Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Browser mocaflix Problem

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.06.2013, 15:37   #1
kryschtel
 
Browser mocaflix Problem - Standard

Browser mocaflix Problem



Mein Problem: Zum Einen öffnen sich immer zwei Seiten beim Starten von Google Chrome, die websearch.mocaflix heißen und laut Google einen auf Phishing Seiten führen sollen.

Ein weiteres Problem ist, dass ich nachdem ich ein Programm namens BrowserDefender.exe deinstalliert habe, permanent diese Meldung bekomme.



defogger

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:17 on 06/06/2013 (****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
OTL

Code:
ATTFilter
OTL logfile created on: 06.06.2013 19:18:16 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 44,45% Memory free
8,21 Gb Paging File | 5,17 Gb Available in Paging File | 63,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 327,54 Gb Total Space | 163,34 Gb Free Space | 49,87% Space Free | Partition Type: NTFS
Drive E: | 592,25 Gb Total Space | 496,37 Gb Free Space | 83,81% Space Free | Partition Type: NTFS
 
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.06 19:17:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Downloads\OTL.exe
PRC - [2013.05.31 14:28:40 | 000,144,384 | ---- | M] (Adobe Systems Inc.) -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.26\deploy\LolClient.exe
PRC - [2013.05.31 14:02:30 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.164\deploy\LoLLauncher.exe
PRC - [2013.05.31 14:02:17 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
PRC - [2013.05.04 12:37:20 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.27 23:38:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.27 23:38:02 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\****\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009.04.11 00:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2008.04.25 15:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) -- C:\Program Files (x86)\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.31 14:24:08 | 004,774,248 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.26\deploy\Adobe AIR\Versions\1.0\Resources\WebKit.dll
MOD - [2013.05.31 14:02:30 | 002,686,976 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.164\deploy\LoLLauncher.exe
MOD - [2013.05.31 14:02:17 | 001,294,336 | ---- | M] () -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
MOD - [2013.05.29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
MOD - [2013.05.29 07:27:37 | 013,136,336 | ---- | M] () -- C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
MOD - [2013.05.29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
MOD - [2013.05.29 07:26:40 | 000,599,504 | ---- | M] () -- C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\libglesv2.dll
MOD - [2013.05.29 07:26:39 | 000,124,368 | ---- | M] () -- C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\libegl.dll
MOD - [2013.05.29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll
MOD - [2013.05.27 07:05:04 | 000,156,160 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\Air.dll
MOD - [2013.05.27 06:10:48 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\Launcher.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.26 23:19:04 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.23 11:09:59 | 002,827,728 | ---- | M] () [Auto | Start_Pending] -- C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe -- (BrowserDefendert)
SRV - [2013.05.15 16:57:20 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.27 23:38:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.27 23:38:02 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.04.26 12:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2009.03.29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.04.25 15:23:36 | 000,303,104 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\Program Files (x86)\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005.03.09 21:50:18 | 000,018,944 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.03.27 23:38:13 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.27 23:38:13 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.27 23:38:13 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.07.31 10:45:10 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2012.05.12 13:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 21:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.12.07 20:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.04.27 04:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010.04.27 04:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bbus.sys -- (ss_bbus)
DRV:64bit: - [2010.04.27 04:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ss_bmdfl.sys -- (ss_bmdfl)
DRV:64bit: - [2008.02.22 19:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV - [2013.02.05 10:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010.01.29 12:40:16 | 000,115,600 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005.03.09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\****\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\****\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.02.03 17:43:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2013.02.28 16:04:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\8zu5s3ea.default\extensions
[2013.02.14 07:33:54 | 000,002,376 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\8zu5s3ea.default\searchplugins\icq.xml
[2013.06.04 16:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\Extensions
[2013.05.26 23:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.26 23:19:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://websearch.mocaflix.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Google Update (Enabled) = C:\Users\****\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: YouTube = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: AdBlock = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: ProxMate - Improve your Internet! = C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm\2.3.5_0\
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\****\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED0AD528-8918-45F6-A371-C5AAF664B1A4}: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8d8777ce-87f9-11e2-83fb-00242150365f}\Shell - "" = AutoRun
O33 - MountPoints2\{8d8777ce-87f9-11e2-83fb-00242150365f}\Shell\AutoRun\command - "" = L:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2013.06.06 19:18:26 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\logs
[2013.06.05 21:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.06.05 16:03:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2013.06.05 16:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.05 16:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.05 16:03:06 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.06.05 16:03:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.06.05 15:41:48 | 002,051,696 | ---- | C] (Bitdefender SRL) -- C:\Users\****\AppData\Local\qs64.dll
[2013.06.05 15:41:48 | 000,733,224 | ---- | C] (Bitdefender SRL) -- C:\Users\****\AppData\Local\qs.dll
[2013.06.05 15:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defender Pro Quick Scanner
[2013.06.04 16:10:17 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
[2013.06.04 16:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowserDefender
[2013.06.04 16:05:06 | 000,536,652 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysWow64\ASAudioHD.ax
[2013.06.04 16:05:06 | 000,490,496 | ---- | C] (www.madshi.net) -- C:\Windows\SysWow64\madFlac.ax
[2013.06.04 16:05:06 | 000,285,184 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysWow64\MagUIEngine.dll
[2013.06.04 16:05:06 | 000,106,496 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysWow64\checkactivate.dll
[2013.06.04 16:05:06 | 000,092,672 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysWow64\MagUIInter.dll
[2013.06.04 16:05:06 | 000,055,808 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysWow64\MagPCMac.dll
[2013.06.04 16:05:06 | 000,035,328 | ---- | C] (ArcSoft Inc.) -- C:\Windows\SysWow64\MagCore.dll
[2013.06.04 16:05:06 | 000,000,000 | ---D | C] -- C:\Temp
[2013.06.04 16:05:05 | 000,439,808 | ---- | C] (MPC-HC Team) -- C:\Windows\SysWow64\RealMediaSplitter.ax
[2013.06.04 16:05:05 | 000,417,792 | ---- | C] (Gabest) -- C:\Windows\SysWow64\FLVSplitter.ax
[2013.06.04 16:05:05 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2013.05.31 15:44:29 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Atlantica
[2013.05.31 04:01:40 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\League of Legends
[2013.05.30 05:18:52 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\donetasy
[2013.05.26 23:18:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.23 19:12:04 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Screaming Bee
[2013.05.23 19:10:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
[2013.05.18 19:59:27 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Awesomium
[2013.05.18 19:56:40 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Aeria Games
[2013.05.18 19:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2013.05.18 19:47:52 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2013.05.18 19:37:04 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013.05.18 19:36:59 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Aeria Games & Entertainment
[2013.05.13 16:24:07 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\BoL
[2013.05.11 02:21:05 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\settings
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.06 19:16:40 | 000,000,000 | ---- | M] () -- C:\Users\****\defogger_reenable
[2013.06.06 19:04:01 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029538542-3273361527-2256941593-1000UA.job
[2013.06.06 18:57:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.06 18:02:14 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.06 18:02:14 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.06 17:04:02 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029538542-3273361527-2256941593-1000Core.job
[2013.06.06 14:13:55 | 000,002,058 | ---- | M] () -- C:\Users\****\Desktop\Google Chrome.lnk
[2013.06.06 14:02:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.06 14:02:06 | 4294,172,672 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.05 21:45:26 | 000,279,370 | ---- | M] () -- C:\Users\****\Documents\cc_20130605_214518.reg
[2013.06.05 18:27:33 | 000,000,499 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.05 15:41:48 | 002,051,696 | ---- | M] (Bitdefender SRL) -- C:\Users\****\AppData\Local\qs64.dll
[2013.06.05 15:41:48 | 000,733,224 | ---- | M] (Bitdefender SRL) -- C:\Users\****\AppData\Local\qs.dll
[2013.06.05 07:58:54 | 002,625,606 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.05 07:58:54 | 001,247,620 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.05 07:58:54 | 000,773,838 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.05 07:58:54 | 000,691,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.05 07:58:54 | 000,006,972 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.04 16:33:34 | 000,027,648 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.02 11:06:56 | 000,000,949 | ---- | M] () -- C:\Users\****\Desktop\vegas120 - Verknüpfung.lnk
[2013.06.02 10:59:13 | 000,000,680 | ---- | M] () -- C:\Users\****\AppData\Local\d3d9caps.dat
[2013.06.01 03:40:30 | 000,000,818 | ---- | M] () -- C:\Users\****\Desktop\lol.launcher.admin - Verknüpfung.lnk
[2013.05.30 00:02:32 | 000,000,757 | ---- | M] () -- C:\Users\****\Desktop\LoLNotes - Verknüpfung.lnk
[2013.05.29 06:23:20 | 000,001,838 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2013.05.26 17:35:14 | 000,271,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.24 21:22:42 | 000,001,921 | ---- | M] () -- C:\Users\****\Desktop\Preset Manager 2.0.lnk
[2013.05.09 22:44:40 | 000,006,294 | ---- | M] () -- C:\Users\****\Desktop\avatar4160663_58.jpg
 
