian\Desktop\淘米儿童浏览器.lnk
(C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???????) -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\淘米儿童浏览器
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 2216 bytes -> C:\Windows\System32\drivers\pzjjgnwk.sys:changelist
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:24FECE50

< End of report >
         


Alt 02.06.2013, 23:28   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



Zitat:
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum hast du eine Ultimate-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
__________________
--> Bundespolizei Virus eingefangen seitdem Pc laut

Alt 02.06.2013, 23:41   #7
starta
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



Nein keins von all dem. Habe das Windows geschenkt bekommen.

Alt 02.06.2013, 23:44   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.06.2013, 00:22   #9
starta
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



Ok hab ich.

Code:
ATTFilter
ComboFix 13-06-02.02 - christian 03.06.2013   1:00.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3006.1698 [GMT 2:00]
ausgeführt von:: c:\users\christian\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\kikin
c:\program files\kikin\default_settings.xml
c:\program files\kikin\file_list.txt
c:\program files\kikin\ie_kikin.dll
c:\program files\kikin\kikin.ico
c:\program files\kikin\kikin_updater_2.0.0.11.exe
c:\program files\kikin\KikinBroker.exe
c:\program files\kikin\KikinCrashReporter.exe
c:\program files\kikin\uninst.exe
c:\program files\smartdl
c:\program files\smartdl\cc
c:\program files\smartdl\gunzip.exe
c:\program files\smartdl\installid
c:\program files\smartdl\status-o
c:\program files\smartdl\status
c:\program files\smartdl\TorrentSearch.exe
c:\programdata\ism_0_llatsni.pad
c:\users\christian\AppData\Local\lame_enc.dll
c:\users\christian\AppData\Local\no23xwrapper.dll
c:\users\christian\AppData\Local\ogg.dll
c:\users\christian\AppData\Local\vorbis.dll
c:\users\christian\AppData\Local\vorbisenc.dll
c:\users\christian\AppData\Local\vorbisfile.dll
c:\users\christian\AppData\Roaming\AcroIEHelpe.txt
c:\users\christian\AppData\Roaming\kikin
c:\users\christian\AppData\Roaming\kikin\ff_kkes.xml
c:\users\christian\AppData\Roaming\kikin\ie_configuration.xml
c:\users\christian\AppData\Roaming\kikin\ie_kkes.xml
c:\users\christian\AppData\Roaming\kikin\ie_settings.xml
c:\users\christian\AppData\Roaming\srvblck5.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-05-02 bis 2013-06-02  ))))))))))))))))))))))))))))))
.
.
2013-06-02 13:22 . 2013-06-02 13:34	--------	d-----w-	c:\program files\SpeedFan
2013-06-02 13:16 . 2013-06-02 13:16	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F99287C-B8F3-4BD0-BB7A-65EAC7464E62}\offreg.dll
2013-06-02 13:15 . 2013-06-02 13:15	--------	d-----w-	c:\program files\Lavalys
2013-06-02 12:06 . 2013-06-02 12:06	12872	----a-w-	c:\windows\system32\bootdelete.exe
2013-06-02 11:58 . 2013-06-02 11:58	--------	d-----w-	c:\program files\HitmanPro
2013-06-02 11:57 . 2013-06-02 12:07	--------	d-----w-	c:\programdata\HitmanPro
2013-06-01 21:03 . 2013-05-09 08:59	368944	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-06-01 21:03 . 2013-05-09 08:59	29816	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2013-06-01 21:03 . 2013-05-09 08:59	61680	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-06-01 21:03 . 2013-05-09 08:59	765736	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-06-01 21:03 . 2013-05-09 08:59	56080	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2013-06-01 21:03 . 2013-05-09 08:59	174664	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-06-01 21:03 . 2013-05-09 08:59	49376	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-06-01 21:03 . 2013-05-09 08:59	66336	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-06-01 21:03 . 2013-05-09 08:58	229648	----a-w-	c:\windows\system32\aswBoot.exe
2013-06-01 21:03 . 2013-05-09 08:58	41664	----a-w-	c:\windows\avastSS.scr
2013-06-01 21:02 . 2013-06-01 21:02	--------	d-----w-	c:\program files\AVAST Software
2013-06-01 21:02 . 2013-06-01 21:02	--------	d-----w-	c:\programdata\AVAST Software
2013-06-01 16:39 . 2013-05-13 06:19	7016152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6F99287C-B8F3-4BD0-BB7A-65EAC7464E62}\mpengine.dll
2013-05-30 12:02 . 2013-05-30 12:02	--------	d-----w-	c:\program files\Common Files\InstallShield
2013-05-25 17:20 . 2013-05-25 17:20	--------	d-----w-	c:\program files\Dream Chronicles 2 - The Eternal Maze
2013-05-25 17:18 . 2013-05-25 17:18	--------	d-----w-	c:\program files\bfgclient
2013-05-22 19:56 . 2013-05-25 17:23	--------	d-----w-	c:\programdata\PlayFirst
2013-05-22 19:56 . 2013-05-25 17:23	--------	d-----w-	c:\users\christian\AppData\Roaming\PlayFirst
2013-05-22 19:55 . 2013-05-22 19:55	--------	d-----w-	c:\program files\PlayFirst
2013-05-22 18:29 . 2013-05-22 18:32	--------	d-----w-	c:\users\christian\AppData\Roaming\ScummVM
2013-05-22 18:29 . 2013-05-22 18:29	--------	d-----w-	c:\program files\ScummVM
2013-05-22 14:23 . 2009-11-19 00:33	79256	----a-w-	c:\windows\system32\npOGPPlugin.dll
2013-05-22 14:23 . 2009-11-19 00:33	271768	----a-w-	c:\windows\system32\OGPIEPlugin.ocx
2013-05-22 14:23 . 2013-05-22 14:23	--------	d-----w-	c:\program files\OGPlanet
2013-05-15 18:25 . 2013-03-19 04:53	186368	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-15 18:25 . 2013-03-19 03:33	40960	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-15 18:25 . 2013-04-10 05:18	728424	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 18:25 . 2013-04-10 05:18	218984	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 18:25 . 2013-04-10 03:14	2347520	----a-w-	c:\windows\system32\win32k.sys
2013-05-15 18:25 . 2013-02-27 05:05	101720	----a-w-	c:\windows\system32\consent.exe
2013-05-15 18:25 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\system32\authui.dll
2013-05-15 18:25 . 2013-02-27 04:49	47104	----a-w-	c:\windows\system32\appinfo.dll
2013-05-15 04:53 . 2013-06-01 16:31	--------	d-----w-	c:\users\christian\AppData\Local\NVIDIA
2013-05-14 22:31 . 2013-01-29 08:35	892704	----a-w-	c:\windows\system32\nvhdagenco3220103.dll
2013-05-14 22:29 . 2012-10-02 22:20	888168	----a-w-	c:\windows\system32\nvdispgenco32.dll
2013-05-14 22:29 . 2012-10-02 22:20	1009512	----a-w-	c:\windows\system32\nvdispco32.dll
2013-05-14 22:28 . 2013-05-12 21:37	13403168	----a-w-	c:\windows\system32\nvwgf2um.dll
2013-05-14 22:28 . 2013-05-12 21:37	925648	----a-w-	c:\windows\system32\nvumdshim.dll
2013-05-14 22:28 . 2013-05-12 21:37	12426216	----a-w-	c:\windows\system32\nvd3dum.dll
2013-05-14 22:28 . 2013-05-12 21:37	2597344	----a-w-	c:\windows\system32\nvapi.dll
2013-05-14 22:10 . 2013-05-09 04:32	3165737	----a-w-	c:\windows\system32\nvcoproc.bin
2013-05-12 13:43 . 2013-05-12 13:43	566048	----a-w-	c:\windows\system32\nvStreaming.exe
2013-05-11 20:19 . 2013-06-02 12:30	--------	d-----w-	C:\Temp
2013-05-11 20:17 . 2013-05-11 20:17	--------	d-----w-	c:\program files\MSXML 4.0
2013-05-11 20:15 . 2009-10-19 19:49	1164728	----a-w-	c:\windows\system32\NMSDVDXU.dll
2013-05-11 20:15 . 2009-05-22 11:26	630784	----a-w-	c:\windows\system32\vsflex8u.ocx
2013-05-11 20:15 . 2009-05-22 11:26	419240	----a-w-	c:\windows\system32\Vsflex7L.ocx
2013-05-11 20:15 . 2009-05-22 11:26	244416	----a-w-	c:\windows\system32\Msflxgrd.ocx
2013-05-11 20:15 . 2013-05-11 20:15	--------	d--h--w-	c:\users\christian\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
2013-05-11 20:15 . 2013-05-11 20:15	--------	d-----w-	c:\users\christian\AppData\Roaming\LG Electronics
2013-05-11 20:12 . 2013-05-11 20:26	--------	d-----w-	c:\program files\LG Electronics
2013-05-11 20:06 . 2009-08-27 23:39	851456	----a-r-	c:\users\christian\AppData\Roaming\Microsoft\Windows\Templates\F\tools\LGUSBModemDrivers_WHQL_ML_Ver_4.9.6_All.msi
2013-05-11 20:06 . 2009-08-25 02:46	24576	----a-r-	c:\users\christian\AppData\Roaming\Microsoft\Windows\Templates\F\SendScsiCmd.dll
2013-05-11 20:06 . 2009-05-12 06:46	212992	----a-r-	c:\users\christian\AppData\Roaming\Microsoft\Windows\Templates\F\tools\LGSetCDROMAutoRun.exe
2013-05-11 20:06 . 2008-12-17 02:14	32768	----a-r-	c:\users\christian\AppData\Roaming\Microsoft\Windows\Templates\F\LGPsLvDlChk.dll
2013-05-11 17:18 . 2011-10-15 08:53	61248	----a-w-	c:\windows\system32\OpenCL.dll
2013-05-11 17:18 . 2011-10-15 08:53	877376	----a-w-	c:\windows\system32\nvgenco32.dll
2013-05-11 16:13 . 2013-05-11 16:13	--------	d-----w-	c:\program files\AGEIA Technologies
2013-05-11 16:09 . 2013-03-15 05:46	892704	----a-w-	c:\windows\system32\nvdispgenco3231422.dll
2013-05-11 16:09 . 2013-03-15 05:46	1012512	----a-w-	c:\windows\system32\nvdispco3231422.dll
2013-05-11 13:33 . 2013-05-11 13:33	--------	d-----w-	c:\users\christian\AppData\Local\ESN
2013-05-11 13:33 . 2013-05-14 22:39	--------	d-----w-	c:\program files\Battlelog Web Plugins
2013-05-11 13:30 . 2013-05-11 13:30	--------	d-----w-	c:\programdata\EA Core
2013-05-11 13:29 . 2013-05-11 15:06	--------	d-----w-	c:\programdata\EA Logs
2013-05-11 12:02 . 2013-05-11 12:02	--------	d--h--w-	c:\program files\Common Files\EAInstaller
2013-05-11 10:59 . 2013-05-11 11:04	--------	d-----w-	c:\program files\Origin Games
2013-05-11 10:59 . 2013-05-11 13:29	--------	d-----w-	c:\users\christian\AppData\Local\Origin
2013-05-11 10:57 . 2013-05-11 14:48	--------	d-----w-	c:\users\christian\AppData\Roaming\Origin
2013-05-11 10:57 . 2013-05-11 13:30	--------	d-----w-	c:\programdata\Electronic Arts
2013-05-11 10:57 . 2013-05-11 11:04	--------	d-----w-	c:\programdata\Origin
2013-05-11 10:57 . 2013-05-11 14:47	--------	d-----w-	c:\program files\Origin
2013-05-04 18:54 . 2013-05-04 18:54	--------	d-sh--w-	c:\programdata\DSS
2013-05-04 18:48 . 2010-09-17 04:03	2601752	----a-w-	c:\windows\system32\pbsvc_moh.exe
2013-05-04 18:29 . 2013-05-04 18:29	--------	d-----w-	c:\program files\Electronic Arts
2013-05-04 12:13 . 2013-05-26 11:59	139424	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2013-05-04 12:12 . 2013-05-26 11:59	282104	----a-w-	c:\windows\system32\PnkBstrB.exe
2013-05-04 12:12 . 2013-05-04 12:11	840264	----a-w-	c:\windows\system32\pbsvc.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-26 11:59 . 2012-08-04 00:32	282104	----a-w-	c:\windows\system32\PnkBstrB.xtr
2013-05-22 22:40 . 2012-08-03 23:17	282104	----a-w-	c:\windows\system32\PnkBstrB.ex0
2013-05-14 22:50 . 2012-07-28 14:12	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 22:50 . 2012-07-28 14:12	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-05-12 19:58 . 2012-07-29 11:43	3045664	----a-w-	c:\windows\system32\nvsvc.dll
2013-05-12 19:58 . 2012-07-29 11:43	4188960	----a-w-	c:\windows\system32\nvcpl.dll
2013-05-12 19:58 . 2012-07-29 11:43	640288	----a-w-	c:\windows\system32\nvvsvc.exe
2013-05-12 19:58 . 2012-11-19 02:06	62752	----a-w-	c:\windows\system32\nvshext.dll
2013-05-12 19:58 . 2012-07-29 11:43	2555168	----a-w-	c:\windows\system32\nvsvcr.dll
2013-05-12 19:58 . 2012-07-29 11:43	223008	----a-w-	c:\windows\system32\nvmctray.dll
2013-05-11 20:56 . 2013-05-03 21:47	76888	----a-w-	c:\windows\system32\PnkBstrA.exe
2013-05-11 14:52 . 2012-08-03 23:17	138056	----a-w-	c:\users\christian\AppData\Roaming\PnkBstrK.sys
2013-05-02 00:06 . 2012-07-28 13:48	238872	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-15 18:25	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 18:25	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-23 20:41	1211752	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-05 22:25 . 2012-07-28 14:22	444952	----a-w-	c:\windows\system32\wrap_oal.dll
2013-04-05 22:25 . 2012-07-28 14:22	109080	----a-w-	c:\windows\system32\OpenAL32.dll
2013-04-04 12:50 . 2012-08-29 00:38	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-04-02 01:06 . 2013-04-02 01:06	745472	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-02 01:06 . 2013-04-02 01:06	185344	----a-w-	c:\windows\system32\elshyph.dll
2013-04-02 01:06 . 2013-04-02 01:06	523264	----a-w-	c:\windows\system32\vbscript.dll
2013-04-02 01:06 . 2013-04-02 01:06	158720	----a-w-	c:\windows\system32\msls31.dll
2013-04-02 01:06 . 2013-04-02 01:06	150528	----a-w-	c:\windows\system32\iexpress.exe
2013-04-02 01:06 . 2013-04-02 01:06	138752	----a-w-	c:\windows\system32\wextract.exe
2013-04-02 01:06 . 2013-04-02 01:06	38400	----a-w-	c:\windows\system32\imgutil.dll
2013-04-02 01:06 . 2013-04-02 01:06	137216	----a-w-	c:\windows\system32\ieUnatt.exe
2013-04-02 01:06 . 2013-04-02 01:06	12800	----a-w-	c:\windows\system32\mshta.exe
2013-04-02 01:06 . 2013-04-02 01:06	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-04-02 01:06 . 2013-04-02 01:06	73728	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-04-02 01:06 . 2013-04-02 01:06	719360	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-04-02 01:06 . 2013-04-02 01:06	61952	----a-w-	c:\windows\system32\tdc.ocx
2013-04-02 01:06 . 2013-04-02 01:06	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-04-02 01:06 . 2013-04-02 01:06	361984	----a-w-	c:\windows\system32\html.iec
2013-04-02 01:06 . 2013-04-02 01:06	23040	----a-w-	c:\windows\system32\licmgr10.dll
2013-04-02 01:06 . 2013-04-02 01:06	1441280	----a-w-	c:\windows\system32\inetcpl.cpl
2013-04-02 01:05 . 2013-04-02 01:05	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-02 01:05 . 2013-04-02 01:05	906240	----a-w-	c:\windows\system32\FntCache.dll
2013-04-02 01:05 . 2013-04-02 01:05	604160	----a-w-	c:\windows\system32\d3d10level9.dll
2013-04-02 01:05 . 2013-04-02 01:05	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-02 01:05 . 2013-04-02 01:05	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-02 01:05 . 2013-04-02 01:05	417792	----a-w-	c:\windows\system32\WMPhoto.dll
2013-04-02 01:05 . 2013-04-02 01:05	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-02 01:05 . 2013-04-02 01:05	364544	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-04-02 01:05 . 2013-04-02 01:05	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-02 01:05 . 2013-04-02 01:05	3419136	----a-w-	c:\windows\system32\d2d1.dll
2013-04-02 01:05 . 2013-04-02 01:05	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-02 01:05 . 2013-04-02 01:05	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-02 01:05 . 2013-04-02 01:05	293376	----a-w-	c:\windows\system32\dxgi.dll
2013-04-02 01:05 . 2013-04-02 01:05	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-02 01:05 . 2013-04-02 01:05	249856	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-04-02 01:05 . 2013-04-02 01:05	2284544	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-04-02 01:05 . 2013-04-02 01:05	220160	----a-w-	c:\windows\system32\d3d10core.dll
2013-04-02 01:05 . 2013-04-02 01:05	207872	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-04-02 01:05 . 2013-04-02 01:05	1988096	----a-w-	c:\windows\system32\d3d10warp.dll
2013-04-02 01:05 . 2013-04-02 01:05	187392	----a-w-	c:\windows\system32\UIAnimation.dll
2013-04-02 01:05 . 2013-04-02 01:05	161792	----a-w-	c:\windows\system32\d3d10_1.dll
2013-04-02 01:05 . 2013-04-02 01:05	1504768	----a-w-	c:\windows\system32\d3d11.dll
2013-04-02 01:05 . 2013-04-02 01:05	1247744	----a-w-	c:\windows\system32\DWrite.dll
2013-04-02 01:05 . 2013-04-02 01:05	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-04-02 01:05 . 2013-04-02 01:05	1158144	----a-w-	c:\windows\system32\XpsPrint.dll
2013-04-02 01:05 . 2013-04-02 01:05	1080832	----a-w-	c:\windows\system32\d3d10.dll
2013-04-02 01:05 . 2013-04-02 01:05	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-20 02:09 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
2013-03-19 05:04 . 2013-04-10 12:56	3968856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 12:56	3913560	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 12:56	38912	----a-w-	c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 12:56	69632	----a-w-	c:\windows\system32\smss.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5786d022-540e-4699-b350-b4be0ae94b79}"= "c:\program files\Ashampoo_DE\prxtbAsha.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{5786d022-540e-4699-b350-b4be0ae94b79}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}]
2011-12-28 12:21	128064	----a-w-	c:\program files\icq\Internet Explorer\icq.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{5786d022-540e-4699-b350-b4be0ae94b79}]
2011-05-09 09:49	176936	----a-w-	c:\program files\Ashampoo_DE\prxtbAsha.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{5786d022-540e-4699-b350-b4be0ae94b79}"= "c:\program files\Ashampoo_DE\prxtbAsha.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{5786d022-540e-4699-b350-b4be0ae94b79}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	121968	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2013-05-03 1635752]
"ICQ"="c:\program files\ICQ7M\ICQ.exe" [2012-08-11 127040]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2013-03-18 448736]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIINE.EXE" [2012-02-29 249440]
"EADM"="c:\program files\Origin\Origin.exe" [2013-03-21 3497552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-20 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BROWSE~1\261249~1.132\{16CDF~1\browsemngr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^Users^christian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
path=c:\users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
backupExtension=.Startup
.
R2 ICQ Service;ICQ Service;c:\progra~1\ICQ6TO~1\ICQSER~1.EXE [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 camfilt2;camfilt2;c:\windows\system32\DRIVERS\camfilt2.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Browser Manager;Browser Manager;c:\programdata\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [x]
S2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - EVERESTDRIVER
*NewlyCreated* - GIVEIO
*NewlyCreated* - SPEEDFAN
*Deregistered* - avgtp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 22:50]
.
2013-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-169190448-2637492132-308262306-1001Core.job
- c:\users\christian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-12 21:30]
.
2013-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-169190448-2637492132-308262306-1001UA.job
- c:\users\christian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-12 21:30]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files\ICQ7M\ICQ.exe
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
WebBrowser-{213C8ED6-1D78-4D8F-8729-25006AA86A76} - (no file)
MSConfigStartUp-Guard.Mail.ru - c:\program files\Guard-ICQ\GuardICQ.exe
MSConfigStartUp-Media Finder - c:\program files\Media Finder\Media Finder.exe
AddRemove-kikin Plugin (NO23 Edition) - c:\program files\kikin\uninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-03  01:12:17
ComboFix-quarantined-files.txt  2013-06-02 23:12
.
Vor Suchlauf: 10 Verzeichnis(se), 43.793.010.688 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 43.628.687.360 Bytes frei
.
- - End Of File - - 2DE2269CCBC52D388DE0A3CB3931E9F7
         