========== Files Created - No Company Name ==========
 
[2013.06.06 19:16:40 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable
[2013.06.05 21:45:19 | 000,279,370 | ---- | C] () -- C:\Users\****\Documents\cc_20130605_214518.reg
[2013.06.05 09:12:47 | 000,000,499 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.04 16:05:06 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\dtsdecoderdll.dll
[2013.06.04 16:05:06 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2013.06.02 11:06:56 | 000,000,949 | ---- | C] () -- C:\Users\****\Desktop\vegas120 - Verknüpfung.lnk
[2013.06.02 10:59:13 | 000,000,680 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat
[2013.06.01 03:40:30 | 000,000,818 | ---- | C] () -- C:\Users\****\Desktop\lol.launcher.admin - Verknüpfung.lnk
[2013.05.30 00:01:11 | 000,000,757 | ---- | C] () -- C:\Users\****\Desktop\LoLNotes - Verknüpfung.lnk
[2013.05.29 06:23:20 | 000,001,838 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk
[2013.05.24 21:22:42 | 000,001,921 | ---- | C] () -- C:\Users\****\Desktop\Preset Manager 2.0.lnk
[2013.05.09 22:44:40 | 000,006,294 | ---- | C] () -- C:\Users\****\Desktop\avatar4160663_58.jpg
[2013.03.03 19:00:27 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\qzpz.dll
[2013.03.03 04:12:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013.03.03 04:12:01 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2013.03.03 04:10:37 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2013.02.24 16:54:09 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2013.02.23 12:09:32 | 000,007,823 | ---- | C] () -- C:\Users\****\ESt2012_Moncayo_Nuhn_Jose_Manuel.elfo
[2013.02.20 09:49:26 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013.02.20 09:49:26 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2013.02.20 09:19:30 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2013.02.20 09:07:58 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2013.02.13 14:15:02 | 000,000,854 | ---- | C] () -- C:\Users\****\AppData\Local\recently-used.xbel
[2013.02.04 00:24:13 | 001,634,798 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.03 18:27:50 | 000,027,648 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.12.18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.12.18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.12.18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 01:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.18 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Aeria Games & Entertainment
[2013.05.18 19:59:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Awesomium
[2013.06.05 19:21:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\BoL
[2013.02.23 11:38:30 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\elsterformular
[2013.04.08 21:21:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EPSON
[2013.02.24 15:19:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\fltk.org
[2013.05.06 02:28:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GarenaPlus
[2013.02.14 07:38:13 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ-Profile
[2013.02.14 07:33:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQM
[2013.02.03 21:18:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LolClient
[2013.02.24 16:31:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MotioninJoy
[2013.03.03 15:45:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Publish Providers
[2013.03.03 15:53:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Red Giant Link
[2013.02.24 18:33:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Samsung
[2013.05.23 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Screaming Bee
[2013.03.03 23:34:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Sony
[2013.05.19 20:52:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Spotify
[2013.06.06 18:13:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client
[2013.02.23 12:43:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\VBA-M
[2013.02.23 13:41:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WinISO Computing
 
========== Purity Check ==========
 
 

< End of report >
         
EXTRAs

Code:
ATTFilter
OTL Extras logfile created on: 06.06.2013 19:18:17 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 44,45% Memory free
8,21 Gb Paging File | 5,17 Gb Available in Paging File | 63,01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 327,54 Gb Total Space | 163,34 Gb Free Space | 49,87% Space Free | Partition Type: NTFS
Drive E: | 592,25 Gb Total Space | 496,37 Gb Free Space | 83,81% Space Free | Partition Type: NTFS
 
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.WH4Z4YUIFPG32HKJS2UOICFTJY] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 01 01 19 11 B9 17 CE 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3029538542-3273361527-2256941593-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 2
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01636551-7CC5-4EE5-8543-62D68242C9B7}" = lport=137 | protocol=17 | dir=in | app=system | 
"{06AD667A-BBC1-4220-BEA1-21325B2CF1FB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{10A68F17-165D-448E-AB9F-0676DD87608A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{27B6AB97-EA85-443E-B0E5-9742E5C559D1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{339278FE-36BF-4C56-B893-85E68ACEAA4B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4A125863-6C26-45EC-BD59-FE75468FDFD5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A492887F-31C2-4AFE-8693-C8A006D81A9D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BD140B85-88E7-4321-AFB7-5D2AD954CAB3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BFCC4477-9A11-43D3-8300-D867CC8F741E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D39BBEF5-905D-4D36-B0E1-67224E4E9E0C}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D0D176-A0BF-49BA-A841-AF7D2F636B5A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"{08F13F5F-5B46-47A7-B508-4369EBA38806}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{13F5FB11-577B-48C0-BEBD-F4E76216FF48}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{283D7D60-C0CF-44FC-B002-26C53760464F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2FA48411-C177-48BA-A1AA-499DAD52E5FC}" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\icqm\icq.exe | 
"{39E4E0F0-41D1-48A7-A82C-FD6BBA2BD29C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{3CF79118-4239-429D-8EE4-A5262C9CC717}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{4A2F25C0-26F6-4DCE-8E60-5344E0026949}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{759D7E9E-82EA-43BF-B53B-AD468309ABE2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7A52D970-0279-4EA3-8FA3-C386FAA8DC41}" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\icqm\icq.exe | 
"{88DB35B8-FE8E-47B2-B051-BA42548843FF}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{9A173262-FB38-45F5-923B-86D628F0650F}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{BD2EB19D-0869-40EB-98CD-DDBD2C374DB5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BE2AE9EF-185A-44B0-8CDA-891CFC307AA2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{C88E0359-C0BE-44C5-8CAA-19F724D43FC5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"{DA258A29-C300-46D7-9103-E218832FC662}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{F16B2782-0E39-44A6-B90E-46E4B233A298}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{FD26B9B3-0AC0-46B1-B64C-4FFA4182A679}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"TCP Query User{0031EC39-E16A-42EC-B79E-45A0EF0529FE}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{2CF4E4E2-F0F8-45A7-AE15-25FF12672B93}C:\program files\sony\vegas pro 12.0\vegas120.exe" = protocol=6 | dir=in | app=c:\program files\sony\vegas pro 12.0\vegas120.exe | 
"TCP Query User{56B4A59C-9871-430B-BED3-E867FA345865}C:\users\****\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{6FDFC0F6-19AA-480C-94C7-9EF184804384}C:\users\****\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{9D6945AB-E8D5-4B44-967A-1AAB4C50DC8F}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{F34C0192-2DCA-4FD3-9B6A-88DB939B0A4F}C:\users\****\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{FF70EFCD-31F9-4EEA-B6C9-8A6525F0447C}C:\users\****\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\****\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{1A10EA5A-FA70-4646-A6E1-B9FF1F880AB8}C:\users\****\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{2D23FD89-9D75-4E71-96AC-122900221501}C:\users\****\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{32E43DF8-7692-4A7B-9B18-AEED8EFC7111}C:\program files\sony\vegas pro 12.0\vegas120.exe" = protocol=17 | dir=in | app=c:\program files\sony\vegas pro 12.0\vegas120.exe | 
"UDP Query User{3324D9C1-8BF3-42BC-862C-A4F73F65A0C6}C:\users\****\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{6EC3397E-2A83-4372-89C6-1B226F93AA46}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"UDP Query User{98F70B9F-91CD-4AF6-BC01-B47A5876399F}C:\users\****\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\****\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{E382F0CD-92A3-4CCA-A719-F26D30C93A6F}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.5.0002
"{3C09DE13-867C-4289-9F95-4510BB3A5F57}" = Magic Bullet Suite 64-bit
"{7A0D09B0-6575-11E2-89D5-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{7E708ADE-6575-11E2-8713-F04DA23A5C58}" = MSVCRT Redists
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{080FE95E-5A89-4A54-BAAA-D769971B7C2D}" = Corel Home Office 5.0.36
"{2F04C9DA-94DA-4361-8B34-02CD8187861F}" = SystemDiagnostics
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7613592F-B20C-4E1B-B2DD-67F0784D4373}" = Energy Settings
"{88BFE745-3D1F-4B80-8C40-E626E5A8E613}" = Samsung S5230 Wallpaper Creator
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FCFE3F81-C977-4D31-877B-2778BB2A02DE}" = Preset Manager 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Crossfire Europe" = Crossfire Europe
"ElsterFormular" = ElsterFormular
"EPSON Scanner" = EPSON Scan
"Fraps" = Fraps (remove only)
"InstallShield_{3C09DE13-867C-4289-9F95-4510BB3A5F57}" = Magic Bullet Suite 64-bit
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"LOLReplay" = LOLReplay
"LoLTW" = Garena *^¶¯Áp·ù¡]¥xÆW¡^
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 240" = Counter-Strike: Source
"UltraISO_is1" = UltraISO Premium V9.53
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"ICQ" = ICQ 8.0 (build 5999, für aktuellen Benutzer)
"MyFreeCodec" = MyFreeCodec
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.06.2013 09:47:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790,  Prozess-ID 0x1110,
 Anwendungsstartzeit 01ce62bc5173d350.
 
Error - 06.06.2013 09:48:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790,  Prozess-ID 0x920, 
Anwendungsstartzeit 01ce62bc7536f240.
 
Error - 06.06.2013 09:49:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790,  Prozess-ID 0x130c,
 Anwendungsstartzeit 01ce62bc98faad70.
 
Error - 06.06.2013 09:50:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790,  Prozess-ID 0x46c, 
Anwendungsstartzeit 01ce62bcbcbe4190.
 
Error - 06.06.2013 09:51:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790,  Prozess-ID 0xf10, 
Anwendungsstartzeit 01ce62bce0809d30.
 
Error - 06.06.2013 09:52:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790,  Prozess-ID 0x934, 
Anwendungsstartzeit 01ce62bd04445860.
 
Error - 06.06.2013 09:53:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790,  Prozess-ID 0x914, 
Anwendungsstartzeit 01ce62bd280617c0.
 
Error - 06.06.2013 09:54:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790,  Prozess-ID 0xff0, 
Anwendungsstartzeit 01ce62bd4bca4820.
 
Error - 06.06.2013 09:55:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790,  Prozess-ID 0x840, 
Anwendungsstartzeit 01ce62bd6f8e9f90.
 
Error - 06.06.2013 09:56:00 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, fehlerhaftes Modul BrowserDefender.exe, Version 2.6.1339.144, Zeitstempel
 0x519ddcdf, Ausnahmecode 0x40000015, Fehleroffset 0x000f1790,  Prozess-ID 0x970, 
Anwendungsstartzeit 01ce62bd93514950.
 
 
< End of report >
         
Ich hab' hier gelesen, dass man auf eigene Faust keine weiteren Programme ausführen soll, da ich es aber Anfangs alleine versucht habe, hier noch ein paar weitere Logs, die mein Problem vilt. besser erklären.

ADW#1

Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 05/06/2013 um 09:12:43 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : **** - ****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Downloads\adwcleaner_2.3.0.1.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Datei Gelöscht : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Datei Gelöscht : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\searchplugins\claro.xml
Gelöscht mit Neustart : C:\ProgramData\Babylon
Gelöscht mit Neustart : C:\Users\****\AppData\Local\Temp\OCS
Gelöscht mit Neustart : C:\Users\****\AppData\Roaming\BabSolution
Gelöscht mit Neustart : C:\Users\****\AppData\Roaming\Babylon
Gelöscht mit Neustart : C:\Users\****\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\5b48fdeb769ba41
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5b48fdeb769ba41
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IM
Schlüssel Gelöscht : HKU\S-1-5-21-3029538542-3273361527-2256941593-1001\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=120129&babsrc=HP_ss&mntrId=02a73ef000000000000000242150365f --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\prefs.js

C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.selectedEngine", "Claro Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=120129&babsrc=HP_ss&mntrId[...]
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=120129&babsrc[...]
Gelöscht : user_pref("extensions.claro.admin", false);
Gelöscht : user_pref("extensions.claro.aflt", "babsst");
Gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gelöscht : user_pref("extensions.claro.autoRvrt", "false");
Gelöscht : user_pref("extensions.claro.dfltLng", "en");
Gelöscht : user_pref("extensions.claro.excTlbr", false);
Gelöscht : user_pref("extensions.claro.id", "02a73ef000000000000000242150365f");
Gelöscht : user_pref("extensions.claro.instlDay", "15750");
Gelöscht : user_pref("extensions.claro.instlRef", "sst");
Gelöscht : user_pref("extensions.claro.prdct", "claro");
Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Gelöscht : user_pref("extensions.claro.rvrt", "false");
Gelöscht : user_pref("extensions.claro.tlbrId", "base");
Gelöscht : user_pref("extensions.claro.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.claro.vrsn", "1.8.8.5");
Gelöscht : user_pref("extensions.claro.vrsni", "1.8.8.5");
Gelöscht : user_pref("extensions.claro_i.excTlbr", false);
Gelöscht : user_pref("extensions.claro_i.newTab", false);
Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.8.57:33:32");

-\\ Google Chrome v27.0.1453.94

Datei : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [5999 octets] - [05/06/2013 09:11:42]
AdwCleaner[S1].txt - [5781 octets] - [05/06/2013 09:12:43]

########## EOF - C:\AdwCleaner[S1].txt - [5841 octets] ##########
         
ADW#2

Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 05/06/2013 um 15:51:40 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : **** - ****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\****\Downloads\adwcleaner_2.3.0.1.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Gelöscht mit Neustart : C:\ProgramData\Babylon

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.94

Datei : C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.43] : icon_url = "hxxp://www.delta-search.com/favicon.ico",
Gelöscht [l.46] : keyword = "delta-search.com",
Gelöscht [l.50] : search_url = "hxxp://www.delta-search.com/?q={searchTerms}&affID=121562&tt=gc_&babsrc=SP_ss&m[...]
Gelöscht [l.2717] : urls_to_restore_on_startup = [ "hxxp://www.delta-search.com/?affID=121562&tt=gc_&babsrc=HP_ss[...]

*************************

AdwCleaner[R1].txt - [5999 octets] - [05/06/2013 09:11:42]
AdwCleaner[R2].txt - [1882 octets] - [05/06/2013 15:49:00]
AdwCleaner[S1].txt - [5904 octets] - [05/06/2013 09:12:43]
AdwCleaner[S2].txt - [1780 octets] - [05/06/2013 15:51:40]

########## EOF - C:\AdwCleaner[S2].txt - [1840 octets] ##########
         
ADW#3

Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 05/06/2013 um 18:27:13 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : ***** - *****-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Downloads\adwcleaner_2.3.0.1.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Gelöscht mit Neustart : C:\ProgramData\Babylon

***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v21.0 (de)

Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.94

Datei : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.2203] : homepage = "hxxp://websearch.mocaflix.com/",
Gelöscht [l.2900] : urls_to_restore_on_startup = [ "hxxp://websearch.mocaflix.com/", "" ]

*************************

AdwCleaner[R1].txt - [5999 octets] - [05/06/2013 09:11:42]
AdwCleaner[R2].txt - [1882 octets] - [05/06/2013 15:49:00]
AdwCleaner[R3].txt - [1439 octets] - [05/06/2013 18:26:28]
AdwCleaner[S1].txt - [5904 octets] - [05/06/2013 09:12:43]
AdwCleaner[S2].txt - [1909 octets] - [05/06/2013 15:51:40]
AdwCleaner[S3].txt - [1378 octets] - [05/06/2013 18:27:13]

########## EOF - C:\AdwCleaner[S3].txt - [1438 octets] ##########
         
Das ist der Übeltäter. Die mocaflix Seite öffnet sich immer wieder auf's neue, sobald ich meinen Browser starte. Laut Informationen aus Google ist es nicht möglich diesen zu entfernen mithilfe von ADW.

mbam

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.05.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
**** :: ****-PC [Administrator]

Schutz: Aktiviert

05.06.2013 16:04:25
mbam-log-2013-06-05 (16-04-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|J:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 626064
Laufzeit: 2 Stunde(n), 11 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 5
HKCR\CLSID\{EF94624F-EAAE-47CA-BE5B-86FDBF0B2BBA} (Backdoor.Hupigon) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{5FD5723F-D6F6-4F31-A7D0-318E72D28E80} (Backdoor.Hupigon) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{DF4F905C-0961-4464-8460-DD2A1F274D1F} (Backdoor.Hupigon) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\QMDispatch.QMFunction.1 (Backdoor.Hupigon) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\QMDispatch.QMFunction (Backdoor.Hupigon) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Windows\QMDispatch.dll (Backdoor.Hupigon) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\****\AppData\Local\Temp\pricepeep_130001_1001.exe (Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\****\Desktop\qmacro\QMacro6.exe (Malware.Packer.as) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\****\Desktop\qmacro\QMacro6.exe.BAK (Malware.Packer.as) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\****\Downloads\Crossfire simple Injector_mpgh.net.rar (Hacktool.Injector) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
!GMER bekommt jedes mal eine Windows Fehlermeldung und muss beendet werden, daher kann ich kein Log vorweisen

Alt 07.06.2013, 15:42   #2
smeenk
/// Malwareteam / Visitor
 
Browser mocaflix Problem - Standard

Browser mocaflix Problem





Ich bin Smeenk und ich werde versuchen Dir zu helfen


Systemscan mit ZOEK

Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
  • Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
  • Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
  • Kopiere untenstehende Code in das Textfeld:
    Code:
    ATTFilter
    emptyclsid;
    chromelook;
    autoclean;
    startupall;
    filesrcm;
    firefoxlook;
             
  • Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
    Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
  • Poste mir das Log File zoek-results.log


Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.


Bitte alles nach Möglichkeit hier in CODE-Tags posten: [code] Dein Log hier [/code]
__________________


Alt 07.06.2013, 16:14   #3
kryschtel
 
Browser mocaflix Problem - Standard

Browser mocaflix Problem



ZOEK will sich einfach nicht öffnen lassen. Hab den PC auch schon neugestartet und es nochmal versucht. Im Task Manager erscheint der Prozess für eine Sekunde und verschwindet direkt wieder.