Alt 03.06.2013, 09:31   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.06.2013, 13:00   #11
starta
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



Logfile von GMER

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-03 13:25:36
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 WDC_WD1600JS-00NCB1 rev.10.02E02 149,05GB
Running: 6jc3pzdk.exe; Driver: C:\Users\CHRIST~1\AppData\Local\Temp\kglyiuod.sys


---- System - GMER 2.1 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwAddBootEntry [0x90A7F644]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS                                                                                              ZwAllocateVirtualMemory [0x91828668]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwAssignProcessToJobObject [0x90A800D6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwCreateEvent [0x90A8B89A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwCreateEventPair [0x90A8B8E6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwCreateIoCompletion [0x90A8BA80]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwCreateMutant [0x90A8B808]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS                                                                                              ZwCreateSection [0x91828A00]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwCreateSemaphore [0x90A8B850]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwCreateThread [0x90A805D4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwCreateThreadEx [0x90A807F0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwCreateTimer [0x90A8BA3A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwDebugActiveProcess [0x90A80E8C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwDeleteBootEntry [0x90A7F6AA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwDuplicateObject [0x90A846AC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS                                                                                              ZwFreeVirtualMemory [0x91828730]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS                                                                                              ZwLoadDriver [0x91826C80]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwModifyBootEntry [0x90A7F710]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwNotifyChangeKey [0x90A84A76]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwNotifyChangeMultipleKeys [0x90A8191C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwOpenEvent [0x90A8B8C4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwOpenEventPair [0x90A8B908]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwOpenIoCompletion [0x90A8BAA4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwOpenMutant [0x90A8B82E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwOpenProcess [0x90A83F92]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwOpenSection [0x90A8B9B8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwOpenSemaphore [0x90A8B878]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwOpenThread [0x90A84384]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwOpenTimer [0x90A8BA5E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS                                                                                              ZwProtectVirtualMemory [0x91828890]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwQueryObject [0x90A817E8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwQueueApcThreadEx [0x90A814F6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwSetBootEntryOrder [0x90A7F776]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwSetBootOptions [0x90A7F7DC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwSetContextThread [0x90A80D06]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwSetSystemInformation [0x90A7F32C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwSetSystemPowerState [0x90A7F502]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwShutdownSystem [0x90A7F490]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwSuspendProcess [0x90A81056]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwSuspendThread [0x90A811B8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwSystemDebugControl [0x90A7F58A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS                                                                                              ZwTerminateProcess [0x91828958]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwTerminateThread [0x90A80CE6]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS                                                                                              ZwUnloadDriver [0x91826CB0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS                                                                                             ZwVdmControl [0x90A7F842]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS                                                                                              ZwWriteVirtualMemory [0x918287DC]

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                            82C8BA09 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                              82CC51F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                                                 82CCC220 4 Bytes  [44, F6, A7, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                                                 82CCC248 4 Bytes  [68, 86, 82, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                                                 82CCC2A8 4 Bytes  [D6, 00, A8, 90]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                                                 82CCC2FC 8 Bytes  [9A, B8, A8, 90, E6, B8, A8, ...] {CALL FAR 0xa8b8:0xe690a8b8; NOP }
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                                                 82CCC308 4 Bytes  [80, BA, A8, 90]
.text           ...                                                                                                                                 
PAGE            ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108                                                                                         82E874DF 4 Bytes  CALL 90A81FDF \SystemRoot\System32\Drivers\aswSnx.SYS
PAGE            ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122                                                                                        82EA1333 4 Bytes  CALL 90A81FF5 \SystemRoot\System32\Drivers\aswSnx.SYS

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE[336] kernel32.dll!GetBinaryTypeW + 70                                   76E769F4 1 Byte  [62]
.text           C:\Windows\system32\csrss.exe[432] kernel32.dll!GetBinaryTypeW + 70                                                                 76E769F4 1 Byte  [62]
.text           C:\Windows\system32\svchost.exe[444] kernel32.dll!GetBinaryTypeW + 70                                                               76E769F4 1 Byte  [62]
.text           C:\Windows\system32\wininit.exe[492] kernel32.dll!GetBinaryTypeW + 70                                                               76E769F4 1 Byte  [62]
.text           C:\Windows\system32\csrss.exe[504] kernel32.dll!GetBinaryTypeW + 70                                                                 76E769F4 1 Byte  [62]
.text           ...                                                                                                                                 
.text           C:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe[2868] USER32.dll!DialogBoxParamW  75AA3B9B 5 Bytes  JMP 6BA64720 C:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
.text           C:\Program Files\Windows Media Player\wmpnetwk.exe[2976] kernel32.dll!GetBinaryTypeW + 70                                           76E769F4 1 Byte  [62]
.text           C:\Windows\system32\SearchIndexer.exe[3032] kernel32.dll!GetBinaryTypeW + 70                                                        76E769F4 1 Byte  [62]
.text           C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe[3120] kernel32.dll!GetBinaryTypeW + 70                                  76E769F4 1 Byte  [62]
.text           C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe[3132] kernel32.dll!GetBinaryTypeW + 70                        76E769F4 1 Byte  [62]
.text           C:\Windows\system32\wbem\wmiprvse.exe[3316] kernel32.dll!GetBinaryTypeW + 70                                                        76E769F4 1 Byte  [62]
.text           ...                                                                                                                                 
.text           C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[4092] USER32.dll!RegisterMessagePumpHook + 2F1                              75A88B9E 7 Bytes  JMP 10053C10 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text           C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[4092] USER32.dll!PostMessageW + 43A                                         75A948B5 7 Bytes  JMP 10053AC0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text           C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[4092] USER32.dll!SetDlgItemTextA + 25                                       75AA709F 7 Bytes  JMP 10053BF0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text           C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[4092] USER32.dll!MessageBoxIndirectA + F5                                   75ADE95E 7 Bytes  JMP 10053C60 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text           C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[4092] USER32.dll!MessageBoxIndirectW + 61                                   75ADE9C4 7 Bytes  JMP 10053D30 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text           C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[4092] USER32.dll!MessageBoxExA + 1F                                         75ADE9E8 7 Bytes  JMP 10053CE0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text           C:\Windows\system32\SearchProtocolHost.exe[4472] kernel32.dll!GetBinaryTypeW + 70                                                   76E769F4 1 Byte  [62]
.text           C:\Windows\system32\taskeng.exe[5588] kernel32.dll!GetBinaryTypeW + 70                                                              76E769F4 1 Byte  [62]
.text           C:\Windows\system32\SearchFilterHost.exe[5708] kernel32.dll!GetBinaryTypeW + 70                                                     76E769F4 1 Byte  [62]
.text           C:\Windows\system32\sppsvc.exe[5772] kernel32.dll!GetBinaryTypeW + 70                                                               76E769F4 1 Byte  [62]

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                             aswTdi.SYS
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                             aswTdi.SYS

---- EOF - GMER 2.1 ----
         
Logfiles von MBAR

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.03.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
christian :: CHRISTIAN-PC [administrator]

03.06.2013 13:34:15
mbar-log-2013-06-03 (13-34-15).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 234904
Time elapsed: 10 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\CLASSES\linkd.AIEbho (Trojan.Banker) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\linkd.AIEbho.1 (Trojan.Banker) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.03.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
christian :: CHRISTIAN-PC [administrator]

03.06.2013 13:46:30
mbar-log-2013-06-03 (13-46-30).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 235052
Time elapsed: 9 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 03.06.2013, 14:46   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.06.2013, 16:48   #13
starta
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



aswMBR Log

Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-03 17:17:40
-----------------------------
17:17:40.128    OS Version: Windows 6.1.7601 Service Pack 1
17:17:40.128    Number of processors: 2 586 0xF02
17:17:40.143    ComputerName: CHRISTIAN-PC  UserName: christian
17:17:40.955    Initialize success
17:17:41.033    AVAST engine defs: 13060301
17:17:44.355    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2
17:17:44.355    Disk 0 Vendor: WDC_WD1600JS-00NCB1 10.02E02 Size: 152627MB BusType: 3
17:17:44.496    Disk 0 MBR read successfully
17:17:44.496    Disk 0 MBR scan
17:17:44.496    Disk 0 Windows 7 default MBR code
17:17:44.511    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:17:44.527    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       150480 MB offset 206848
17:17:44.527    Disk 0 Partition - 00     05     Extended              2045 MB offset 308391934
17:17:44.558    Disk 0 Partition 3 00     82   Linux swap              2045 MB offset 308391936
17:17:44.558    Disk 0 scanning sectors +312580096
17:17:44.636    Disk 0 scanning C:\Windows\system32\drivers
17:18:03.216    Service scanning
17:18:24.666    Modules scanning
17:18:35.524    Disk 0 trace - called modules:
17:18:35.539    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS viaide.sys PCIIDEX.SYS atapi.sys 
17:18:35.555    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8653c030]
17:18:35.555    3 CLASSPNP.SYS[8b5af59e] -> nt!IofCallDriver -> [0x8641f918]
17:18:35.570    5 ACPI.sys[8b09e3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-2[0x86454908]
17:18:35.992    AVAST engine scan C:\Windows
17:18:41.155    AVAST engine scan C:\Windows\system32
17:21:47.513    AVAST engine scan C:\Windows\system32\drivers
17:21:58.449    AVAST engine scan C:\Users\christian
17:31:01.127    File: C:\Users\christian\Downloads\Satrackz & ScReamOut - Ich werde Dich nie vergessen ft. Sestah & Maike - [Mp3Bear.com].exe  **INFECTED** Win32:Downloader-TBH [Adw]
17:31:23.872    AVAST engine scan C:\ProgramData
17:32:09.798    Scan finished successfully
17:32:58.923    Disk 0 MBR has been saved successfully to "C:\Users\christian\Desktop\MBR.dat"
17:32:58.923    The log file has been saved successfully to "C:\Users\christian\Desktop\aswMBR.txt"
         