TDS


Code:
ATTFilter
17:09:32.0836 4904  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:09:32.0976 4904  ============================================================
17:09:32.0976 4904  Current date / time: 2013/06/07 17:09:32.0976
17:09:32.0976 4904  SystemInfo:
17:09:32.0976 4904  
17:09:32.0976 4904  OS Version: 6.0.6002 ServicePack: 2.0
17:09:32.0976 4904  Product type: Workstation
17:09:32.0976 4904  ComputerName: ***-PC
17:09:32.0976 4904  UserName: ***
17:09:32.0976 4904  Windows directory: C:\Windows
17:09:32.0976 4904  System windows directory: C:\Windows
17:09:32.0976 4904  Running under WOW64
17:09:32.0976 4904  Processor architecture: Intel x64
17:09:32.0976 4904  Number of processors: 4
17:09:32.0976 4904  Page size: 0x1000
17:09:32.0976 4904  Boot type: Normal boot
17:09:32.0976 4904  ============================================================
17:09:33.0351 4904  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:09:33.0366 4904  ============================================================
17:09:33.0366 4904  \Device\Harddisk0\DR0:
17:09:33.0366 4904  MBR partitions:
17:09:33.0366 4904  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x28F14000
17:09:33.0366 4904  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2A684800, BlocksNum 0x4A081DB0
17:09:33.0366 4904  ============================================================
17:09:33.0491 4904  C: <-> \Device\Harddisk0\DR0\Partition1
17:09:33.0585 4904  E: <-> \Device\Harddisk0\DR0\Partition2
17:09:33.0585 4904  ============================================================
17:09:33.0585 4904  Initialize success
17:09:33.0585 4904  ============================================================
17:09:55.0622 3704  ============================================================
17:09:55.0622 3704  Scan started
17:09:55.0622 3704  Mode: Manual; TDLFS; 
17:09:55.0622 3704  ============================================================
17:09:56.0075 3704  ================ Scan system memory ========================
17:09:56.0075 3704  System memory - ok
17:09:56.0075 3704  ================ Scan services =============================
17:09:56.0309 3704  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
17:09:56.0309 3704  ACPI - ok
17:09:56.0512 3704  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:09:56.0512 3704  AdobeFlashPlayerUpdateSvc - ok
17:09:56.0558 3704  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:09:56.0558 3704  adp94xx - ok
17:09:56.0605 3704  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:09:56.0605 3704  adpahci - ok
17:09:56.0621 3704  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
17:09:56.0621 3704  adpu160m - ok
17:09:56.0636 3704  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:09:56.0636 3704  adpu320 - ok
17:09:56.0668 3704  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:09:56.0668 3704  AeLookupSvc - ok
17:09:56.0730 3704  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD             C:\Windows\system32\drivers\afd.sys
17:09:56.0730 3704  AFD - ok
17:09:56.0761 3704  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:09:56.0761 3704  agp440 - ok
17:09:56.0792 3704  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
17:09:56.0792 3704  aic78xx - ok
17:09:56.0792 3704  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
17:09:56.0792 3704  ALG - ok
17:09:56.0808 3704  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:09:56.0808 3704  aliide - ok
17:09:56.0808 3704  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
17:09:56.0808 3704  amdide - ok
17:09:56.0824 3704  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:09:56.0824 3704  AmdK8 - ok
17:09:57.0245 3704  [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:09:57.0260 3704  AntiVirSchedulerService - ok
17:09:57.0338 3704  [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:09:57.0354 3704  AntiVirService - ok
17:09:57.0416 3704  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
17:09:57.0416 3704  Appinfo - ok
17:09:57.0432 3704  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
17:09:57.0432 3704  arc - ok
17:09:57.0463 3704  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:09:57.0463 3704  arcsas - ok
17:09:57.0884 3704  [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:09:57.0884 3704  aspnet_state - ok
17:09:57.0947 3704  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:09:57.0947 3704  AsyncMac - ok
17:09:57.0962 3704  [ ACA311FAC841A06E4A7EF9A0F1C195F8 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:09:57.0962 3704  atapi - ok
17:09:57.0994 3704  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:09:57.0994 3704  AudioEndpointBuilder - ok
17:09:58.0025 3704  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:09:58.0025 3704  AudioSrv - ok
17:09:58.0072 3704  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:09:58.0072 3704  avgntflt - ok
17:09:58.0134 3704  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:09:58.0134 3704  avipbb - ok
17:09:58.0165 3704  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:09:58.0165 3704  avkmgr - ok
17:09:58.0228 3704  [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE             C:\Windows\System32\bfe.dll
17:09:58.0243 3704  BFE - ok
17:09:58.0337 3704  [ 6D316F4859634071CC25C4FD4589AD2C ] BITS            C:\Windows\System32\qmgr.dll
17:09:58.0368 3704  BITS - ok
17:09:58.0430 3704  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
17:09:58.0430 3704  blbdrive - ok
17:09:58.0462 3704  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:09:58.0462 3704  bowser - ok
17:09:58.0477 3704  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
17:09:58.0477 3704  BrFiltLo - ok
17:09:58.0493 3704  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
17:09:58.0493 3704  BrFiltUp - ok
17:09:58.0524 3704  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
17:09:58.0524 3704  Browser - ok
17:09:58.0727 3704  [ 013A330F16B1CECBDE5CB6F921689523 ] BrowserDefendert C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
17:09:58.0758 3704  BrowserDefendert - ok
17:09:58.0789 3704  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
17:09:58.0789 3704  Brserid - ok
17:09:58.0805 3704  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
17:09:58.0805 3704  BrSerWdm - ok
17:09:58.0805 3704  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
17:09:58.0805 3704  BrUsbMdm - ok
17:09:58.0820 3704  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
17:09:58.0820 3704  BrUsbSer - ok
17:09:58.0836 3704  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:09:58.0836 3704  BTHMODEM - ok
17:09:58.0898 3704  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:09:58.0898 3704  cdfs - ok
17:09:58.0930 3704  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:09:58.0930 3704  cdrom - ok
17:09:58.0976 3704  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:09:58.0976 3704  CertPropSvc - ok
17:09:59.0148 3704  [ 213B6EC3DE19E35373A1906397588429 ] CGVPNCliSrvc    C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
17:09:59.0210 3704  CGVPNCliSrvc - ok
17:09:59.0210 3704  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
17:09:59.0210 3704  circlass - ok
17:09:59.0273 3704  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
17:09:59.0273 3704  CLFS - ok
17:09:59.0351 3704  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:09:59.0351 3704  clr_optimization_v2.0.50727_32 - ok
17:09:59.0366 3704  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:09:59.0366 3704  clr_optimization_v2.0.50727_64 - ok
17:09:59.0676 3704  [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:09:59.0702 3704  clr_optimization_v4.0.30319_32 - ok
17:09:59.0741 3704  [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:09:59.0784 3704  clr_optimization_v4.0.30319_64 - ok
17:09:59.0845 3704  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:09:59.0846 3704  cmdide - ok
17:09:59.0862 3704  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
17:09:59.0863 3704  Compbatt - ok
17:09:59.0870 3704  COMSysApp - ok
17:09:59.0878 3704  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:09:59.0879 3704  crcdisk - ok
17:09:59.0927 3704  [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:09:59.0928 3704  CryptSvc - ok
17:09:59.0980 3704  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:09:59.0989 3704  DcomLaunch - ok
17:10:00.0097 3704  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:10:00.0099 3704  DfsC - ok
17:10:00.0194 3704  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
17:10:00.0283 3704  DFSR - ok
17:10:00.0363 3704  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
17:10:00.0365 3704  Dhcp - ok
17:10:00.0405 3704  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
17:10:00.0407 3704  disk - ok
17:10:00.0457 3704  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:10:00.0460 3704  Dnscache - ok
17:10:00.0517 3704  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:10:00.0520 3704  dot3svc - ok
17:10:00.0552 3704  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
17:10:00.0554 3704  DPS - ok
17:10:00.0591 3704  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:10:00.0592 3704  drmkaud - ok
17:10:00.0827 3704  [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:10:00.0834 3704  DXGKrnl - ok
17:10:00.0885 3704  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
17:10:00.0887 3704  E1G60 - ok
17:10:00.0893 3704  EagleX64 - ok
17:10:00.0913 3704  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
17:10:00.0915 3704  EapHost - ok
17:10:00.0951 3704  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
17:10:00.0952 3704  Ecache - ok
17:10:01.0006 3704  [ 33510BE001CCDB5A01FCC88F4DD8DFC7 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:10:01.0011 3704  ehRecvr - ok
17:10:01.0028 3704  [ 1ABC6436B0EDAA3D496D9C827F92820D ] ehSched         C:\Windows\ehome\ehsched.exe
17:10:01.0029 3704  ehSched - ok
17:10:01.0041 3704  [ 08F48CB2CD4019AFB0456869B49CD76F ] ehstart         C:\Windows\ehome\ehstart.dll
17:10:01.0042 3704  ehstart - ok
17:10:01.0089 3704  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:10:01.0096 3704  elxstor - ok
17:10:01.0156 3704  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
17:10:01.0163 3704  EMDMgmt - ok
17:10:01.0176 3704  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:10:01.0178 3704  ErrDev - ok
17:10:01.0242 3704  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem     C:\Windows\system32\es.dll
17:10:01.0246 3704  EventSystem - ok
17:10:01.0338 3704  [ 486844F47B6636044A42454614ED4523 ] exfat           C:\Windows\system32\drivers\exfat.sys
17:10:01.0346 3704  exfat - ok
17:10:01.0375 3704  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:10:01.0378 3704  fastfat - ok
17:10:01.0411 3704  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:10:01.0411 3704  fdc - ok
17:10:01.0427 3704  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
17:10:01.0427 3704  fdPHost - ok
17:10:01.0442 3704  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
17:10:01.0442 3704  FDResPub - ok
17:10:01.0458 3704  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:10:01.0458 3704  FileInfo - ok
17:10:01.0474 3704  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:10:01.0474 3704  Filetrace - ok