TDSS-Killer Log

Code:
ATTFilter
17:36:16.0600 5692  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:36:16.0849 5692  ============================================================
17:36:16.0849 5692  Current date / time: 2013/06/03 17:36:16.0849
17:36:16.0849 5692  SystemInfo:
17:36:16.0849 5692  
17:36:16.0849 5692  OS Version: 6.1.7601 ServicePack: 1.0
17:36:16.0849 5692  Product type: Workstation
17:36:16.0849 5692  ComputerName: CHRISTIAN-PC
17:36:16.0849 5692  UserName: christian
17:36:16.0849 5692  Windows directory: C:\Windows
17:36:16.0849 5692  System windows directory: C:\Windows
17:36:16.0849 5692  Processor architecture: Intel x86
17:36:16.0849 5692  Number of processors: 2
17:36:16.0849 5692  Page size: 0x1000
17:36:16.0849 5692  Boot type: Normal boot
17:36:16.0849 5692  ============================================================
17:36:17.0910 5692  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
17:36:17.0910 5692  ============================================================
17:36:17.0910 5692  \Device\Harddisk0\DR0:
17:36:17.0910 5692  MBR partitions:
17:36:17.0910 5692  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:36:17.0910 5692  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x125E8000
17:36:17.0941 5692  ============================================================
17:36:18.0097 5692  C: <-> \Device\Harddisk0\DR0\Partition2
17:36:18.0097 5692  ============================================================
17:36:18.0097 5692  Initialize success
17:36:18.0097 5692  ============================================================
17:37:31.0952 3276  ============================================================
17:37:31.0952 3276  Scan started
17:37:31.0952 3276  Mode: Manual; SigCheck; TDLFS; 
17:37:31.0952 3276  ============================================================
17:37:32.0685 3276  ================ Scan system memory ========================
17:37:32.0685 3276  System memory - ok
17:37:32.0685 3276  ================ Scan services =============================
17:37:32.0919 3276  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
17:37:33.0059 3276  1394ohci - ok
17:37:33.0153 3276  [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
17:37:33.0215 3276  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
17:37:33.0262 3276  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
17:37:33.0293 3276  ACPI - ok
17:37:33.0325 3276  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
17:37:33.0371 3276  AcpiPmi - ok
17:37:33.0449 3276  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:37:33.0481 3276  AdobeARMservice - ok
17:37:33.0527 3276  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:37:33.0559 3276  AdobeFlashPlayerUpdateSvc - ok
17:37:33.0605 3276  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:37:33.0637 3276  adp94xx - ok
17:37:33.0668 3276  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:37:33.0683 3276  adpahci - ok
17:37:33.0699 3276  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:37:33.0715 3276  adpu320 - ok
17:37:33.0746 3276  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:37:33.0808 3276  AeLookupSvc - ok
17:37:33.0855 3276  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
17:37:33.0917 3276  AFD - ok
17:37:33.0980 3276  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
17:37:34.0011 3276  agp440 - ok
17:37:34.0027 3276  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
17:37:34.0042 3276  aic78xx - ok
17:37:34.0058 3276  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
17:37:34.0136 3276  ALG - ok
17:37:34.0167 3276  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:37:34.0183 3276  aliide - ok
17:37:34.0198 3276  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:37:34.0214 3276  amdagp - ok
17:37:34.0229 3276  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
17:37:34.0229 3276  amdide - ok
17:37:34.0261 3276  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:37:34.0307 3276  AmdK8 - ok
17:37:34.0339 3276  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:37:34.0385 3276  AmdPPM - ok
17:37:34.0448 3276  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:37:34.0463 3276  amdsata - ok
17:37:34.0495 3276  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:37:34.0510 3276  amdsbs - ok
17:37:34.0526 3276  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:37:34.0541 3276  amdxata - ok
17:37:34.0588 3276  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
17:37:34.0775 3276  AppID - ok
17:37:34.0838 3276  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:37:34.0900 3276  AppIDSvc - ok
17:37:34.0947 3276  [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo         C:\Windows\System32\appinfo.dll
17:37:35.0009 3276  Appinfo - ok
17:37:35.0025 3276  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
17:37:35.0087 3276  AppMgmt - ok
17:37:35.0119 3276  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:37:35.0134 3276  arc - ok
17:37:35.0150 3276  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:37:35.0165 3276  arcsas - ok
17:37:35.0275 3276  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
17:37:35.0306 3276  aspnet_state - ok
17:37:35.0353 3276  [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
17:37:35.0384 3276  aswFsBlk - ok
17:37:35.0431 3276  [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
17:37:35.0446 3276  aswMonFlt - ok
17:37:35.0462 3276  [ FFE9A993B3EC2908FECB1DF2C39148BB ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
17:37:35.0477 3276  aswRdr - ok
17:37:35.0540 3276  [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
17:37:35.0555 3276  aswRvrt - ok
17:37:35.0587 3276  [ 6CAB0A5991C5C0FC63F5E66593E71D7E ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
17:37:35.0649 3276  aswSnx - ok
17:37:35.0680 3276  [ 99102F60F344BEBAF4F6114514FD28D3 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
17:37:35.0696 3276  aswSP - ok
17:37:35.0727 3276  [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
17:37:35.0743 3276  aswTdi - ok
17:37:35.0805 3276  [ 16B8E3CD50A460EC32CA680C8210A0A9 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
17:37:35.0821 3276  aswVmm - ok
17:37:35.0836 3276  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:37:35.0883 3276  AsyncMac - ok
17:37:35.0930 3276  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
17:37:35.0945 3276  atapi - ok
17:37:35.0992 3276  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:37:36.0070 3276  AudioEndpointBuilder - ok
17:37:36.0101 3276  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:37:36.0133 3276  Audiosrv - ok
17:37:36.0211 3276  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
17:37:36.0226 3276  avast! Antivirus - ok
17:37:36.0273 3276  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:37:36.0367 3276  AxInstSV - ok
17:37:36.0398 3276  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
17:37:36.0476 3276  b06bdrv - ok
17:37:36.0507 3276  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
17:37:36.0538 3276  b57nd60x - ok
17:37:36.0585 3276  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:37:36.0632 3276  BDESVC - ok
17:37:36.0647 3276  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:37:36.0694 3276  Beep - ok
17:37:36.0757 3276  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
17:37:36.0803 3276  BFE - ok
17:37:36.0866 3276  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\system32\qmgr.dll
17:37:36.0928 3276  BITS - ok
17:37:36.0944 3276  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:37:36.0991 3276  blbdrive - ok
17:37:37.0037 3276  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:37:37.0100 3276  bowser - ok
17:37:37.0115 3276  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:37:37.0178 3276  BrFiltLo - ok
17:37:37.0193 3276  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:37:37.0225 3276  BrFiltUp - ok
17:37:37.0240 3276  [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
17:37:37.0287 3276  BridgeMP - ok
17:37:37.0334 3276  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
17:37:37.0381 3276  Browser - ok
17:37:37.0552 3276  [ D9C8DC2D7EC28E3FF25C99EF17C8631A ] Browser Manager C:\ProgramData\Browser Manager\2.6.1249.132\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
17:37:37.0677 3276  Browser Manager - ok
17:37:37.0708 3276  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:37:37.0771 3276  Brserid - ok
17:37:37.0786 3276  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:37:37.0817 3276  BrSerWdm - ok
17:37:37.0849 3276  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:37:37.0880 3276  BrUsbMdm - ok
17:37:37.0895 3276  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:37:37.0942 3276  BrUsbSer - ok
17:37:37.0942 3276  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:37:37.0973 3276  BTHMODEM - ok
17:37:38.0020 3276  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
17:37:38.0067 3276  bthserv - ok
17:37:38.0098 3276  [ 088C0978203D59425A12B2A53FCCD02B ] camfilt2        C:\Windows\system32\DRIVERS\camfilt2.sys
17:37:38.0129 3276  camfilt2 - ok
17:37:38.0239 3276  catchme - ok
17:37:38.0270 3276  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:37:38.0317 3276  cdfs - ok
17:37:38.0379 3276  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:37:38.0410 3276  cdrom - ok
17:37:38.0457 3276  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:37:38.0504 3276  CertPropSvc - ok
17:37:38.0535 3276  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:37:38.0551 3276  circlass - ok
17:37:38.0597 3276  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
17:37:38.0613 3276  CLFS - ok
17:37:38.0675 3276  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:37:38.0691 3276  clr_optimization_v2.0.50727_32 - ok
17:37:38.0753 3276  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:37:38.0785 3276  clr_optimization_v4.0.30319_32 - ok
17:37:38.0800 3276  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:37:38.0816 3276  CmBatt - ok
17:37:38.0847 3276  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:37:38.0863 3276  cmdide - ok
17:37:38.0894 3276  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
17:37:38.0925 3276  CNG - ok
17:37:38.0956 3276  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:37:38.0972 3276  Compbatt - ok
17:37:39.0003 3276  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
17:37:39.0050 3276  CompositeBus - ok
17:37:39.0065 3276  COMSysApp - ok
17:37:39.0097 3276  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:37:39.0112 3276  crcdisk - ok
17:37:39.0159 3276  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:37:39.0206 3276  CryptSvc - ok
17:37:39.0253 3276  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
17:37:39.0315 3276  CSC - ok
17:37:39.0362 3276  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
17:37:39.0409 3276  CscService - ok
17:37:39.0440 3276  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:37:39.0502 3276  DcomLaunch - ok
17:37:39.0549 3276  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
17:37:39.0596 3276  defragsvc - ok
17:37:39.0627 3276  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:37:39.0674 3276  DfsC - ok
17:37:39.0736 3276  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:37:39.0799 3276  Dhcp - ok
17:37:39.0814 3276  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
17:37:39.0877 3276  discache - ok
17:37:39.0923 3276  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:37:39.0939 3276  Disk - ok
17:37:39.0970 3276  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:37:40.0017 3276  Dnscache - ok
17:37:40.0064 3276  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:37:40.0111 3276  dot3svc - ok
17:37:40.0142 3276  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
17:37:40.0189 3276  DPS - ok
17:37:40.0220 3276  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:37:40.0267 3276  drmkaud - ok
17:37:40.0313 3276  [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:37:40.0360 3276  DXGKrnl - ok
17:37:40.0391 3276  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
17:37:40.0438 3276  EapHost - ok
17:37:40.0547 3276  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
17:37:40.0688 3276  ebdrv - ok
17:37:40.0719 3276  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
17:37:40.0766 3276  EFS - ok
17:37:40.0844 3276  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:37:40.0922 3276  ehRecvr - ok
17:37:40.0953 3276  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
17:37:41.0000 3276  ehSched - ok
17:37:41.0047 3276  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:37:41.0078 3276  elxstor - ok
17:37:41.0125 3276  [ E9EFCB47B90FD5498695BB7FEFD36CAE ] EpsonScanSvc    C:\Windows\system32\EscSvc.exe
17:37:41.0140 3276  EpsonScanSvc - ok
17:37:41.0171 3276  [ 58767FD54AC279DE041AB6DECC48E658 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE
17:37:41.0187 3276  EPSON_EB_RPCV4_04 - ok
17:37:41.0218 3276  [ 1ABB5EBC14418646EA1AD866864145F0 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE
17:37:41.0234 3276  EPSON_PM_RPCV4_04 - ok
17:37:41.0265 3276  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:37:41.0312 3276  ErrDev - ok
17:37:41.0374 3276  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
17:37:41.0421 3276  EventSystem - ok
17:37:41.0483 3276  [ 76984D46B2ABAA46F8B3FCEF82C9217D ] EverestDriver   C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt
17:37:41.0499 3276  EverestDriver ( UnsignedFile.Multi.Generic ) - warning
17:37:41.0499 3276  EverestDriver - detected UnsignedFile.Multi.Generic (1)
17:37:41.0530 3276  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
17:37:41.0593 3276  exfat - ok
17:37:41.0624 3276  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:37:41.0671 3276  fastfat - ok
17:37:41.0733 3276  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
17:37:41.0811 3276  Fax - ok
17:37:41.0842 3276  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:37:41.0873 3276  fdc - ok
17:37:41.0889 3276  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
17:37:41.0920 3276  fdPHost - ok
17:37:41.0936 3276  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
17:37:41.0983 3276  FDResPub - ok
17:37:42.0014 3276  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:37:42.0029 3276  FileInfo - ok
17:37:42.0045 3276  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:37:42.0092 3276  Filetrace - ok
17:37:42.0107 3276  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:37:42.0139 3276  flpydisk - ok
17:37:42.0170 3276  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:37:42.0185 3276  FltMgr - ok
17:37:42.0248 3276  [ E12C4928B32ACE04610259647F072635 ] FontCache       C:\Windows\system32\FntCache.dll
17:37:42.0326 3276  FontCache - ok
17:37:42.0388 3276  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:37:42.0404 3276  FontCache3.0.0.0 - ok
17:37:42.0435 3276  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:37:42.0451 3276  FsDepends - ok
17:37:42.0466 3276  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:37:42.0482 3276  Fs_Rec - ok
17:37:42.0529 3276  [ E306A24D9694C724FA2491278BF50FDB ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:37:42.0544 3276  fvevol - ok
17:37:42.0575 3276  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:37:42.0591 3276  gagp30kx - ok
17:37:42.0638 3276  [ 93CA4D9A0433BE0EDD0B9F2F26D5E54C ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
17:37:42.0653 3276  ggflt - ok
17:37:42.0685 3276  [ 17E678AAB82CCDFB80E7614504933895 ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
17:37:42.0685 3276  ggsemc - ok
17:37:42.0747 3276  [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio          C:\Windows\system32\giveio.sys
17:37:42.0778 3276  giveio ( UnsignedFile.Multi.Generic ) - warning
17:37:42.0778 3276  giveio - detected UnsignedFile.Multi.Generic (1)
17:37:42.0809 3276  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:37:42.0903 3276  gpsvc - ok
17:37:42.0934 3276  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:37:42.0981 3276  hcw85cir - ok
17:37:43.0043 3276  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:37:43.0075 3276  HdAudAddService - ok
17:37:43.0106 3276  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:37:43.0137 3276  HDAudBus - ok
17:37:43.0168 3276  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:37:43.0199 3276  HidBatt - ok
17:37:43.0215 3276  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:37:43.0262 3276  HidBth - ok
17:37:43.0277 3276  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:37:43.0309 3276  HidIr - ok
17:37:43.0340 3276  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\System32\hidserv.dll
17:37:43.0371 3276  hidserv - ok
17:37:43.0418 3276  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:37:43.0465 3276  HidUsb - ok
17:37:43.0496 3276  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:37:43.0543 3276  hkmsvc - ok
17:37:43.0589 3276  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:37:43.0652 3276  HomeGroupListener - ok
17:37:43.0683 3276  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:37:43.0730 3276  HomeGroupProvider - ok
17:37:43.0792 3276  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
17:37:43.0808 3276  HpSAMD - ok
17:37:43.0901 3276  [ 1664905CC1F7F176F8A592720D9629B9 ] hshld           C:\Program Files\Hotspot Shield\bin\openvpnas.exe
17:37:43.0948 3276  hshld - ok