17:10:01.0474 3704  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:10:01.0474 3704  flpydisk - ok
17:10:01.0536 3704  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:10:01.0536 3704  FltMgr - ok
17:10:01.0645 3704  [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache       C:\Windows\system32\FntCache.dll
17:10:01.0676 3704  FontCache - ok
17:10:01.0770 3704  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:10:01.0786 3704  FontCache3.0.0.0 - ok
17:10:01.0879 3704  [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk     C:\Windows\SysWOW64\FsUsbExDisk.SYS
17:10:01.0879 3704  FsUsbExDisk - ok
17:10:01.0905 3704  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:10:01.0906 3704  Fs_Rec - ok
17:10:01.0921 3704  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:10:01.0922 3704  gagp30kx - ok
17:10:01.0959 3704  [ 7508FCFB8D93556213F530DFFAEDEC45 ] GearAspiWDM     C:\Windows\system32\drivers\GEARAspiWDM.sys
17:10:01.0959 3704  GearAspiWDM - ok
17:10:02.0107 3704  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:10:02.0116 3704  gpsvc - ok
17:10:02.0178 3704  [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:10:02.0181 3704  HdAudAddService - ok
17:10:02.0224 3704  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:10:02.0246 3704  HDAudBus - ok
17:10:02.0253 3704  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:10:02.0255 3704  HidBth - ok
17:10:02.0272 3704  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
17:10:02.0273 3704  HidIr - ok
17:10:02.0339 3704  [ 59361D38A297755D46A540E450202B2A ] hidserv         C:\Windows\system32\hidserv.dll
17:10:02.0340 3704  hidserv - ok
17:10:02.0377 3704  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:10:02.0378 3704  HidUsb - ok
17:10:02.0417 3704  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:10:02.0419 3704  hkmsvc - ok
17:10:02.0445 3704  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
17:10:02.0446 3704  HpCISSs - ok
17:10:02.0500 3704  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:10:02.0522 3704  HTTP - ok
17:10:02.0557 3704  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
17:10:02.0558 3704  i2omp - ok
17:10:02.0574 3704  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:10:02.0576 3704  i8042prt - ok
17:10:02.0604 3704  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
17:10:02.0608 3704  iaStorV - ok
17:10:02.0677 3704  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:10:02.0699 3704  idsvc - ok
17:10:02.0705 3704  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:10:02.0707 3704  iirsp - ok
17:10:02.0746 3704  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
17:10:02.0752 3704  IKEEXT - ok
17:10:02.0899 3704  [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:10:02.0921 3704  IntcAzAudAddService - ok
17:10:02.0950 3704  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
17:10:02.0952 3704  intelide - ok
17:10:02.0958 3704  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:10:02.0959 3704  intelppm - ok
17:10:02.0998 3704  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:10:03.0000 3704  IPBusEnum - ok
17:10:03.0017 3704  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:10:03.0018 3704  IpFilterDriver - ok
17:10:03.0060 3704  [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:10:03.0063 3704  iphlpsvc - ok
17:10:03.0069 3704  IpInIp - ok
17:10:03.0077 3704  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
17:10:03.0079 3704  IPMIDRV - ok
17:10:03.0085 3704  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
17:10:03.0087 3704  IPNAT - ok
17:10:03.0123 3704  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:10:03.0124 3704  IRENUM - ok
17:10:03.0136 3704  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:10:03.0137 3704  isapnp - ok
17:10:03.0172 3704  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:10:03.0174 3704  iScsiPrt - ok
17:10:03.0361 3704  [ 9C6F3F69163133FB8E56AC4A6E163452 ] ISODrive        C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
17:10:03.0362 3704  ISODrive - ok
17:10:03.0368 3704  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
17:10:03.0369 3704  iteatapi - ok
17:10:03.0389 3704  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
17:10:03.0391 3704  iteraid - ok
17:10:03.0397 3704  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:10:03.0398 3704  kbdclass - ok
17:10:03.0436 3704  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:10:03.0437 3704  kbdhid - ok
17:10:03.0476 3704  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
17:10:03.0477 3704  KeyIso - ok
17:10:03.0666 3704  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:10:03.0672 3704  KSecDD - ok
17:10:03.0697 3704  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:10:03.0698 3704  ksthunk - ok
17:10:03.0735 3704  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:10:03.0740 3704  KtmRm - ok
17:10:03.0773 3704  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:10:03.0776 3704  LanmanServer - ok
17:10:03.0807 3704  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:10:03.0811 3704  LanmanWorkstation - ok
17:10:03.0843 3704  libusb0 - ok
17:10:03.0851 3704  libusbd - ok
17:10:03.0864 3704  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:10:03.0866 3704  lltdio - ok
17:10:03.0913 3704  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:10:03.0918 3704  lltdsvc - ok
17:10:03.0923 3704  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:10:03.0926 3704  lmhosts - ok
17:10:03.0958 3704  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:10:03.0960 3704  LSI_FC - ok
17:10:03.0967 3704  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:10:03.0969 3704  LSI_SAS - ok
17:10:03.0998 3704  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:10:04.0000 3704  LSI_SCSI - ok
17:10:04.0006 3704  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:10:04.0008 3704  luafv - ok
17:10:04.0052 3704  massfilter - ok
17:10:04.0083 3704  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
17:10:04.0084 3704  MBAMProtector - ok
17:10:04.0141 3704  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:10:04.0143 3704  MBAMScheduler - ok
17:10:04.0183 3704  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:10:04.0188 3704  MBAMService - ok
17:10:04.0241 3704  [ 6DA30C0DE0CC8525E89D612C5063CAC1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:10:04.0243 3704  Mcx2Svc - ok
17:10:04.0258 3704  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
17:10:04.0259 3704  megasas - ok
17:10:04.0284 3704  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
17:10:04.0289 3704  MegaSR - ok
17:10:04.0333 3704  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
17:10:04.0335 3704  MMCSS - ok
17:10:04.0342 3704  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
17:10:04.0344 3704  Modem - ok
17:10:04.0365 3704  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:10:04.0366 3704  monitor - ok
17:10:04.0401 3704  [ C030F9E822A057C1A7A9BB4EA3E8877E ] MotioninJoyXFilter C:\Windows\system32\DRIVERS\MijXfilt.sys
17:10:04.0403 3704  MotioninJoyXFilter - ok
17:10:04.0409 3704  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:10:04.0410 3704  mouclass - ok
17:10:04.0416 3704  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:10:04.0417 3704  mouhid - ok
17:10:04.0424 3704  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
17:10:04.0425 3704  MountMgr - ok
17:10:04.0470 3704  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:10:04.0472 3704  MozillaMaintenance - ok
17:10:04.0503 3704  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:10:04.0505 3704  mpio - ok
17:10:04.0512 3704  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:10:04.0514 3704  mpsdrv - ok
17:10:04.0582 3704  [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:10:04.0604 3704  MpsSvc - ok
17:10:04.0612 3704  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
17:10:04.0613 3704  Mraid35x - ok
17:10:04.0625 3704  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:10:04.0628 3704  MRxDAV - ok
17:10:04.0672 3704  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:10:04.0674 3704  mrxsmb - ok
17:10:04.0690 3704  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:10:04.0694 3704  mrxsmb10 - ok
17:10:04.0711 3704  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:10:04.0712 3704  mrxsmb20 - ok
17:10:04.0718 3704  [ 9AC2055E4F5D8EB3C2BA6BD17AAF7719 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:10:04.0720 3704  msahci - ok
17:10:04.0727 3704  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:10:04.0729 3704  msdsm - ok
17:10:04.0774 3704  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
17:10:04.0777 3704  MSDTC - ok
17:10:04.0792 3704  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:10:04.0793 3704  Msfs - ok
17:10:04.0799 3704  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:10:04.0800 3704  msisadrv - ok
17:10:04.0862 3704  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:10:04.0865 3704  MSiSCSI - ok
17:10:04.0870 3704  msiserver - ok
17:10:04.0903 3704  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:10:04.0904 3704  MSKSSRV - ok
17:10:04.0910 3704  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:10:04.0911 3704  MSPCLOCK - ok
17:10:04.0917 3704  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:10:04.0919 3704  MSPQM - ok
17:10:04.0973 3704  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:10:04.0977 3704  MsRPC - ok
17:10:05.0000 3704  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:10:05.0001 3704  mssmbios - ok
17:10:05.0007 3704  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:10:05.0008 3704  MSTEE - ok
17:10:05.0087 3704  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:10:05.0089 3704  Mup - ok
17:10:05.0195 3704  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
17:10:05.0200 3704  napagent - ok
17:10:05.0252 3704  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:10:05.0255 3704  NativeWifiP - ok
17:10:05.0316 3704  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:10:05.0338 3704  NDIS - ok
17:10:05.0373 3704  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:10:05.0374 3704  NdisTapi - ok
17:10:05.0381 3704  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:10:05.0382 3704  Ndisuio - ok
17:10:05.0416 3704  [ F8158771905260982CE724076419EF19 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:10:05.0418 3704  NdisWan - ok
17:10:05.0425 3704  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:10:05.0426 3704  NDProxy - ok
17:10:05.0483 3704  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:10:05.0483 3704  NetBIOS - ok
17:10:05.0514 3704  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
17:10:05.0514 3704  netbt - ok
17:10:05.0530 3704  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
17:10:05.0530 3704  Netlogon - ok
17:10:05.0623 3704  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
17:10:05.0623 3704  Netman - ok
17:10:05.0670 3704  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:10:05.0701 3704  NetMsmqActivator - ok
17:10:05.0717 3704  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:10:05.0717 3704  NetPipeActivator - ok
17:10:05.0779 3704  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
17:10:05.0779 3704  netprofm - ok