17:37:44.0011 3276  [ C08EC566056CCB470B2B98C0612BC0DB ] HssDRV6         C:\Windows\system32\DRIVERS\hssdrv6.sys
17:37:44.0011 3276  HssDRV6 - ok
17:37:44.0073 3276  [ 3EC456E454E7CF930B6B2FF3D1A9ED2F ] HssSrv          C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
17:37:44.0104 3276  HssSrv - ok
17:37:44.0151 3276  [ 443156D4CA230724B8FF5234B0C9FFFC ] HssTrayService  C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
17:37:44.0167 3276  HssTrayService - ok
17:37:44.0198 3276  [ 35E91DF99B8CEAA477E0AB86052475D6 ] HssWd           C:\Program Files\Hotspot Shield\bin\hsswd.exe
17:37:44.0260 3276  HssWd - ok
17:37:44.0307 3276  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:37:44.0354 3276  HTTP - ok
17:37:44.0401 3276  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:37:44.0416 3276  hwpolicy - ok
17:37:44.0447 3276  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
17:37:44.0479 3276  i8042prt - ok
17:37:44.0510 3276  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:37:44.0541 3276  iaStorV - ok
17:37:44.0603 3276  [ 9AC1E19D77BA038F24E2FAB5D95F70D3 ] ICQ Service     C:\PROGRA~1\ICQ6TO~1\ICQSER~1.EXE
17:37:44.0619 3276  ICQ Service - ok
17:37:44.0713 3276  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:37:44.0759 3276  idsvc - ok
17:37:44.0806 3276  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:37:44.0822 3276  iirsp - ok
17:37:44.0869 3276  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:37:44.0962 3276  IKEEXT - ok
17:37:44.0993 3276  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:37:45.0009 3276  intelide - ok
17:37:45.0040 3276  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:37:45.0071 3276  intelppm - ok
17:37:45.0103 3276  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:37:45.0149 3276  IPBusEnum - ok
17:37:45.0181 3276  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:37:45.0227 3276  IpFilterDriver - ok
17:37:45.0290 3276  [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:37:45.0337 3276  iphlpsvc - ok
17:37:45.0383 3276  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
17:37:45.0415 3276  IPMIDRV - ok
17:37:45.0430 3276  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:37:45.0477 3276  IPNAT - ok
17:37:45.0508 3276  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:37:45.0555 3276  IRENUM - ok
17:37:45.0586 3276  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:37:45.0617 3276  isapnp - ok
17:37:45.0664 3276  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
17:37:45.0695 3276  iScsiPrt - ok
17:37:45.0742 3276  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:37:45.0758 3276  kbdclass - ok
17:37:45.0805 3276  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:37:45.0836 3276  kbdhid - ok
17:37:45.0867 3276  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
17:37:45.0898 3276  KeyIso - ok
17:37:45.0929 3276  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:37:45.0945 3276  KSecDD - ok
17:37:45.0961 3276  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:37:45.0976 3276  KSecPkg - ok
17:37:46.0023 3276  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:37:46.0085 3276  KtmRm - ok
17:37:46.0117 3276  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\System32\srvsvc.dll
17:37:46.0163 3276  LanmanServer - ok
17:37:46.0195 3276  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:37:46.0273 3276  LanmanWorkstation - ok
17:37:46.0335 3276  [ 4DD47B5AF0B24871EBB9EFC012A7474E ] LgBttPort       C:\Windows\system32\DRIVERS\lgbtport.sys
17:37:46.0366 3276  LgBttPort - ok
17:37:46.0413 3276  [ 1D038CA6C529203087A990E5E97887B4 ] lgbusenum       C:\Windows\system32\DRIVERS\lgbtbus.sys
17:37:46.0429 3276  lgbusenum - ok
17:37:46.0475 3276  [ 26F1976A330195D62A6224C76968CF0D ] LGVMODEM        C:\Windows\system32\DRIVERS\lgvmodem.sys
17:37:46.0507 3276  LGVMODEM - ok
17:37:46.0553 3276  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:37:46.0600 3276  lltdio - ok
17:37:46.0631 3276  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:37:46.0694 3276  lltdsvc - ok
17:37:46.0709 3276  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:37:46.0772 3276  lmhosts - ok
17:37:46.0803 3276  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:37:46.0819 3276  LSI_FC - ok
17:37:46.0834 3276  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:37:46.0850 3276  LSI_SAS - ok
17:37:46.0865 3276  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:37:46.0881 3276  LSI_SAS2 - ok
17:37:46.0897 3276  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:37:46.0912 3276  LSI_SCSI - ok
17:37:46.0928 3276  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
17:37:46.0959 3276  luafv - ok
17:37:47.0006 3276  [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:37:47.0021 3276  MBAMProtector - ok
17:37:47.0099 3276  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:37:47.0146 3276  MBAMScheduler - ok
17:37:47.0177 3276  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:37:47.0224 3276  MBAMService - ok
17:37:47.0271 3276  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:37:47.0287 3276  Mcx2Svc - ok
17:37:47.0302 3276  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:37:47.0318 3276  megasas - ok
17:37:47.0349 3276  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:37:47.0365 3276  MegaSR - ok
17:37:47.0396 3276  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
17:37:47.0458 3276  MMCSS - ok
17:37:47.0474 3276  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
17:37:47.0521 3276  Modem - ok
17:37:47.0567 3276  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:37:47.0599 3276  monitor - ok
17:37:47.0645 3276  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:37:47.0645 3276  mouclass - ok
17:37:47.0661 3276  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:37:47.0692 3276  mouhid - ok
17:37:47.0739 3276  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:37:47.0755 3276  mountmgr - ok
17:37:47.0770 3276  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:37:47.0786 3276  mpio - ok
17:37:47.0801 3276  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:37:47.0848 3276  mpsdrv - ok
17:37:47.0895 3276  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:37:47.0973 3276  MpsSvc - ok
17:37:48.0004 3276  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:37:48.0051 3276  MRxDAV - ok
17:37:48.0098 3276  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:37:48.0145 3276  mrxsmb - ok
17:37:48.0160 3276  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:37:48.0207 3276  mrxsmb10 - ok
17:37:48.0238 3276  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:37:48.0269 3276  mrxsmb20 - ok
17:37:48.0301 3276  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
17:37:48.0316 3276  msahci - ok
17:37:48.0347 3276  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:37:48.0379 3276  msdsm - ok
17:37:48.0394 3276  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
17:37:48.0441 3276  MSDTC - ok
17:37:48.0472 3276  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:37:48.0503 3276  Msfs - ok
17:37:48.0519 3276  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:37:48.0566 3276  mshidkmdf - ok
17:37:48.0597 3276  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:37:48.0613 3276  msisadrv - ok
17:37:48.0644 3276  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:37:48.0691 3276  MSiSCSI - ok
17:37:48.0691 3276  msiserver - ok
17:37:48.0737 3276  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:37:48.0769 3276  MSKSSRV - ok
17:37:48.0800 3276  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:37:48.0847 3276  MSPCLOCK - ok
17:37:48.0862 3276  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:37:48.0893 3276  MSPQM - ok
17:37:48.0909 3276  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:37:48.0925 3276  MsRPC - ok
17:37:48.0940 3276  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
17:37:48.0956 3276  mssmbios - ok
17:37:48.0971 3276  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:37:49.0003 3276  MSTEE - ok
17:37:49.0034 3276  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:37:49.0065 3276  MTConfig - ok
17:37:49.0096 3276  [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
17:37:49.0127 3276  MTsensor - ok
17:37:49.0159 3276  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:37:49.0174 3276  Mup - ok
17:37:49.0205 3276  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
17:37:49.0252 3276  napagent - ok
17:37:49.0283 3276  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:37:49.0315 3276  NativeWifiP - ok
17:37:49.0377 3276  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:37:49.0439 3276  NDIS - ok
17:37:49.0471 3276  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:37:49.0517 3276  NdisCap - ok
17:37:49.0533 3276  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:37:49.0595 3276  NdisTapi - ok
17:37:49.0642 3276  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:37:49.0689 3276  Ndisuio - ok
17:37:49.0720 3276  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:37:49.0767 3276  NdisWan - ok
17:37:49.0814 3276  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:37:49.0876 3276  NDProxy - ok
17:37:49.0892 3276  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:37:49.0939 3276  NetBIOS - ok
17:37:49.0970 3276  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:37:50.0017 3276  NetBT - ok
17:37:50.0048 3276  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
17:37:50.0063 3276  Netlogon - ok
17:37:50.0095 3276  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
17:37:50.0173 3276  Netman - ok
17:37:50.0219 3276  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:37:50.0251 3276  NetMsmqActivator - ok
17:37:50.0266 3276  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:37:50.0282 3276  NetPipeActivator - ok
17:37:50.0313 3276  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
17:37:50.0375 3276  netprofm - ok
17:37:50.0375 3276  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:37:50.0391 3276  NetTcpActivator - ok
17:37:50.0407 3276  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
17:37:50.0422 3276  NetTcpPortSharing - ok
17:37:50.0469 3276  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:37:50.0485 3276  nfrd960 - ok
17:37:50.0516 3276  [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:37:50.0563 3276  NlaSvc - ok
17:37:50.0578 3276  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:37:50.0625 3276  Npfs - ok
17:37:50.0656 3276  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
17:37:50.0687 3276  nsi - ok
17:37:50.0687 3276  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:37:50.0734 3276  nsiproxy - ok
17:37:50.0797 3276  [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:37:50.0859 3276  Ntfs - ok
17:37:50.0875 3276  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
17:37:50.0921 3276  Null - ok
17:37:50.0968 3276  [ ED53B817E63AFFBA328C2E9632FBF487 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
17:37:50.0984 3276  NVHDA - ok
17:37:51.0249 3276  [ 975026EE6AF72CD0954AECDDAD43F8EF ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:37:51.0577 3276  nvlddmkm - ok
17:37:51.0623 3276  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:37:51.0639 3276  nvraid - ok
17:37:51.0686 3276  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:37:51.0701 3276  nvstor - ok
17:37:51.0764 3276  [ B977DE8442427ED709A95888E034042A ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:37:51.0811 3276  nvsvc - ok
17:37:51.0951 3276  [ 77C691F3877A4F0F21253C9AC8DA4743 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:37:52.0045 3276  nvUpdatusService - ok
17:37:52.0076 3276  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:37:52.0091 3276  nv_agp - ok
17:37:52.0138 3276  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
17:37:52.0169 3276  ohci1394 - ok
17:37:52.0201 3276  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:37:52.0263 3276  p2pimsvc - ok
17:37:52.0310 3276  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:37:52.0341 3276  p2psvc - ok
17:37:52.0388 3276  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:37:52.0419 3276  Parport - ok
17:37:52.0450 3276  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:37:52.0466 3276  partmgr - ok
17:37:52.0481 3276  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
17:37:52.0497 3276  Parvdm - ok
17:37:52.0528 3276  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:37:52.0559 3276  PcaSvc - ok
17:37:52.0606 3276  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
17:37:52.0622 3276  pci - ok
17:37:52.0669 3276  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
17:37:52.0669 3276  pciide - ok
17:37:52.0700 3276  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:37:52.0715 3276  pcmcia - ok
17:37:52.0747 3276  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
17:37:52.0762 3276  pcw - ok
17:37:52.0793 3276  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:37:52.0856 3276  PEAUTH - ok
17:37:52.0918 3276  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
17:37:52.0996 3276  PeerDistSvc - ok
17:37:53.0105 3276  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
17:37:53.0199 3276  pla - ok
17:37:53.0230 3276  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:37:53.0277 3276  PlugPlay - ok
17:37:53.0339 3276  [ 205E1B699FD3F2F9B036EEA2EC30C620 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
17:37:53.0355 3276  PnkBstrA - ok
17:37:53.0386 3276  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:37:53.0433 3276  PNRPAutoReg - ok
17:37:53.0449 3276  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:37:53.0480 3276  PNRPsvc - ok
17:37:53.0495 3276  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:37:53.0558 3276  PolicyAgent - ok
17:37:53.0589 3276  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
17:37:53.0620 3276  Power - ok
17:37:53.0667 3276  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:37:53.0714 3276  PptpMiniport - ok
17:37:53.0745 3276  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:37:53.0776 3276  Processor - ok
17:37:53.0823 3276  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
17:37:53.0870 3276  ProfSvc - ok
17:37:53.0901 3276  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:37:53.0917 3276  ProtectedStorage - ok
17:37:53.0948 3276  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:37:53.0995 3276  Psched - ok
17:37:54.0041 3276  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:37:54.0104 3276  ql2300 - ok
17:37:54.0119 3276  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:37:54.0135 3276  ql40xx - ok
17:37:54.0166 3276  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
17:37:54.0213 3276  QWAVE - ok
17:37:54.0229 3276  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:37:54.0244 3276  QWAVEdrv - ok
17:37:54.0307 3276  [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
17:37:54.0338 3276  RapiMgr - ok
17:37:54.0353 3276  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:37:54.0400 3276  RasAcd - ok
17:37:54.0431 3276  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:37:54.0494 3276  RasAgileVpn - ok
17:37:54.0525 3276  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
17:37:54.0587 3276  RasAuto - ok
17:37:54.0619 3276  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:37:54.0665 3276  Rasl2tp - ok
17:37:54.0712 3276  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
17:37:54.0775 3276  RasMan - ok
17:37:54.0806 3276  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:37:54.0837 3276  RasPppoe - ok
17:37:54.0884 3276  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:37:54.0915 3276  RasSstp - ok
17:37:54.0977 3276  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:37:55.0055 3276  rdbss - ok
17:37:55.0071 3276  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:37:55.0102 3276  rdpbus - ok
17:37:55.0133 3276  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:37:55.0180 3276  RDPCDD - ok
17:37:55.0211 3276  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
17:37:55.0274 3276  RDPDR - ok
17:37:55.0305 3276  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:37:55.0352 3276  RDPENCDD - ok
17:37:55.0367 3276  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:37:55.0414 3276  RDPREFMP - ok
17:37:55.0477 3276  [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
17:37:55.0492 3276  RdpVideoMiniport - ok
17:37:55.0523 3276  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:37:55.0586 3276  RDPWD - ok
17:37:55.0633 3276  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:37:55.0648 3276  rdyboost - ok
17:37:55.0679 3276  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:37:55.0726 3276  RemoteAccess - ok
17:37:55.0757 3276  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:37:55.0835 3276  RemoteRegistry - ok
17:37:55.0867 3276  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:37:55.0898 3276  RpcEptMapper - ok
17:37:55.0929 3276  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
17:37:55.0960 3276  RpcLocator - ok
17:37:55.0991 3276  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
17:37:56.0023 3276  RpcSs - ok
17:37:56.0069 3276  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:37:56.0132 3276  rspndr - ok
17:37:56.0179 3276  [ 7DFD48E24479B68B258D8770121155A0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
17:37:56.0210 3276  RTL8167 - ok
17:37:56.0241 3276  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
17:37:56.0272 3276  s3cap - ok