17:10:05.0811 3704  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:10:05.0826 3704  NetTcpActivator - ok
17:10:05.0826 3704  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:10:05.0826 3704  NetTcpPortSharing - ok
17:10:05.0873 3704  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:10:05.0873 3704  nfrd960 - ok
17:10:05.0904 3704  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:10:05.0904 3704  NlaSvc - ok
17:10:05.0920 3704  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:10:05.0920 3704  Npfs - ok
17:10:05.0951 3704  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
17:10:05.0951 3704  nsi - ok
17:10:05.0967 3704  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:10:05.0967 3704  nsiproxy - ok
17:10:06.0357 3704  [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:10:06.0372 3704  Ntfs - ok
17:10:06.0388 3704  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
17:10:06.0388 3704  Null - ok
17:10:06.0450 3704  [ 98350606682594521D56ECCB5D01ECF7 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx64.sys
17:10:06.0466 3704  NVENETFD - ok
17:10:07.0183 3704  [ FCBA1C22727939E7CFF9EB08FE9692AB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:10:07.0261 3704  nvlddmkm - ok
17:10:07.0293 3704  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:10:07.0293 3704  nvraid - ok
17:10:07.0355 3704  [ A3AC469AD99AC3FD63AFCCFC29A90FA9 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
17:10:07.0355 3704  nvsmu - ok
17:10:07.0371 3704  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:10:07.0371 3704  nvstor - ok
17:10:07.0386 3704  [ 581286807B5832503FD700A3217B589F ] nvstor64        C:\Windows\system32\DRIVERS\nvstor64.sys
17:10:07.0386 3704  nvstor64 - ok
17:10:07.0527 3704  [ 10C232F6CFFD51D2332898AE7AE0FF23 ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:10:07.0527 3704  nvsvc - ok
17:10:07.0729 3704  [ 4789E020D2617046862D1790FC235FF6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:10:07.0745 3704  nvUpdatusService - ok
17:10:07.0745 3704  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:10:07.0761 3704  nv_agp - ok
17:10:07.0761 3704  NwlnkFlt - ok
17:10:07.0761 3704  NwlnkFwd - ok
17:10:07.0839 3704  [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
17:10:07.0839 3704  ohci1394 - ok
17:10:07.0885 3704  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
17:10:07.0901 3704  p2pimsvc - ok
17:10:07.0932 3704  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
17:10:07.0948 3704  p2psvc - ok
17:10:08.0010 3704  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
17:10:08.0010 3704  Parport - ok
17:10:08.0041 3704  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:10:08.0041 3704  partmgr - ok
17:10:08.0073 3704  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:10:08.0088 3704  PcaSvc - ok
17:10:08.0104 3704  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci             C:\Windows\system32\drivers\pci.sys
17:10:08.0119 3704  pci - ok
17:10:08.0135 3704  [ 8D618C829034479985A9ED56106CC732 ] pciide          C:\Windows\system32\drivers\pciide.sys
17:10:08.0135 3704  pciide - ok
17:10:08.0151 3704  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:10:08.0151 3704  pcmcia - ok
17:10:08.0227 3704  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:10:08.0239 3704  PEAUTH - ok
17:10:08.0316 3704  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:10:08.0318 3704  PerfHost - ok
17:10:08.0404 3704  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
17:10:08.0438 3704  pla - ok
17:10:08.0552 3704  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:10:08.0557 3704  PlugPlay - ok
17:10:08.0619 3704  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
17:10:08.0625 3704  PNRPAutoReg - ok
17:10:08.0665 3704  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc         C:\Windows\system32\p2psvc.dll
17:10:08.0671 3704  PNRPsvc - ok
17:10:08.0754 3704  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:10:08.0761 3704  PolicyAgent - ok
17:10:08.0809 3704  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:10:08.0812 3704  PptpMiniport - ok
17:10:08.0844 3704  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\drivers\processr.sys
17:10:08.0845 3704  Processor - ok
17:10:08.0890 3704  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc         C:\Windows\system32\profsvc.dll
17:10:08.0894 3704  ProfSvc - ok
17:10:08.0910 3704  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
17:10:08.0911 3704  ProtectedStorage - ok
17:10:08.0950 3704  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
17:10:08.0952 3704  PSched - ok
17:10:08.0998 3704  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:10:09.0021 3704  ql2300 - ok
17:10:09.0028 3704  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:10:09.0030 3704  ql40xx - ok
17:10:09.0055 3704  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
17:10:09.0059 3704  QWAVE - ok
17:10:09.0067 3704  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:10:09.0068 3704  QWAVEdrv - ok
17:10:09.0074 3704  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:10:09.0075 3704  RasAcd - ok
17:10:09.0098 3704  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
17:10:09.0100 3704  RasAuto - ok
17:10:09.0137 3704  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:10:09.0140 3704  Rasl2tp - ok
17:10:09.0180 3704  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
17:10:09.0186 3704  RasMan - ok
17:10:09.0241 3704  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:10:09.0242 3704  RasPppoe - ok
17:10:09.0293 3704  [ C6A593B51F34C33E5474539544072527 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:10:09.0295 3704  RasSstp - ok
17:10:09.0341 3704  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:10:09.0346 3704  rdbss - ok
17:10:09.0376 3704  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:10:09.0377 3704  RDPCDD - ok
17:10:09.0409 3704  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
17:10:09.0414 3704  rdpdr - ok
17:10:09.0420 3704  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:10:09.0421 3704  RDPENCDD - ok
17:10:09.0476 3704  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:10:09.0480 3704  RDPWD - ok
17:10:09.0542 3704  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:10:09.0544 3704  RemoteAccess - ok
17:10:09.0590 3704  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:10:09.0594 3704  RemoteRegistry - ok
17:10:09.0631 3704  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
17:10:09.0632 3704  RpcLocator - ok
17:10:09.0714 3704  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs           C:\Windows\system32\rpcss.dll
17:10:09.0721 3704  RpcSs - ok
17:10:09.0808 3704  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:10:09.0809 3704  rspndr - ok
17:10:09.0832 3704  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs           C:\Windows\system32\lsass.exe
17:10:09.0833 3704  SamSs - ok
17:10:09.0862 3704  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:10:09.0864 3704  sbp2port - ok
17:10:09.0938 3704  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:10:09.0942 3704  SCardSvr - ok
17:10:09.0985 3704  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
17:10:10.0005 3704  Schedule - ok
17:10:10.0047 3704  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:10:10.0048 3704  SCPolicySvc - ok
17:10:10.0111 3704  [ 8B56BDCE6A303DDE63D63440D1CF9AD1 ] ScreamBAudioSvc C:\Windows\system32\drivers\ScreamingBAudio64.sys
17:10:10.0113 3704  ScreamBAudioSvc - ok
17:10:10.0153 3704  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:10:10.0157 3704  SDRSVC - ok
17:10:10.0162 3704  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:10:10.0164 3704  secdrv - ok
17:10:10.0198 3704  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
17:10:10.0200 3704  seclogon - ok
17:10:10.0217 3704  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\System32\sens.dll
17:10:10.0219 3704  SENS - ok
17:10:10.0225 3704  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:10:10.0227 3704  Serenum - ok
17:10:10.0246 3704  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
17:10:10.0248 3704  Serial - ok
17:10:10.0255 3704  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:10:10.0256 3704  sermouse - ok
17:10:10.0307 3704  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:10:10.0309 3704  SessionEnv - ok
17:10:10.0315 3704  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
17:10:10.0317 3704  sffdisk - ok
17:10:10.0325 3704  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:10:10.0327 3704  sffp_mmc - ok
17:10:10.0336 3704  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
17:10:10.0337 3704  sffp_sd - ok
17:10:10.0343 3704  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
17:10:10.0344 3704  sfloppy - ok
17:10:10.0410 3704  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:10:10.0416 3704  SharedAccess - ok
17:10:10.0472 3704  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:10:10.0478 3704  ShellHWDetection - ok
17:10:10.0484 3704  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
17:10:10.0486 3704  SiSRaid2 - ok
17:10:10.0531 3704  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:10:10.0533 3704  SiSRaid4 - ok
17:10:10.0627 3704  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc           C:\Windows\system32\SLsvc.exe
17:10:10.0693 3704  slsvc - ok
17:10:10.0725 3704  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
17:10:10.0727 3704  SLUINotify - ok
17:10:10.0743 3704  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:10:10.0745 3704  Smb - ok
17:10:10.0808 3704  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:10:10.0810 3704  SNMPTRAP - ok
17:10:10.0880 3704  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr           C:\Windows\system32\drivers\spldr.sys
17:10:10.0881 3704  spldr - ok
17:10:10.0920 3704  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler         C:\Windows\System32\spoolsv.exe
17:10:10.0923 3704  Spooler - ok
17:10:10.0990 3704  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:10:10.0995 3704  srv - ok
17:10:11.0028 3704  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:10:11.0030 3704  srv2 - ok
17:10:11.0049 3704  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:10:11.0052 3704  srvnet - ok
17:10:11.0071 3704  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:10:11.0074 3704  SSDPSRV - ok
17:10:11.0100 3704  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:10:11.0103 3704  SstpSvc - ok
17:10:11.0130 3704  [ EF806D212D34B0E173BAEB3564D53E37 ] ss_bbus         C:\Windows\system32\DRIVERS\ss_bbus.sys
17:10:11.0132 3704  ss_bbus - ok
17:10:11.0187 3704  [ 08B1B34ABEBEB6AC2DEA06900C56411E ] ss_bmdfl        C:\Windows\system32\DRIVERS\ss_bmdfl.sys
17:10:11.0188 3704  ss_bmdfl - ok
17:10:11.0253 3704  [ 71A9DA6BEAA4CB54DFB827FB78600A5D ] ss_bmdm         C:\Windows\system32\DRIVERS\ss_bmdm.sys
17:10:11.0256 3704  ss_bmdm - ok
17:10:11.0273 3704  StarOpen - ok
17:10:11.0310 3704  Steam Client Service - ok
17:10:11.0368 3704  [ 5A19667A580B1CE886EAF968B9743F45 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:10:11.0370 3704  Stereo Service - ok
17:10:11.0499 3704  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
17:10:11.0521 3704  stisvc - ok
17:10:11.0556 3704  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:10:11.0557 3704  swenum - ok
17:10:11.0590 3704  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv           C:\Windows\System32\swprv.dll
17:10:11.0599 3704  swprv - ok
17:10:11.0606 3704  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
17:10:11.0607 3704  Symc8xx - ok
17:10:11.0614 3704  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
17:10:11.0616 3704  Sym_hi - ok
17:10:11.0622 3704  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
17:10:11.0623 3704  Sym_u3 - ok
17:10:11.0686 3704  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain         C:\Windows\system32\sysmain.dll
17:10:11.0705 3704  SysMain - ok
17:10:11.0775 3704  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:10:11.0778 3704  TabletInputService - ok
17:10:11.0833 3704  [ F9BE29D5E097F03F81D3CD12B794CB66 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
17:10:11.0834 3704  tap0901 - ok
17:10:11.0880 3704  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:10:11.0885 3704  TapiSrv - ok
17:10:11.0907 3704  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
17:10:11.0909 3704  TBS - ok
17:10:12.0176 3704  [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:10:12.0212 3704  Tcpip - ok
17:10:12.0243 3704  [ 0E970F59D7FBB838316176B19A2ADB82 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
17:10:12.0256 3704  Tcpip6 - ok
17:10:12.0302 3704  [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:10:12.0304 3704  tcpipreg - ok
17:10:12.0358 3704  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:10:12.0359 3704  TDPIPE - ok
17:10:12.0376 3704  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:10:12.0378 3704  TDTCP - ok
17:10:12.0431 3704  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:10:12.0434 3704  tdx - ok
17:10:12.0492 3704  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:10:12.0493 3704  TermDD - ok
17:10:12.0597 3704  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService     C:\Windows\System32\termsrv.dll
17:10:12.0619 3704  TermService - ok
17:10:12.0797 3704  [ 250B9120C7C103AFDC0C6643F9691055 ] TestHandler     C:\Program Files (x86)\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
17:10:12.0801 3704  TestHandler - ok
17:10:12.0861 3704  [ 48D9D00C2E0E72C3D4F52772C80355F6 ] TFsExDisk       C:\Windows\System32\Drivers\TFsExDisk.sys
17:10:12.0863 3704  TFsExDisk - ok
17:10:12.0991 3704  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
17:10:12.0995 3704  Themes - ok
17:10:13.0023 3704  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
17:10:13.0025 3704  THREADORDER - ok
17:10:13.0095 3704  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
17:10:13.0099 3704  TrkWks - ok
17:10:13.0183 3704  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:10:13.0185 3704  TrustedInstaller - ok
17:10:13.0229 3704  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:10:13.0230 3704  tssecsrv - ok
17:10:13.0251 3704  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
17:10:13.0253 3704  tunmp - ok
17:10:13.0315 3704  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:10:13.0317 3704  tunnel - ok
17:10:13.0337 3704  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:10:13.0340 3704  uagp35 - ok
17:10:13.0381 3704  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:10:13.0395 3704  udfs - ok
17:10:13.0528 3704  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:10:13.0531 3704  UI0Detect - ok
17:10:13.0585 3704  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:10:13.0587 3704  uliagpkx - ok
17:10:13.0668 3704  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
17:10:13.0673 3704  uliahci - ok
17:10:13.0731 3704  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
17:10:13.0735 3704  UlSata - ok
17:10:13.0760 3704  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
17:10:13.0764 3704  ulsata2 - ok
17:10:13.0774 3704  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:10:13.0776 3704  umbus - ok
17:10:13.0818 3704  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
17:10:13.0823 3704  upnphost - ok
17:10:13.0982 3704  [ 7CE0FE34FD8FB7F52D1E503B0C1E4FA9 ] UPnPService     C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
17:10:13.0992 3704  UPnPService - ok
17:10:14.0019 3704  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:10:14.0022 3704  usbccgp - ok
17:10:14.0029 3704  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:10:14.0031 3704  usbcir - ok
17:10:14.0065 3704  [ 827E44DE934A736EA31E91D353EB126F ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:10:14.0067 3704  usbehci - ok
17:10:14.0084 3704  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:10:14.0088 3704  usbhub - ok
17:10:14.0124 3704  [ E406B003A354776D317762694956B0FC ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
17:10:14.0126 3704  usbohci - ok
17:10:14.0199 3704  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:10:14.0201 3704  usbprint - ok
17:10:14.0277 3704  [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
17:10:14.0279 3704  usbscan - ok
17:10:14.0319 3704  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:10:14.0321 3704  USBSTOR - ok
17:10:14.0373 3704  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:10:14.0374 3704  usbuhci - ok
17:10:14.0403 3704  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms           C:\Windows\System32\uxsms.dll
17:10:14.0405 3704  UxSms - ok
17:10:14.0454 3704  [ 294945381DFA7CE58CECF0A9896AF327 ] vds             C:\Windows\System32\vds.exe
17:10:14.0461 3704  vds - ok
17:10:14.0475 3704  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:10:14.0477 3704  vga - ok
17:10:14.0483 3704  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:10:14.0485 3704  VgaSave - ok
17:10:14.0491 3704  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
17:10:14.0492 3704  viaide - ok
17:10:14.0536 3704  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:10:14.0537 3704  volmgr - ok
17:10:14.0583 3704  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:10:14.0588 3704  volmgrx - ok
17:10:14.0702 3704  [ 582F710097B46140F5A89A19A6573D4B ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:10:14.0706 3704  volsnap - ok
17:10:14.0746 3704  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:10:14.0749 3704  vsmraid - ok
17:10:14.0818 3704  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS             C:\Windows\system32\vssvc.exe
17:10:14.0841 3704  VSS - ok
17:10:14.0893 3704  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time         C:\Windows\system32\w32time.dll
17:10:14.0899 3704  W32Time - ok
17:10:14.0931 3704  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:10:14.0931 3704  WacomPen - ok
17:10:14.0962 3704  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
17:10:14.0962 3704  Wanarp - ok
17:10:14.0978 3704  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:10:14.0978 3704  Wanarpv6 - ok
17:10:15.0040 3704  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:10:15.0087 3704  wcncsvc - ok
17:10:15.0118 3704  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:10:15.0118 3704  WcsPlugInService - ok
17:10:15.0134 3704  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
17:10:15.0134 3704  Wd - ok
17:10:15.0274 3704  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:10:15.0290 3704  Wdf01000 - ok
17:10:15.0352 3704  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:10:15.0352 3704  WdiServiceHost - ok
17:10:15.0383 3704  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:10:15.0383 3704  WdiSystemHost - ok
17:10:15.0430 3704  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient       C:\Windows\System32\webclnt.dll
17:10:15.0430 3704  WebClient - ok
17:10:15.0477 3704  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:10:15.0477 3704  Wecsvc - ok
17:10:15.0508 3704  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:10:15.0508 3704  wercplsupport - ok
17:10:15.0555 3704  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
17:10:15.0555 3704  WerSvc - ok
17:10:15.0570 3704  WinDefend - ok
17:10:15.0586 3704  WinHttpAutoProxySvc - ok
17:10:15.0742 3704  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:10:15.0758 3704  Winmgmt - ok
17:10:15.0820 3704  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:10:15.0867 3704  WinRM - ok
17:10:15.0945 3704  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:10:15.0976 3704  Wlansvc - ok
17:10:16.0023 3704  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
17:10:16.0023 3704  WmiAcpi - ok
17:10:16.0116 3704  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:10:16.0116 3704  wmiApSrv - ok
17:10:16.0148 3704  WMPNetworkSvc - ok
17:10:16.0226 3704  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:10:16.0241 3704  WPCSvc - ok
17:10:16.0272 3704  [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:10:16.0272 3704  WPDBusEnum - ok
17:10:16.0881 3704  [ 5DD439900C9B865EBE525D19678B8C55 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:10:16.0912 3704  WPFFontCache_v0400 - ok
17:10:16.0959 3704  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:10:16.0959 3704  ws2ifsl - ok
17:10:16.0990 3704  [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc          C:\Windows\System32\wscsvc.dll
17:10:16.0990 3704  wscsvc - ok
17:10:17.0006 3704  WSearch - ok
17:10:17.0177 3704  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:10:17.0255 3704  wuauserv - ok
17:10:17.0302 3704  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:10:17.0302 3704  WudfPf - ok
17:10:17.0364 3704  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:10:17.0364 3704  WUDFRd - ok
17:10:17.0396 3704  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:10:17.0396 3704  wudfsvc - ok
17:10:17.0474 3704  X6va012 - ok
17:10:17.0521 3704  xhunter1 - ok
17:10:17.0609 3704  [ 9176C0822FAA649E45121875BE32F5D2 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
17:10:17.0611 3704  xusb21 - ok
17:10:17.0616 3704  ZTEusbmdm6k - ok
17:10:17.0623 3704  ZTEusbnmea - ok
17:10:17.0631 3704  ZTEusbser6k - ok
17:10:17.0640 3704  ================ Scan global ===============================
17:10:17.0674 3704  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
17:10:17.0718 3704  [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
17:10:17.0741 3704  [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
17:10:17.0823 3704  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
17:10:17.0827 3704  [Global] - ok
17:10:17.0828 3704  ================ Scan MBR ==================================
17:10:17.0870 3704  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:10:18.0553 3704  \Device\Harddisk0\DR0 - ok
17:10:18.0554 3704  ================ Scan VBR ==================================
17:10:18.0596 3704  [ 68D46A6CF927BC2964A3E8402427E0DC ] \Device\Harddisk0\DR0\Partition1
17:10:18.0610 3704  \Device\Harddisk0\DR0\Partition1 - ok
17:10:18.0635 3704  [ D3740C89E4145598F209571FB80DC1B1 ] \Device\Harddisk0\DR0\Partition2
17:10:18.0636 3704  \Device\Harddisk0\DR0\Partition2 - ok
17:10:18.0637 3704  ============================================================
17:10:18.0637 3704  Scan finished
17:10:18.0637 3704  ============================================================
17:10:18.0656 4544  Detected object count: 0
17:10:18.0656 4544  Actual detected object count: 0
17:10:32.0658 5096  Deinitialize success
         