17:37:56.0288 3276  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
17:37:56.0303 3276  SamSs - ok
17:37:56.0335 3276  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:37:56.0350 3276  sbp2port - ok
17:37:56.0381 3276  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:37:56.0428 3276  SCardSvr - ok
17:37:56.0475 3276  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:37:56.0522 3276  scfilter - ok
17:37:56.0569 3276  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
17:37:56.0647 3276  Schedule - ok
17:37:56.0662 3276  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:37:56.0693 3276  SCPolicySvc - ok
17:37:56.0740 3276  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:37:56.0787 3276  SDRSVC - ok
17:37:56.0818 3276  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:37:56.0896 3276  secdrv - ok
17:37:56.0912 3276  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
17:37:56.0959 3276  seclogon - ok
17:37:56.0990 3276  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\system32\sens.dll
17:37:57.0037 3276  SENS - ok
17:37:57.0068 3276  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:37:57.0099 3276  SensrSvc - ok
17:37:57.0130 3276  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:37:57.0161 3276  Serenum - ok
17:37:57.0193 3276  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:37:57.0239 3276  Serial - ok
17:37:57.0271 3276  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:37:57.0286 3276  sermouse - ok
17:37:57.0333 3276  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:37:57.0380 3276  SessionEnv - ok
17:37:57.0427 3276  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:37:57.0458 3276  sffdisk - ok
17:37:57.0489 3276  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:37:57.0520 3276  sffp_mmc - ok
17:37:57.0536 3276  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:37:57.0551 3276  sffp_sd - ok
17:37:57.0567 3276  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:37:57.0598 3276  sfloppy - ok
17:37:57.0645 3276  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:37:57.0707 3276  SharedAccess - ok
17:37:57.0739 3276  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:37:57.0801 3276  ShellHWDetection - ok
17:37:57.0848 3276  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:37:57.0863 3276  sisagp - ok
17:37:57.0895 3276  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:37:57.0910 3276  SiSRaid2 - ok
17:37:57.0926 3276  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:37:57.0941 3276  SiSRaid4 - ok
17:37:58.0004 3276  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
17:37:58.0019 3276  SkypeUpdate - ok
17:37:58.0051 3276  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:37:58.0082 3276  Smb - ok
17:37:58.0129 3276  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:37:58.0144 3276  SNMPTRAP - ok
17:37:58.0425 3276  [ 9CD6FFC9F5B999EB5DF69B9177D9848F ] SNPSTD3         C:\Windows\system32\DRIVERS\snpstd3.sys
17:37:58.0753 3276  SNPSTD3 - ok
17:37:58.0831 3276  [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
17:37:58.0846 3276  Sony PC Companion - ok
17:37:58.0909 3276  [ DC8D2952FB6FFBAEC67BD1B93A34DF11 ] speedfan        C:\Windows\system32\speedfan.sys
17:37:58.0924 3276  speedfan - ok
17:37:58.0955 3276  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:37:58.0971 3276  spldr - ok
17:37:59.0018 3276  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
17:37:59.0065 3276  Spooler - ok
17:37:59.0174 3276  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
17:37:59.0314 3276  sppsvc - ok
17:37:59.0345 3276  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:37:59.0392 3276  sppuinotify - ok
17:37:59.0423 3276  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:37:59.0486 3276  srv - ok
17:37:59.0517 3276  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:37:59.0548 3276  srv2 - ok
17:37:59.0579 3276  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:37:59.0595 3276  srvnet - ok
17:37:59.0626 3276  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:37:59.0689 3276  SSDPSRV - ok
17:37:59.0704 3276  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:37:59.0767 3276  SstpSvc - ok
17:37:59.0782 3276  Steam Client Service - ok
17:37:59.0860 3276  [ 0887B293199AA2055888FABA989ED0A6 ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:37:59.0907 3276  Stereo Service - ok
17:37:59.0923 3276  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:37:59.0938 3276  stexstor - ok
17:38:00.0001 3276  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
17:38:00.0079 3276  StiSvc - ok
17:38:00.0110 3276  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
17:38:00.0125 3276  storflt - ok
17:38:00.0157 3276  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
17:38:00.0172 3276  storvsc - ok
17:38:00.0188 3276  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
17:38:00.0203 3276  swenum - ok
17:38:00.0235 3276  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
17:38:00.0281 3276  swprv - ok
17:38:00.0297 3276  Synth3dVsc - ok
17:38:00.0375 3276  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
17:38:00.0437 3276  SysMain - ok
17:38:00.0469 3276  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:38:00.0515 3276  TabletInputService - ok
17:38:00.0547 3276  [ FD90A16CEB10D4FDAA00AAF39B8FF58F ] taphss          C:\Windows\system32\DRIVERS\taphss.sys
17:38:00.0562 3276  taphss - ok
17:38:00.0609 3276  [ A69C1848E37482C855D94AA05145086C ] taphss6         C:\Windows\system32\DRIVERS\taphss6.sys
17:38:00.0625 3276  taphss6 - ok
17:38:00.0656 3276  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:38:00.0703 3276  TapiSrv - ok
17:38:00.0734 3276  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
17:38:00.0796 3276  TBS - ok
17:38:00.0859 3276  [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:38:00.0921 3276  Tcpip - ok
17:38:00.0968 3276  [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:38:01.0015 3276  TCPIP6 - ok
17:38:01.0061 3276  [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:38:01.0093 3276  tcpipreg - ok
17:38:01.0124 3276  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:38:01.0186 3276  TDPIPE - ok
17:38:01.0202 3276  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:38:01.0217 3276  TDTCP - ok
17:38:01.0249 3276  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:38:01.0295 3276  tdx - ok
17:38:01.0327 3276  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
17:38:01.0342 3276  TermDD - ok
17:38:01.0389 3276  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
17:38:01.0451 3276  TermService - ok
17:38:01.0483 3276  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
17:38:01.0514 3276  Themes - ok
17:38:01.0545 3276  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
17:38:01.0576 3276  THREADORDER - ok
17:38:01.0607 3276  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
17:38:01.0654 3276  TrkWks - ok
17:38:01.0717 3276  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:38:01.0779 3276  TrustedInstaller - ok
17:38:01.0826 3276  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:38:01.0873 3276  tssecsrv - ok
17:38:01.0888 3276  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
17:38:01.0919 3276  TsUsbFlt - ok
17:38:01.0919 3276  tsusbhub - ok
17:38:01.0982 3276  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:38:02.0044 3276  tunnel - ok
17:38:02.0075 3276  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:38:02.0091 3276  uagp35 - ok
17:38:02.0138 3276  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:38:02.0185 3276  udfs - ok
17:38:02.0231 3276  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:38:02.0278 3276  UI0Detect - ok
17:38:02.0325 3276  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:38:02.0341 3276  uliagpkx - ok
17:38:02.0387 3276  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:38:02.0419 3276  umbus - ok
17:38:02.0450 3276  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:38:02.0481 3276  UmPass - ok
17:38:02.0528 3276  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
17:38:02.0559 3276  UmRdpService - ok
17:38:02.0590 3276  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
17:38:02.0653 3276  upnphost - ok
17:38:02.0715 3276  [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:38:02.0746 3276  usbaudio - ok
17:38:02.0793 3276  [ ADB68AA60EF991CE2E217223FA20B4FF ] usbbus          C:\Windows\system32\DRIVERS\lgusbbus.sys
17:38:02.0840 3276  usbbus - ok
17:38:02.0871 3276  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:38:02.0933 3276  usbccgp - ok
17:38:02.0980 3276  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:38:03.0011 3276  usbcir - ok
17:38:03.0043 3276  [ D4A6201DD361F019E44483645B490E4E ] UsbDiag         C:\Windows\system32\DRIVERS\lgusbdiag.sys
17:38:03.0058 3276  UsbDiag - ok
17:38:03.0089 3276  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:38:03.0121 3276  usbehci - ok
17:38:03.0152 3276  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:38:03.0183 3276  usbhub - ok
17:38:03.0214 3276  [ A2B99411E10287F327A9820D260E7FE4 ] USBModem        C:\Windows\system32\DRIVERS\lgusbmodem.sys
17:38:03.0230 3276  USBModem - ok
17:38:03.0261 3276  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:38:03.0308 3276  usbohci - ok
17:38:03.0339 3276  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:38:03.0370 3276  usbprint - ok
17:38:03.0401 3276  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:38:03.0417 3276  usbscan - ok
17:38:03.0448 3276  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:38:03.0495 3276  USBSTOR - ok
17:38:03.0526 3276  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:38:03.0542 3276  usbuhci - ok
17:38:03.0557 3276  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
17:38:03.0604 3276  usbvideo - ok
17:38:03.0651 3276  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
17:38:03.0698 3276  UxSms - ok
17:38:03.0713 3276  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
17:38:03.0729 3276  VaultSvc - ok
17:38:03.0760 3276  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
17:38:03.0776 3276  vdrvroot - ok
17:38:03.0823 3276  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
17:38:03.0885 3276  vds - ok
17:38:03.0916 3276  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:38:03.0932 3276  vga - ok
17:38:03.0947 3276  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:38:03.0979 3276  VgaSave - ok
17:38:03.0994 3276  VGPU - ok
17:38:04.0041 3276  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
17:38:04.0057 3276  vhdmp - ok
17:38:04.0119 3276  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:38:04.0135 3276  viaagp - ok
17:38:04.0150 3276  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
17:38:04.0181 3276  ViaC7 - ok
17:38:04.0213 3276  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
17:38:04.0228 3276  viaide - ok
17:38:04.0275 3276  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
17:38:04.0291 3276  vmbus - ok
17:38:04.0322 3276  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
17:38:04.0353 3276  VMBusHID - ok
17:38:04.0384 3276  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:38:04.0400 3276  volmgr - ok
17:38:04.0431 3276  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:38:04.0478 3276  volmgrx - ok
17:38:04.0493 3276  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:38:04.0525 3276  volsnap - ok
17:38:04.0556 3276  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:38:04.0571 3276  vsmraid - ok
17:38:04.0634 3276  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
17:38:04.0759 3276  VSS - ok
17:38:04.0774 3276  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
17:38:04.0805 3276  vwifibus - ok
17:38:04.0852 3276  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
17:38:04.0899 3276  W32Time - ok
17:38:04.0915 3276  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:38:04.0946 3276  WacomPen - ok
17:38:05.0008 3276  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:38:05.0039 3276  WANARP - ok
17:38:05.0039 3276  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:38:05.0071 3276  Wanarpv6 - ok
17:38:05.0117 3276  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
17:38:05.0242 3276  wbengine - ok
17:38:05.0273 3276  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:38:05.0305 3276  WbioSrvc - ok
17:38:05.0351 3276  [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
17:38:05.0383 3276  WcesComm - ok
17:38:05.0429 3276  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:38:05.0476 3276  wcncsvc - ok
17:38:05.0507 3276  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:38:05.0554 3276  WcsPlugInService - ok
17:38:05.0585 3276  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:38:05.0601 3276  Wd - ok
17:38:05.0648 3276  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:38:05.0695 3276  Wdf01000 - ok
17:38:05.0710 3276  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:38:05.0804 3276  WdiServiceHost - ok
17:38:05.0804 3276  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:38:05.0835 3276  WdiSystemHost - ok
17:38:05.0882 3276  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
17:38:05.0944 3276  WebClient - ok
17:38:05.0975 3276  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:38:06.0022 3276  Wecsvc - ok
17:38:06.0038 3276  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:38:06.0085 3276  wercplsupport - ok
17:38:06.0131 3276  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:38:06.0194 3276  WerSvc - ok
17:38:06.0225 3276  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:38:06.0256 3276  WfpLwf - ok
17:38:06.0272 3276  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:38:06.0287 3276  WIMMount - ok
17:38:06.0350 3276  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:38:06.0428 3276  WinDefend - ok
17:38:06.0459 3276  WinHttpAutoProxySvc - ok
17:38:06.0521 3276  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:38:06.0584 3276  Winmgmt - ok
17:38:06.0631 3276  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
17:38:06.0724 3276  WinRM - ok
17:38:06.0787 3276  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:38:06.0818 3276  WinUsb - ok
17:38:06.0865 3276  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:38:06.0927 3276  Wlansvc - ok
17:38:06.0958 3276  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
17:38:06.0974 3276  WmiAcpi - ok
17:38:07.0005 3276  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:38:07.0036 3276  wmiApSrv - ok
17:38:07.0099 3276  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:38:07.0192 3276  WMPNetworkSvc - ok
17:38:07.0208 3276  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:38:07.0239 3276  WPCSvc - ok
17:38:07.0286 3276  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:38:07.0348 3276  WPDBusEnum - ok
17:38:07.0379 3276  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:38:07.0426 3276  ws2ifsl - ok
17:38:07.0442 3276  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\system32\wscsvc.dll
17:38:07.0489 3276  wscsvc - ok
17:38:07.0489 3276  WSearch - ok
17:38:07.0582 3276  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
17:38:07.0676 3276  wuauserv - ok
17:38:07.0723 3276  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:38:07.0754 3276  WudfPf - ok
17:38:07.0785 3276  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:38:07.0816 3276  WUDFRd - ok
17:38:07.0863 3276  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:38:07.0894 3276  wudfsvc - ok
17:38:07.0925 3276  [ 3C5E51C05BE9B56EAFF4E388C3AB25E4 ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:38:08.0003 3276  WwanSvc - ok
17:38:08.0019 3276  ================ Scan global ===============================
17:38:08.0066 3276  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:38:08.0097 3276  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:38:08.0113 3276  [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:38:08.0144 3276  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:38:08.0175 3276  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:38:08.0191 3276  [Global] - ok
17:38:08.0191 3276  ================ Scan MBR ==================================
17:38:08.0206 3276  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:38:08.0768 3276  \Device\Harddisk0\DR0 - ok
17:38:08.0783 3276  ================ Scan VBR ==================================
17:38:08.0799 3276  [ 08D1EE321F6A2450045AE062141A93CA ] \Device\Harddisk0\DR0\Partition1
17:38:08.0815 3276  \Device\Harddisk0\DR0\Partition1 - ok
17:38:08.0830 3276  [ 5E3732987A4B7222767FA86BADD01A9A ] \Device\Harddisk0\DR0\Partition2
17:38:08.0830 3276  \Device\Harddisk0\DR0\Partition2 - ok
17:38:08.0830 3276  ============================================================
17:38:08.0830 3276  Scan finished
17:38:08.0830 3276  ============================================================
17:38:08.0846 3316  Detected object count: 2
17:38:08.0846 3316  Actual detected object count: 2
17:38:26.0661 3316  EverestDriver ( UnsignedFile.Multi.Generic ) - skipped by user
17:38:26.0661 3316  EverestDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:38:26.0661 3316  giveio ( UnsignedFile.Multi.Generic ) - skipped by user
17:38:26.0661 3316  giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 04.06.2013, 09:53   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 04.06.2013, 18:31   #15
starta
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



JRT Log

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x86
Ran by christian on 04.06.2013 at 18:57:32,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] browser manager 
Successfully deleted: [Service] browser manager 
Successfully stopped: [Service] icq service 
Successfully deleted: [Service] icq service 



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC}
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-169190448-2637492132-308262306-1001\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\browsermngr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\browsermngr
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mediafinder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\yourfiledownloader
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\icq service.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\icqtoolbar.iehook
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\icqtoolbar.iehook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT2481020
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3242337
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4883FECA-776F-48EA-8B37-C7AA854B1FF0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}



~~~ Files

Successfully deleted: [File] "C:\end"
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Failed to delete: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\ProgramData\browser manager"
Successfully deleted: [Folder] "C:\ProgramData\application data\big fish games"
Successfully deleted: [Folder] "C:\Users\christian\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\christian\AppData\Roaming\media finder"
Successfully deleted: [Folder] "C:\Users\christian\AppData\Roaming\yourfiledownloader"
Successfully deleted: [Folder] "C:\Users\christian\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\christian\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\christian\appdata\locallow\claro ltd"
Successfully deleted: [Folder] "C:\Users\christian\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\christian\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\driver-soft"
Successfully deleted: [Folder] "C:\Program Files\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files\openapp"
Successfully deleted: [Folder] "C:\Users\christian\start menu\programs\browser manager"



~~~ Chrome

Successfully deleted: [Folder] C:\Users\christian\appdata\local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.06.2013 at 19:00:13,57
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

adwCleaner Log

Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 04/06/2013 um 19:05:44 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : christian - CHRISTIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\christian\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Gelöscht mit Neustart : C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkjoiggkbepedjmjjbhhecjiimlckcga
Ordner Gelöscht : C:\Program Files\Ashampoo_DE
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Ordner Gelöscht : C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkjoiggkbepedjmjjbhhecjiimlckcga
Ordner Gelöscht : C:\Users\christian\AppData\LocalLow\Ashampoo_DE
Ordner Gelöscht : C:\Users\christian\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\968bd8e734e847
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Ashampoo_DE
Schlüssel Gelöscht : HKCU\Software\Ashampoo_DE
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\fkjoiggkbepedjmjjbhhecjiimlckcga
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5786D022-540E-4699-B350-B4BE0AE94B79}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5786D022-540E-4699-B350-B4BE0AE94B79}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6477D09-A529-4EEC-993D-BAAEB71AE111}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\968bd8e734e847
Schlüssel Gelöscht : HKLM\Software\Ashampoo_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5786D022-540E-4699-B350-B4BE0AE94B79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6477D09-A529-4EEC-993D-BAAEB71AE111}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\fkjoiggkbepedjmjjbhhecjiimlckcga
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5F125CB3-FC30-464A-8E6D-DF8CDD5A0CE8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6749EC72-652A-47BF-ADA3-F3EC3F5CB4CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5786D022-540E-4699-B350-B4BE0AE94B79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F6477D09-A529-4EEC-993D-BAAEB71AE111}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\318a8d31f733a9c304803092e88a63cd
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ashampoo_DE Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{5786D022-540E-4699-B350-B4BE0AE94B79}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{5786D022-540E-4699-B350-B4BE0AE94B79}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5786D022-540E-4699-B350-B4BE0AE94B79}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{5786D022-540E-4699-B350-B4BE0AE94B79}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v27.0.1453.94

Datei : C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [7652 octets] - [04/06/2013 19:05:44]

########## EOF - C:\AdwCleaner[S1].txt - [7712 octets] ##########
         

OTL Logs

Code:
ATTFilter
OTL logfile created on: 04.06.2013 19:17:30 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\christian\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 65,61% Memory free
5,87 Gb Paging File | 4,70 Gb Available in Paging File | 79,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,95 Gb Total Space | 42,64 Gb Free Space | 29,02% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-PC | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\christian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Origin\Origin.exe (Electronic Arts)
PRC - C:\Programme\Sony\Sony PC Companion\PCCompanion.exe (Sony)
PRC - C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Hotspot Shield\HssWPR\HssSrv.exe (AnchorFree Inc.)
PRC - C:\Programme\Hotspot Shield\bin\openvpntray.exe (AnchorFree Inc.)
PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.)
PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIINE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Windows\System32\escsvc.exe (Seiko Epson Corporation)
PRC - C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe ()
MOD - C:\Programme\Sony\Sony PC Companion\sqlite3.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\MExplorer.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\PhoneUpdate.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\TMonitorAPI.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\Report.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\VObject.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\HssSrv.exe (AnchorFree Inc.)
SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.)
SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe ()
SRV - (EpsonScanSvc) -- C:\Windows\System32\escsvc.exe (Seiko Epson Corporation)
SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (catchme) -- C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (taphss6) -- C:\Windows\System32\drivers\taphss6.sys (Anchorfree Inc.)
DRV - (HssDRV6) -- C:\Windows\System32\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.)
DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (camfilt2) -- C:\Windows\System32\drivers\camfilt2.sys (Guillemot Corporation)
DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (EverestDriver) -- C:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-169190448-2637492132-308262306-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-169190448-2637492132-308262306-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-169190448-2637492132-308262306-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-169190448-2637492132-308262306-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-169190448-2637492132-308262306-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-169190448-2637492132-308262306-1003\..\SearchScopes,DefaultScope = 
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\christian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\christian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
 
[2012.08.24 00:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions
[2012.08.19 04:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com/
CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\
CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.2.0.5\
CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\
CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\
 
O1 HOSTS File: ([2013.06.03 01:10:43 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1001..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1001..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIINE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1001..\Run: [ICQ] C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1001..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1001..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-169190448-2637492132-308262306-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-169190448-2637492132-308262306-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-169190448-2637492132-308262306-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab (Battlefield Play4Free Updater)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F98AB5C-CD42-4622-B106-570EFF8C74A4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF60E1C4-E5FC-4153-A9FF-AF3B11BF6D9C}: DhcpNameServer = 8.8.8.8
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.04 18:54:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.04 18:53:56 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.04 18:52:49 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\christian\Desktop\JRT.exe
[2013.06.03 17:34:39 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\christian\Desktop\tdsskiller.exe
[2013.06.03 17:09:36 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\christian\Desktop\aswMBR.exe
[2013.06.03 13:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.06.03 13:08:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.06.03 01:12:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.03 01:12:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.03 01:12:19 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\temp
[2013.06.03 00:57:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.03 00:57:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.03 00:57:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.03 00:56:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.03 00:56:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.03 00:55:24 | 005,076,415 | R--- | C] (Swearware) -- C:\Users\christian\Desktop\ComboFix.exe
[2013.06.03 00:00:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2013.06.02 16:55:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.06.02 15:22:43 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013.06.02 15:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013.06.02 15:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2013.06.02 15:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2013.06.02 15:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2013.06.02 14:25:46 | 000,154,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2013.06.02 14:25:46 | 000,028,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2013.06.02 14:25:45 | 021,096,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013.06.02 14:25:45 | 009,053,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013.06.02 14:25:45 | 006,324,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013.06.02 14:25:45 | 000,214,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2013.06.02 14:25:45 | 000,181,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2013.06.02 14:25:44 | 007,682,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013.06.02 14:25:44 | 002,754,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013.06.02 14:25:44 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013.06.02 14:25:44 | 001,024,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3232018.dll
[2013.06.02 14:25:44 | 000,893,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3232018.dll
[2013.06.02 14:25:44 | 000,443,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2013.06.02 14:25:44 | 000,421,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2013.06.02 14:25:43 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013.06.02 14:06:35 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.06.02 13:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.06.02 13:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.06.02 13:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.06.01 23:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.06.01 23:03:56 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.06.01 23:03:56 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.06.01 23:03:53 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.06.01 23:03:52 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.06.01 23:03:52 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.06.01 23:03:46 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.06.01 23:03:44 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.06.01 23:03:12 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.06.01 23:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.06.01 23:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.05.30 16:21:17 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Battlefield 2
[2013.05.30 14:34:50 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.05.30 14:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013.05.25 19:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.05.25 19:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dream Chronicles 2 - The Eternal Maze
[2013.05.25 19:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Dream Chronicles 2 - The Eternal Maze
[2013.05.25 19:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2013.05.25 19:16:50 | 000,235,080 | ---- | C] (Big Fish Games) -- C:\Users\christian\Desktop\bigfishgames_p182285445_s2_l2.exe
[2013.05.22 21:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst
[2013.05.22 21:56:06 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\PlayFirst
[2013.05.22 21:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayFirst
[2013.05.22 21:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\PlayFirst
[2013.05.22 20:40:37 | 000,000,000 | R--D | C] -- C:\Users\christian\Desktop\Discworld 2 (CD DOS)
[2013.05.22 20:30:11 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\bewerbung
[2013.05.22 20:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScummVM
[2013.05.22 20:29:37 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\ScummVM
[2013.05.22 20:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\ScummVM
[2013.05.22 20:16:09 | 000,618,912 | ---- | C] (www.download-sponsor.de) -- C:\Users\christian\Desktop\Discworld.exe
[2013.05.22 16:23:29 | 000,079,256 | ---- | C] (OGPlanet) -- C:\Windows\System32\npOGPPlugin.dll
[2013.05.22 16:23:28 | 000,271,768 | ---- | C] (OGPlanet) -- C:\Windows\System32\OGPIEPlugin.ocx
[2013.05.22 16:23:27 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OGPlanet
[2013.05.22 16:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\OGPlanet
[2013.05.16 03:15:30 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.16 03:15:29 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 03:15:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.16 03:15:29 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 03:15:28 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 03:15:28 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 03:15:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.16 03:15:28 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.16 03:15:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.16 03:15:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.15 20:25:46 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.15 20:25:45 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.15 20:25:45 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.15 20:25:36 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.15 20:25:36 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.15 06:53:15 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\NVIDIA
[2013.05.15 00:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.05.15 00:31:05 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll
[2013.05.15 00:29:09 | 001,009,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2013.05.15 00:29:09 | 000,888,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll
[2013.05.15 00:28:47 | 013,403,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2013.05.15 00:28:45 | 000,925,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll
[2013.05.15 00:28:43 | 012,426,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2013.05.15 00:28:33 | 002,597,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2013.05.12 15:43:36 | 000,566,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe
[2013.05.11 22:27:03 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\LG Electronics
[2013.05.11 22:19:50 | 000,000,000 | ---D | C] -- C:\Temp
[2013.05.11 22:18:59 | 000,131,072 | ---- | C] (LG Electronics) -- C:\Users\christian\Documents\LGMobileDL.dll
[2013.05.11 22:18:57 | 000,172,032 | ---- | C] (LG Electronics) -- C:\Users\christian\Documents\LGPsLvDL.dll
[2013.05.11 22:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013.05.11 22:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite III
[2013.05.11 22:15:35 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\System32\NMSDVDXU.dll
[2013.05.11 22:15:35 | 000,630,784 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsflex8u.ocx
[2013.05.11 22:15:35 | 000,419,240 | ---- | C] (VideoSoft) -- C:\Windows\System32\Vsflex7L.ocx
[2013.05.11 22:15:35 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msflxgrd.ocx
[2013.05.11 22:15:31 | 000,000,000 | -H-D | C] -- C:\Users\christian\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2013.05.11 22:15:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LG Electronics
[2013.05.11 22:15:31 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\LG Electronics
[2013.05.11 22:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2013.05.11 19:18:23 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2013.05.11 19:18:22 | 000,877,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2013.05.11 18:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013.05.11 18:09:10 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3231422.dll
[2013.05.11 18:09:10 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3231422.dll
[2013.05.11 16:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.05.11 15:34:15 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Battlefield 3
[2013.05.11 15:33:06 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\ESN
[2013.05.11 15:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Battlelog Web Plugins
[2013.05.11 15:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2013.05.11 15:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2013.05.11 14:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2013.05.11 14:02:37 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\EAInstaller
[2013.05.11 12:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2013.05.11 12:59:16 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\Origin
[2013.05.11 12:57:51 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Origin
[2013.05.11 12:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.05.11 12:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013.05.11 12:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Origin
[2013.05.09 00:40:33 | 000,000,000 | ---D | C] -- C:\Users\christian\Desktop\mbar
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\christian\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\christian\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\christian\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\christian\AppData\Local\bass.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.04 19:15:34 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.04 19:15:34 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.04 19:12:25 | 000,009,224 | ---- | M] () -- C:\Users\christian\Desktop\AdrwCleaner.rtf
[2013.06.04 19:07:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.04 19:07:28 | 2364,399,616 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.04 19:06:07 | 000,000,176 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.04 19:03:56 | 000,632,031 | ---- | M] () -- C:\Users\christian\Desktop\adwcleaner.exe
[2013.06.04 18:57:10 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-169190448-2637492132-308262306-1001UA.job
[2013.06.04 18:52:50 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\christian\Desktop\JRT.exe
[2013.06.04 18:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.03 21:57:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-169190448-2637492132-308262306-1001Core.job
[2013.06.03 17:36:14 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\christian\Desktop\tdsskiller.exe
[2013.06.03 17:32:58 | 000,000,512 | ---- | M] () -- C:\Users\christian\Desktop\MBR.dat
[2013.06.03 17:11:08 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\christian\Desktop\aswMBR.exe
[2013.06.03 13:30:14 | 013,169,742 | ---- | M] () -- C:\Users\christian\Desktop\mbar-1.06.0.1003.zip
[2013.06.03 13:08:15 | 367,459,563 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.03 12:59:48 | 000,377,856 | ---- | M] () -- C:\Users\christian\Desktop\6jc3pzdk.exe
[2013.06.03 12:56:58 | 000,377,856 | ---- | M] () -- C:\Users\christian\Desktop\sog1gzlt.exe
[2013.06.03 01:10:43 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.03 00:56:17 | 005,076,415 | R--- | M] (Swearware) -- C:\Users\christian\Desktop\ComboFix.exe
[2013.06.03 00:00:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2013.06.02 17:45:27 | 000,001,204 | ---- | M] () -- C:\Users\christian\Documents\virusfrage2.rtf
[2013.06.02 17:39:31 | 000,001,108 | ---- | M] () -- C:\Users\christian\Documents\virusfrage.rtf
[2013.06.02 15:22:43 | 000,000,965 | ---- | M] () -- C:\Users\christian\Desktop\SpeedFan.lnk
[2013.06.02 15:22:42 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2013.06.02 15:22:41 | 000,000,000 | ---- | M] () -- C:\Users\christian\Desktop\initdebug.nfo
[2013.06.02 15:15:14 | 000,001,072 | ---- | M] () -- C:\Users\christian\Desktop\EVEREST Home Edition.lnk
[2013.06.02 14:06:35 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.06.02 13:58:14 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.06.02 13:56:09 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.02 13:56:09 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.02 13:56:09 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.02 13:56:09 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.01 23:03:57 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.06.01 23:03:46 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.05.30 14:15:00 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk
[2013.05.30 14:15:00 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[2013.05.26 13:59:40 | 000,139,424 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.05.26 13:59:15 | 000,282,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013.05.25 23:39:46 | 001,764,840 | ---- | M] () -- C:\Users\christian\Desktop\Installer_DC_TheChosenChild_DE.exe
[2013.05.25 19:20:51 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Spiel Dream Chronicles 2 - The Eternal Maze.lnk
[2013.05.25 19:20:51 | 000,001,280 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
[2013.05.25 19:19:54 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2013.05.25 19:19:54 | 000,000,225 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.url
[2013.05.25 19:17:17 | 000,235,080 | ---- | M] (Big Fish Games) -- C:\Users\christian\Desktop\bigfishgames_p182285445_s2_l2.exe
[2013.05.23 22:58:10 | 000,002,388 | ---- | M] () -- C:\Users\christian\Desktop\Google Chrome.lnk
[2013.05.23 00:40:11 | 000,282,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2013.05.22 21:56:06 | 000,001,102 | ---- | M] () -- C:\Users\christian\Desktop\PlayFirst.com.lnk
[2013.05.22 21:56:06 | 000,001,052 | ---- | M] () -- C:\Users\christian\Desktop\Dream Chronicles.lnk
[2013.05.22 20:57:02 | 623,922,266 | ---- | M] () -- C:\Users\christian\Desktop\Discworld 2.7z
[2013.05.22 20:40:17 | 722,797,309 | ---- | M] () -- C:\Users\christian\Desktop\Discworld 2 (CD DOS).zip
[2013.05.22 20:29:41 | 000,000,983 | ---- | M] () -- C:\Users\christian\Desktop\ScummVM.lnk
[2013.05.22 20:16:12 | 000,618,912 | ---- | M] (www.download-sponsor.de) -- C:\Users\christian\Desktop\Discworld.exe
[2013.05.22 16:30:32 | 000,001,125 | ---- | M] () -- C:\Users\christian\Desktop\Game Launcher.lnk
[2013.05.22 16:23:20 | 004,350,224 | ---- | M] () -- C:\Users\christian\Desktop\ogpdownload_ti.exe
[2013.05.16 03:40:00 | 000,294,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 01:54:23 | 000,001,305 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.05.15 00:50:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 00:50:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.12 23:37:58 | 021,096,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013.05.12 23:37:58 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013.05.12 23:37:58 | 013,403,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2013.05.12 23:37:58 | 012,426,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2013.05.12 23:37:58 | 009,053,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013.05.12 23:37:58 | 007,682,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013.05.12 23:37:58 | 006,324,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013.05.12 23:37:58 | 002,754,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013.05.12 23:37:58 | 002,597,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2013.05.12 23:37:58 | 002,002,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013.05.12 23:37:58 | 001,024,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3232018.dll
[2013.05.12 23:37:58 | 000,925,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll
[2013.05.12 23:37:58 | 000,893,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3232018.dll
[2013.05.12 23:37:58 | 000,443,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2013.05.12 23:37:58 | 000,421,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2013.05.12 23:37:58 | 000,214,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2013.05.12 23:37:58 | 000,181,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2013.05.12 23:37:58 | 000,015,885 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2013.05.12 21:58:09 | 004,188,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2013.05.12 21:58:09 | 003,045,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2013.05.12 21:58:06 | 002,555,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2013.05.12 21:58:06 | 000,223,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2013.05.12 21:58:06 | 000,062,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2013.05.12 15:43:36 | 000,566,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe
[2013.05.11 22:30:19 | 000,165,600 | ---- | M] () -- C:\Users\christian\Documents\(00)04-07-10_0532.jpg
[2013.05.11 22:30:11 | 000,193,480 | ---- | M] () -- C:\Users\christian\Documents\IMG060.jpg
[2013.05.11 22:30:01 | 000,203,627 | ---- | M] () -- C:\Users\christian\Documents\IMG016.jpg
[2013.05.11 22:29:48 | 000,726,101 | ---- | M] () -- C:\Users\christian\Documents\IMG062.jpg
[2013.05.11 22:27:18 | 000,172,032 | ---- | M] (LG Electronics) -- C:\Users\christian\Documents\LGPsLvDL.dll
[2013.05.11 22:22:06 | 000,003,841 | ---- | M] () -- C:\Users\christian\Documents\Skizzen_0.png
[2013.05.11 22:22:01 | 000,004,251 | ---- | M] () -- C:\Users\christian\Documents\Skizzen_4.png
[2013.05.11 22:21:59 | 000,005,661 | ---- | M] () -- C:\Users\christian\Documents\Skizzen_6.png
[2013.05.11 22:21:39 | 000,022,008 | ---- | M] () -- C:\Users\christian\Documents\(00)04-07-10_0528.jpg
[2013.05.11 22:21:36 | 000,023,097 | ---- | M] () -- C:\Users\christian\Documents\(00)04-07-10_0527.jpg
[2013.05.11 22:21:28 | 000,185,872 | ---- | M] () -- C:\Users\christian\Documents\IMG017.jpg
[2013.05.11 22:21:23 | 000,184,205 | ---- | M] () -- C:\Users\christian\Documents\IMG018.jpg
[2013.05.11 22:21:06 | 000,202,362 | ---- | M] () -- C:\Users\christian\Documents\IMG298.jpg
[2013.05.11 22:21:02 | 000,089,081 | ---- | M] () -- C:\Users\christian\Documents\Img340057.jpg
[2013.05.11 22:20:55 | 000,180,606 | ---- | M] () -- C:\Users\christian\Documents\IMG065.jpg
[2013.05.11 22:20:06 | 000,004,899 | ---- | M] () -- C:\Users\christian\Documents\image_0003.jpg
[2013.05.11 22:20:03 | 000,005,741 | ---- | M] () -- C:\Users\christian\Documents\image_0009.jpg
[2013.05.11 22:20:00 | 000,004,774 | ---- | M] () -- C:\Users\christian\Documents\image_0008.jpg
[2013.05.11 22:19:57 | 000,004,866 | ---- | M] () -- C:\Users\christian\Documents\image_0006.jpg
[2013.05.11 22:19:50 | 000,005,022 | ---- | M] () -- C:\Users\christian\Documents\image_0010.jpg
[2013.05.11 22:15:46 | 000,001,212 | ---- | M] () -- C:\Users\christian\Desktop\LG PC Suite III.lnk
[2013.05.11 16:52:37 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2013.05.11 16:52:20 | 000,138,056 | ---- | M] () -- C:\Users\christian\AppData\Roaming\PnkBstrK.sys
[2013.05.11 16:46:54 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.05.09 10:59:10 | 000,174,664 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.05.09 10:59:10 | 000,061,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.05.09 10:59:10 | 000,049,376 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.09 10:58:28 | 000,229,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.05.09 06:32:35 | 003,165,737 | ---- | M] () -- C:\Windows\System32\nvcoproc.bin
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.04 19:12:25 | 000,009,224 | ---- | C] () -- C:\Users\christian\Desktop\AdrwCleaner.rtf
[2013.06.04 19:05:54 | 000,000,176 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.04 19:03:56 | 000,632,031 | ---- | C] () -- C:\Users\christian\Desktop\adwcleaner.exe
[2013.06.03 17:32:58 | 000,000,512 | ---- | C] () -- C:\Users\christian\Desktop\MBR.dat
[2013.06.03 13:29:39 | 013,169,742 | ---- | C] () -- C:\Users\christian\Desktop\mbar-1.06.0.1003.zip
[2013.06.03 13:08:15 | 367,459,563 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.06.03 12:59:48 | 000,377,856 | ---- | C] () -- C:\Users\christian\Desktop\6jc3pzdk.exe
[2013.06.03 12:56:58 | 000,377,856 | ---- | C] () -- C:\Users\christian\Desktop\sog1gzlt.exe
[2013.06.03 00:57:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.03 00:57:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.03 00:57:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.03 00:57:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.03 00:57:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.02 17:45:27 | 000,001,204 | ---- | C] () -- C:\Users\christian\Documents\virusfrage2.rtf
[2013.06.02 17:39:31 | 000,001,108 | ---- | C] () -- C:\Users\christian\Documents\virusfrage.rtf
[2013.06.02 15:22:43 | 000,000,965 | ---- | C] () -- C:\Users\christian\Desktop\SpeedFan.lnk
[2013.06.02 15:22:41 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2013.06.02 15:22:41 | 000,000,000 | ---- | C] () -- C:\Users\christian\Desktop\initdebug.nfo
[2013.06.02 15:15:14 | 000,001,072 | ---- | C] () -- C:\Users\christian\Desktop\EVEREST Home Edition.lnk
[2013.06.02 14:25:45 | 000,015,885 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2013.06.02 13:58:14 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.06.01 23:03:57 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.06.01 23:03:51 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.06.01 23:03:49 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.30 14:15:00 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk
[2013.05.30 14:15:00 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[2013.05.25 23:38:11 | 001,764,840 | ---- | C] () -- C:\Users\christian\Desktop\Installer_DC_TheChosenChild_DE.exe
[2013.05.25 19:20:51 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\Spiel Dream Chronicles 2 - The Eternal Maze.lnk
[2013.05.25 19:20:51 | 000,001,280 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
[2013.05.25 19:19:54 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2013.05.25 19:19:54 | 000,000,225 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.url
[2013.05.25 19:18:59 | 000,001,873 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2013.05.25 19:18:59 | 000,001,224 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Weitere fantastische Spiele.lnk
[2013.05.22 21:56:06 | 000,001,102 | ---- | C] () -- C:\Users\christian\Desktop\PlayFirst.com.lnk
[2013.05.22 21:56:06 | 000,001,052 | ---- | C] () -- C:\Users\christian\Desktop\Dream Chronicles.lnk
[2013.05.22 20:48:10 | 623,922,266 | ---- | C] () -- C:\Users\christian\Desktop\Discworld 2.7z
[2013.05.22 20:29:41 | 000,000,983 | ---- | C] () -- C:\Users\christian\Desktop\ScummVM.lnk
[2013.05.22 20:24:35 | 722,797,309 | ---- | C] () -- C:\Users\christian\Desktop\Discworld 2 (CD DOS).zip
[2013.05.22 16:23:27 | 000,001,125 | ---- | C] () -- C:\Users\christian\Desktop\Game Launcher.lnk
[2013.05.22 16:22:56 | 004,350,224 | ---- | C] () -- C:\Users\christian\Desktop\ogpdownload_ti.exe
[2013.05.15 01:54:23 | 000,001,305 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.05.15 00:10:56 | 003,165,737 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2013.05.11 22:30:19 | 000,165,600 | ---- | C] () -- C:\Users\christian\Documents\(00)04-07-10_0532.jpg
[2013.05.11 22:30:10 | 000,193,480 | ---- | C] () -- C:\Users\christian\Documents\IMG060.jpg
[2013.05.11 22:30:01 | 000,203,627 | ---- | C] () -- C:\Users\christian\Documents\IMG016.jpg
[2013.05.11 22:29:46 | 000,726,101 | ---- | C] () -- C:\Users\christian\Documents\IMG062.jpg
[2013.05.11 22:22:06 | 000,003,841 | ---- | C] () -- C:\Users\christian\Documents\Skizzen_0.png
[2013.05.11 22:22:01 | 000,004,251 | ---- | C] () -- C:\Users\christian\Documents\Skizzen_4.png
[2013.05.11 22:21:58 | 000,005,661 | ---- | C] () -- C:\Users\christian\Documents\Skizzen_6.png
[2013.05.11 22:21:39 | 000,022,008 | ---- | C] () -- C:\Users\christian\Documents\(00)04-07-10_0528.jpg
[2013.05.11 22:21:36 | 000,023,097 | ---- | C] () -- C:\Users\christian\Documents\(00)04-07-10_0527.jpg
[2013.05.11 22:21:27 | 000,185,872 | ---- | C] () -- C:\Users\christian\Documents\IMG017.jpg
[2013.05.11 22:21:22 | 000,184,205 | ---- | C] () -- C:\Users\christian\Documents\IMG018.jpg
[2013.05.11 22:21:05 | 000,202,362 | ---- | C] () -- C:\Users\christian\Documents\IMG298.jpg
[2013.05.11 22:21:02 | 000,089,081 | ---- | C] () -- C:\Users\christian\Documents\Img340057.jpg
[2013.05.11 22:20:55 | 000,180,606 | ---- | C] () -- C:\Users\christian\Documents\IMG065.jpg
[2013.05.11 22:20:06 | 000,004,899 | ---- | C] () -- C:\Users\christian\Documents\image_0003.jpg
[2013.05.11 22:20:03 | 000,005,741 | ---- | C] () -- C:\Users\christian\Documents\image_0009.jpg
[2013.05.11 22:20:00 | 000,004,774 | ---- | C] () -- C:\Users\christian\Documents\image_0008.jpg
[2013.05.11 22:19:56 | 000,004,866 | ---- | C] () -- C:\Users\christian\Documents\image_0006.jpg
[2013.05.11 22:19:50 | 000,005,022 | ---- | C] () -- C:\Users\christian\Documents\image_0010.jpg
[2013.05.11 22:15:46 | 000,001,212 | ---- | C] () -- C:\Users\christian\Desktop\LG PC Suite III.lnk
[2013.05.11 16:52:37 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2013.05.11 16:46:54 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.05.04 20:48:27 | 002,601,752 | ---- | C] () -- C:\Windows\System32\pbsvc_moh.exe
[2013.05.04 14:13:26 | 000,139,424 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.05.04 14:12:48 | 000,282,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013.05.04 14:12:32 | 000,840,264 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2013.05.03 23:47:44 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.12.28 22:37:37 | 003,600,384 | ---- | C] () -- C:\Windows\ffmpeg.exe
[2012.12.28 22:37:24 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2012.12.28 22:37:22 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2012.12.28 22:37:22 | 000,015,478 | ---- | C] () -- C:\Windows\snpstd3.ini
[2012.12.24 18:53:08 | 000,003,584 | ---- | C] () -- C:\Users\christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.19 14:41:10 | 000,000,026 | ---- | C] () -- C:\Users\christian\AppData\Roaming\urhtps.dat
[2012.10.19 01:40:23 | 000,000,017 | ---- | C] () -- C:\Users\christian\AppData\Roaming\blckdom.res
[2012.08.04 01:17:35 | 000,138,056 | ---- | C] () -- C:\Users\christian\AppData\Roaming\PnkBstrK.sys
[2012.08.01 00:54:07 | 000,001,475 | ---- | C] () -- C:\Users\christian\AppData\Local\RecConfig.xml
[2012.07.30 13:15:28 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.07.30 13:14:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2012.07.28 18:51:14 | 000,002,464 | ---- | M] ()(C:\Users\christian\Desktop\???????.lnk) -- C:\Users\christian\Desktop\淘米儿童浏览器.lnk
[2012.07.28 18:51:14 | 000,002,464 | ---- | C] ()(C:\Users\christian\Desktop\???????.lnk) -- C:\Users\christian\Desktop\淘米儿童浏览器.lnk
(C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???????) -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\淘米儿童浏览器
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 2216 bytes -> C:\Windows\System32\drivers\pzjjgnwk.sys:changelist
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:24FECE50

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 04.06.2013 19:17:30 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\christian\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 65,61% Memory free
5,87 Gb Paging File | 4,70 Gb Available in Paging File | 79,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,95 Gb Total Space | 42,64 Gb Free Space | 29,02% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-PC | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0043B1B1-4ADF-4399-976D-170E6BF67D98}" = rport=139 | protocol=6 | dir=out | app=system | 
"{02B454A0-77A7-4CD6-85DA-51AC39EE4586}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{21A572B5-E7F5-4379-A4C5-B2FE1F9FCD5C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2335967D-2397-4B7B-A190-1B84BC7D3F6E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2EBC63DA-74EF-4AD5-A429-CF884F7AFFA2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2F93EC86-1958-4138-A557-2B4C626E9014}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3F3CDEC8-451E-42BA-9662-C6AAE5DAE376}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3F44D59E-6B6C-4983-AF26-59C5E31FFE07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{49FCA299-F92A-4435-BAD1-8C99A8AD076A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4B3F807E-3B16-483D-9263-3CC3350B52D6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{564CFD75-D79A-45FB-8DD9-A0ACD35285AF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{57AA0D82-004F-4D12-BB7E-1DBF67E65CF7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{617F8F74-29AA-4D9F-B2D0-A0786AD8BBC0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6A05BD3B-A572-4A9A-8CB4-8031A8AFFE8C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6B02A4C4-42B7-4D2B-A593-5F45616955EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6FA622F9-15F1-40D2-AEFB-BD6472124E37}" = lport=137 | protocol=17 | dir=in | app=system | 
"{72E1306B-6D79-452C-B039-98E2C49E27F1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{80D40AD6-ECA1-4581-9096-521EEF85E8DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BE0B9893-6D30-4466-8110-726B72C5403D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BED7BC52-A47B-49E3-94CF-3973F6E1A488}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CE6D8056-2560-4A4A-9467-5F7AEAEAB376}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D3E500CE-6D80-4164-8409-A38A0D580C04}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EFF2543B-9D65-4592-B390-C72BF9043BC1}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5B632F-BA10-411D-AA70-7FD5C40574BD}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{0F0F2A25-F1C4-4EEE-9357-D7C9D66322B8}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | 
"{0FA1FB00-8F35-48A6-BF98-1D822781E3E3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{12050029-741F-437E-9EE6-DA904BC055FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1FFA7CB6-4D84-448C-A227-FD8D3F482349}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{232FAC31-4989-4EE2-B67E-EB327057E8ED}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{23FB0F58-4580-49D1-AFA1-EA1D7E55A5C2}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{2A99FBE5-16E2-420A-AB8A-9749E0F71A3E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2FE246A3-6D94-4749-AB22-7349A4E25746}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{38959AD0-F4EA-4088-92B8-E3725449F209}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{41354A1F-19B1-4BA9-AF61-F8C6F45A9FEF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{434DDC38-A711-4463-9E5A-B77140E4A8C8}" = dir=in | app=c:\program files\acr\autoclubrev\web\acrlauncher.exe | 
"{491BD2CB-C59B-4B0C-9276-44F5FD5747C1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4B314CB6-A9FF-41A1-892B-FACF9FE707F2}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{4D976349-DD8F-4AD7-B840-E8CE8B220C91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4E8A4160-FA26-499C-A514-CEA76AB9529F}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{5F07C518-4FF0-4AF6-91AF-CE1BA96B0BA5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{6052C571-3971-4078-87E1-EB5178EBDE1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62633842-8B2E-4A1A-8241-B304A4E5C450}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\homefront\binaries\homefront.exe | 
"{6CF54414-A6A8-4FFA-ACA6-432636087C79}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{71E38912-E46E-4B9C-85C8-1536AEB65B70}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{76429C89-CA3E-47AD-B260-E98D8CB778CD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{799E3303-B7BF-4EE2-9654-8406C9C8D07B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{7C885785-F59D-4A7A-AE38-949583A26C34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7D474FD4-08CC-4BE9-B9CD-1D9B9A64B5FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{81A6DB89-E30D-43A4-AA41-E11374AA7236}" = protocol=6 | dir=out | app=system | 
"{8A574993-2E62-4964-904A-AEA759E4E453}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | 
"{90D05CC1-0EF6-48BE-BB5A-2FB1C10A1D26}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9D8A4DC7-33A2-43AE-AFEB-C45E6BEC9624}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{9EB52FC1-E1F0-4E84-BF1A-ED27568ABB0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9F1C7599-C882-4904-89F8-C1387665E854}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\homefront\binaries\homefront.exe | 
"{AC9D3256-AD7B-46D9-98B5-08B78E9225F0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{AF8EED70-1AFE-440D-A611-6A6FE5D6CD34}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{B35436B7-FE99-4109-B401-17FC15FCB2A0}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{B5A601EF-8457-4EEC-A3A1-5635856BC980}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{B686EA00-8553-4B86-B6C9-FA11C7891950}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | 
"{BA3C3DCA-A576-48C8-9D6E-816F250E3DD6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C0725131-A386-4553-AF1B-7BAA63EEE4D1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C171A88A-78E8-4414-A07A-63344EFEAD53}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{CD6F7D71-A456-44B4-89EF-AC2C9574E313}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D0C9151D-5B9A-4AC7-AB7D-9353BCAA52DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D279FDB8-DC58-4269-8B63-9678549A7BDB}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{D300E9AD-BCEC-4768-A131-CBAB4524E2D0}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{D697124E-D750-439C-970D-B9CB5C7871D0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{E0065CA9-E11D-45D5-927E-BA10DFA9FAC7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E529F1BF-517D-48B3-B7A7-2AC61D086158}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E5FEFA4D-D0E3-4498-9DA8-345304631D6A}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | 
"{ECBBC2C2-70D8-4447-8663-35C79EA778D9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EEA5E877-418E-4C5D-B763-430CA020881F}" = dir=in | app=c:\program files\acr\autoclubrev\bin\acr.exe | 
"{F4677B4C-49AC-426D-8B69-963DBFA71B8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F6536AD2-FF60-4742-9999-727B921A0F49}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{FC309E73-D704-4645-853E-E0A8F8E189CE}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"TCP Query User{06038E17-538C-42E8-90B8-00A27D295379}C:\program files\electronic arts\medal of honor\mp\mohmpgame.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\medal of honor\mp\mohmpgame.exe | 
"TCP Query User{304B1DBC-E52D-46FE-A14D-39C6E74D66DB}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{314863C1-772E-4A3E-9D9A-DF57ABEBC772}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{481D194F-8B13-4362-9851-77E582A27CB1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{4E144FB8-88A0-442C-A6C0-2A3E3F4F13CC}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{513062CB-E94D-4243-8AAC-A826EB6675CD}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{5910158A-981B-4188-966E-773355EB8FB3}C:\udk\paranormal - beta 4\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\paranormal - beta 4\binaries\win32\udk.exe | 
"TCP Query User{5C23BD90-2110-498E-A5B3-AF93C31120F2}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{5CA5C6C4-71AD-4F59-B8DF-48FAADA550F0}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{9F5D0BB9-00DA-43FE-906F-6D68F50E4E8D}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{A3544468-48BD-41B0-BF09-03A8B762947B}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{A4BD2B54-EE94-4A81-B53F-2487F50BC76A}C:\program files\electronic arts\medal of honor\binaries\moh.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\medal of honor\binaries\moh.exe | 
"TCP Query User{AEA6BCCD-C52A-4E86-B66C-8232996EB460}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{E2208F94-D025-444D-AF0B-80F0AF19920C}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{F453324D-3442-4912-B339-3C76F867DEBF}C:\program files\hercules\classic silver\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 
"TCP Query User{FD53C1BD-C29F-4E17-84F5-B011632CD8A8}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{03D29D41-B75B-41EC-8044-160532DDA779}C:\program files\electronic arts\medal of honor\binaries\moh.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\medal of honor\binaries\moh.exe | 
"UDP Query User{075445E8-2142-47EC-960F-F06569BE3A60}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{09DC2C09-68D6-492C-9F89-3AB0A415BF87}C:\program files\hercules\classic silver\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 
"UDP Query User{0ECF42CD-CC74-44C3-87AA-6565A25D27D6}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{377F22F4-0CCD-42B9-92C6-B94867C6D584}C:\program files\electronic arts\medal of honor\mp\mohmpgame.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\medal of honor\mp\mohmpgame.exe | 
"UDP Query User{391395CA-C694-424A-878D-03BCB50E9C98}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{546C6CA0-5DD7-4ECE-8627-47EEA01BFEFC}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{729C9629-0A08-45F1-898C-B22D71217521}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{82F5EA8A-12CE-4AB9-84C3-D905CD4D210F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{93CB7A51-8462-4F73-9918-D857812646F4}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{B5E01533-DCD3-4760-AA95-AE50B93D7074}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{B77DD564-8392-48D6-BDCA-35FC2EA5F2B9}C:\udk\paranormal - beta 4\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\paranormal - beta 4\binaries\win32\udk.exe | 
"UDP Query User{C446E2F9-43A2-4F53-9DFF-E52534DBA61A}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{D63A04A0-AFA8-42CC-9F12-B4CCAB926F7F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{EACC3CDF-BA2B-41F4-A1B4-022472DB05A3}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{EB5BC889-9F48-4AC0-BD10-9A58F2906B52}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.118.08260
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{D0353B68-A142-4F89-A46E-1C9A7745D636}" = Download Navigator
"{D137B59C-551C-4659-8AA8-206FA650BF40}" = LG USB Modem Drivers
"{D3D02004-0977-4BB1-8FE8-8BC4230DCEEC}}_is1" = ACR version 0.001
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FD4FE0F7-91FC-43A2-9C3A-187553991FFF}" = Hercules Classic Silver Webcam
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Any Video Converter_is1" = Any Video Converter 3.4.2
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v.10.0.15
"AssaultCube_v1.1.0.4" = AssaultCube v1.1.0.4
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BFGC" = Big Fish Games: Game Manager
"BFG-Dream Chronicles 2 - The Eternal Maze" = Dream Chronicles ™ 2: The Eternal Maze
"CCleaner" = CCleaner
"Dream Chronicles" = Dream Chronicles
"EPSON Scanner" = EPSON Scan
"EPSON XP-102 103 Series" = EPSON XP-102 103 Series Printer Uninstall
"EPSON XP-102 103 Series Useg" = Benutzerhandbuch EPSON XP-102 103 Series
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Hardware Helper_is1" = Hardware Helper
"HitmanPro37" = HitmanPro 3.7
"HotspotShield" = Hotspot Shield 2.78
"HyperCam 3 3.5.1210.30" = HyperCam 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OGPlanet Game Launcher" = OGPlanet Game Launcher
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"ScummVM_is1" = ScummVM 1.5.0
"SpeedFan" = SpeedFan (remove only)
"Steam App 55100" = Homefront
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-169190448-2637492132-308262306-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ClubCooee" = Club Cooee
"Google Chrome" = Google Chrome
"TaomeeBrowser" = 淘米儿童浏览器
 
< End of report >
         

Antwort

Themen zu Bundespolizei Virus eingefangen seitdem Pc laut
administrator, adware.dropper, adware.tsearch, anti-malware, automatisch, exploit.drop.gsa, gelöscht, pup.bundleinstaller.bi, pup.bundleinstaller.vg, pup.fctplugin, trojan.0access, trojan.agent, trojan.agent.ed, trojan.agent.tpl, trojan.banker, trojan.bho, trojan.downloader, trojan.dropper.bcminer, trojan.fakealert, trojan.fakems, trojan.pws, trojan.ransom.gen, trojan.zbot.gen



Ähnliche Themen: Bundespolizei Virus eingefangen seitdem Pc laut


  1. Bundespolizei Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 16.12.2013 (1)
  2. Virus w32.SillyFdc seitdem Startdatei verändert?
    Plagegeister aller Art und deren Bekämpfung - 07.07.2013 (37)
  3. Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)
    Plagegeister aller Art und deren Bekämpfung - 21.06.2013 (31)
  4. Habe mir auch den Bundespolizei Virus eingefangen
    Log-Analyse und Auswertung - 03.05.2013 (16)
  5. ZIP-Datei aus Email geöffnet, seitdem spinnt Task-Manager. Trojaner eingefangen?
    Log-Analyse und Auswertung - 27.03.2013 (9)
  6. Bundespolizei Virus eingefangen, wie entfernen?
    Log-Analyse und Auswertung - 28.01.2013 (13)
  7. Bundespolizei Virus eingefangen, wie entfernen?
    Log-Analyse und Auswertung - 20.01.2013 (5)
  8. Bundespolizei / BKA (Version 1.15 laut www.bka-trojaner.de/)
    Log-Analyse und Auswertung - 07.09.2012 (9)
  9. Virus eingefangen - sobald PC ins Internet will kommt Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (3)
  10. Virus Bundespolizei eingefangen, OTL und Malware Scan anbei
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (2)
  11. Bundespolizei Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 19.04.2012 (8)
  12. Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?
    Log-Analyse und Auswertung - 16.03.2012 (16)
  13. Bundespolizei Virus (mit Ukash) eingefangen
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (2)
  14. HIGHPING seitdem ich einen virus habe
    Log-Analyse und Auswertung - 09.02.2012 (1)
  15. BUNDESPOLIZEI-VIRUS eingefangen - Beseitiegung des Schädlings
    Log-Analyse und Auswertung - 12.09.2011 (19)
  16. Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir!
    Log-Analyse und Auswertung - 30.04.2011 (6)
  17. laut auswertung HAZZAR eingefangen wie werde ich den wieder los?
    Plagegeister aller Art und deren Bekämpfung - 25.09.2006 (4)

Zum Thema Bundespolizei Virus eingefangen seitdem Pc laut - Guten Tag. Ich habe mir gestern den Virus Bundespolizei eingefangen. Habe dann im abgesicherten Modus eine Systemwiderherstellung gemacht, dann Malwarebytes durchlaufen lassen und die bereits mit Haken versehenden Viren entfernt. - Bundespolizei Virus eingefangen seitdem Pc laut...
Archiv
Du betrachtest: Bundespolizei Virus eingefangen seitdem Pc laut auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.