__________________

Alt 07.06.2013, 17:06   #4
smeenk
/// Malwareteam / Visitor
 
Browser mocaflix Problem - Standard

Browser mocaflix Problem



Versuch mal ob Zoek.exe im abgesicherten Modus starten will:
Windows richtig im abgesicherten Modus starten

Alt 08.06.2013, 15:30   #5
kryschtel
 
Browser mocaflix Problem - Standard

Browser mocaflix Problem



Zitat:
Zitat von smeenk Beitrag anzeigen
Versuch mal ob Zoek.exe im abgesicherten Modus starten will:
Windows richtig im abgesicherten Modus starten
Vielen Dank.
Hat sogar funktioniert über den abgesicherten Modus.

Hier der Log

Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 31-May-2013
Tool run by **** on 08.06.2013 at 16:11:27,85.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x64
Running in: Safe Mode MINIMAL No Internet Access Detected

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3029538542-3273361527-2256941593-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3029538542-3273361527-2256941593-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrowserDefendert deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BrowserDefendert deleted successfully

==== Deleting Files \ Folders ======================

"C:\Users\****\Downloads\SoftonicDownloader_fuer_league-of-legends.exe" deleted
"C:\Users\Public\sdelevURL.tmp" deleted
"C:\Users\****\AppData\Local\qs.dll" deleted
"C:\Users\****\AppData\Local\qs64.dll" deleted
"C:\ProgramData\BrowserDefender" deleted
"C:\ProgramData\Babylon" deleted
"C:\Windows\SysWow64\AI_RecycleBin" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2013-06-06 18:22:54	D4F27E63A5F4B088F95646D0B3383A5D	489695611	----a-w-	C:\Windows\MEMORY.DMP
2013-06-05 07:12:47	5B56983A4125AC01D6C8AF401AD1FA61	499	----a-w-	C:\Windows\DeleteOnReboot.bat
====== C:\Users\****\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-06-04 14:05:06	E7329CCB11C05D4600E4641BD0328E41	285184	----a-w-	C:\Windows\SysWOW64\MagUIEngine.dll
2013-06-04 14:05:06	DCE2A54207DC9F6228E26948513ECD12	92672	----a-w-	C:\Windows\SysWOW64\MagUIInter.dll
2013-06-04 14:05:06	A6549E3D8196829311BCA50DA7C2699B	490496	----a-w-	C:\Windows\SysWOW64\madFlac.ax
2013-06-04 14:05:06	98148D461E446D7CD1E70B916CA61B31	55808	----a-w-	C:\Windows\SysWOW64\MagPCMac.dll
2013-06-04 14:05:06	95110AC93E5EBDC5D9DC7694A4BCA953	536652	----a-w-	C:\Windows\SysWOW64\ASAudioHD.ax
2013-06-04 14:05:06	75D4D135424071A7EFFC767CCDA518C8	35328	----a-w-	C:\Windows\SysWOW64\MagCore.dll
2013-06-04 14:05:06	644AA3ADE7742079533DCDE2ABF153E2	917504	----a-w-	C:\Windows\SysWOW64\dtsdecoderdll.dll
2013-06-04 14:05:06	5C3739F97D09CAF8ABCC0A1F14C82A49	258048	----a-w-	C:\Windows\SysWOW64\libFLAC.dll
2013-06-04 14:05:06	16E030AA1AFA8E1BE20D269703674AAD	106496	----a-w-	C:\Windows\SysWOW64\checkactivate.dll
2013-06-04 14:05:05	F47300353C2AE5A34986008E03E0E2E4	439808	----a-w-	C:\Windows\SysWOW64\RealMediaSplitter.ax
2013-06-04 14:05:05	C82070D55D0B25E87185C874518D71DB	417792	----a-w-	C:\Windows\SysWOW64\FLVSplitter.ax
2013-06-04 14:05:05	7029A7634C8DFA8EE619E79B1B9A378F	70656	----a-w-	C:\Windows\SysWOW64\yv12vfw.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-06-05 14:03:06	0BB97D43299910CBFBA59C461B99B910	25928	----a-w-	C:\Windows\Sysnative\drivers\mbam.sys
2013-05-15 13:40:57	F3932288EEECD776FF1F9F653AD878F3	901496	----a-w-	C:\Windows\Sysnative\drivers\dxgkrnl.sys
====== C:\Windows\Tasks ======
2013-06-05 07:13:33	A6542F65D2B0EB834B01914CCF83769E	3350	----a-w-	C:\Windows\Sysnative\Tasks\BrowserDefendert
2013-06-04 14:09:55	BF4EB96C4E11F6B8DF0F2E7FAD5B7B52	3314	----a-w-	C:\Windows\Sysnative\Tasks\EPUpdater
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
======= C: =====
2013-06-05 16:27:13	F2448347298CDDA4B93AD7CE1E3C6E7D	1507	----a-w-	C:\AdwCleaner[S3].txt
2013-06-05 16:26:28	750658EA7AF3DAD3F8B073247FB3FF7E	1439	----a-w-	C:\AdwCleaner[R3].txt
2013-06-05 13:51:40	2BD8C522942E1FBE0A5C14B58FACCE50	1909	----a-w-	C:\AdwCleaner[S2].txt
2013-06-05 13:49:00	16806DE46A2BFF4E32CCEB52E5128084	1882	----a-w-	C:\AdwCleaner[R2].txt
2013-06-05 07:12:43	DC90B864B72441ED690F73F5E6A8174E	5904	----a-w-	C:\AdwCleaner[S1].txt
2013-06-05 07:11:42	B4E0D5CE220FD5D98DC7D27B922854FF	5999	----a-w-	C:\AdwCleaner[R1].txt
====== C:\Users\****\AppData\Roaming ======
2013-06-04 14:10:17	--------	d-----w-	C:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
2013-06-02 08:59:13	2F3A74C8194D25CA18D1107F8234817D	680	----a-w-	C:\users\****\AppData\Local\d3d9caps.dat
2013-05-24 19:21:18	5EBE7814853BB1260B298C30B5C95C6B	11390	----a-w-	C:\users\****\AppData\Local\dd_vcredistUI32B3.txt
2013-05-24 19:21:18	4109CD26325B0682DB362ABF60FE18A1	420828	----a-w-	C:\users\****\AppData\Local\dd_vcredistMSI32B3.txt
2013-05-23 17:12:04	--------	d-----w-	C:\users\****\AppData\Roaming\Screaming Bee
2013-05-18 17:59:27	--------	d-----w-	C:\users\****\AppData\Roaming\Awesomium
2013-05-18 17:56:40	--------	d-----w-	C:\users\****\AppData\Local\Aeria Games
2013-05-18 17:47:52	--------	d-----w-	C:\users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2013-05-18 17:36:59	--------	d-----w-	C:\users\****\AppData\Roaming\Aeria Games & Entertainment
2013-05-13 14:24:07	--------	d-----w-	C:\users\****\AppData\Roaming\BoL
====== C:\Users\**** ======
2013-06-07 15:08:53	178A34E5554DCE485E1262DDF027960C	2237968	----a-w-	C:\Users\****\Desktop\tdsskiller.exe
2013-06-06 17:17:33	4ADCFEE16EE9978F06157634669D36FB	602112	----a-w-	C:\Users\****\Downloads\OTL.exe
2013-06-06 17:16:40	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\****\defogger_reenable
2013-06-06 17:16:03	9146F21288AB749C4C729343F5F285A1	50477	----a-w-	C:\Users\****\Downloads\Defogger.exe
2013-06-05 19:40:16	B36B2E3CA24D80973C59BFBDA1C4800B	4378864	----a-w-	C:\Users\****\Downloads\ccsetup402.exe
2013-06-05 16:26:14	0A90C8A3F94564E7EAF541981EAFA52A	632031	----a-w-	C:\Users\****\Downloads\adwcleaner.exe
2013-06-05 14:02:16	683FDD3D773C58B262DC07CD0C6CE938	10285040	----a-w-	C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-05 13:40:43	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defender Pro Quick Scanner
2013-06-05 13:39:40	12855F36C976B5EBD06FAA6D4BC994B0	7633040	----a-w-	C:\Users\****\Downloads\dp_ultimate.exe
2013-06-05 07:11:35	0A90C8A3F94564E7EAF541981EAFA52A	632031	----a-w-	C:\Users\****\Downloads\adwcleaner_2.3.0.1.exe
2013-06-04 14:07:05	30193EACB70C18974A80AB600FAE9519	23995416	----a-w-	C:\Users\****\Downloads\FreeAVIVideoConverter.exe
2013-05-31 02:11:08	EB5D7B007B6022EE555C0DD9FD71263E	22201982	----a-w-	C:\Users\****\Downloads\LeagueOfLegendsBaseEUW.exe
2013-05-31 02:10:43	9EB4B4ACC7751748D0259A07EF0FFD1A	3496296	----a-w-	C:\Users\****\Downloads\LeagueofLegends (1).exe
2013-05-31 01:56:23	A86B844E50C726D034FFC782486D87AB	3461416	----a-w-	C:\Users\****\Downloads\LeagueofLegends.exe
2013-05-29 04:23:04	2CD120F390018F334F3729FCC986E908	1582608	----a-w-	C:\Users\****\Downloads\LOLReplay-0.8.2.1.exe
2013-05-23 17:10:18	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
2013-05-18 17:56:12	--------	d-----w-	C:\ProgramData\Aeria Games

====== C: exe-files ==
2013-06-07 15:08:53	178A34E5554DCE485E1262DDF027960C	2237968	----a-w-	C:\Users\****\Desktop\tdsskiller.exe
2013-06-06 17:17:33	4ADCFEE16EE9978F06157634669D36FB	602112	----a-w-	C:\Users\****\Downloads\OTL.exe
2013-06-06 17:16:03	9146F21288AB749C4C729343F5F285A1	50477	----a-w-	C:\Users\****\Downloads\Defogger.exe
2013-06-06 12:05:09	1EA998DE136184740B292FB9DCDD49AC	746848	----a-w-	C:\Users\****\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\27.0.1453.110\27.0.1453.110_27.0.1453.94_chrome_updater.exe
2013-06-05 19:40:16	B36B2E3CA24D80973C59BFBDA1C4800B	4378864	----a-w-	C:\Users\****\Downloads\ccsetup402.exe
2013-06-05 16:26:14	0A90C8A3F94564E7EAF541981EAFA52A	632031	----a-w-	C:\Users\****\Downloads\adwcleaner.exe
2013-06-05 14:02:16	683FDD3D773C58B262DC07CD0C6CE938	10285040	----a-w-	C:\Users\****\Downloads\mbam-setup-1.75.0.1300.exe
2013-06-05 13:39:40	12855F36C976B5EBD06FAA6D4BC994B0	7633040	----a-w-	C:\Users\****\Downloads\dp_ultimate.exe
2013-06-05 07:11:35	0A90C8A3F94564E7EAF541981EAFA52A	632031	----a-w-	C:\Users\****\Downloads\adwcleaner_2.3.0.1.exe
2013-06-04 14:07:05	30193EACB70C18974A80AB600FAE9519	23995416	----a-w-	C:\Users\****\Downloads\FreeAVIVideoConverter.exe
2013-06-02 08:59:09	9CFDA928481B9D7D40A38F8E52FC2D69	24126312	----a-w-	C:\Users\****\Documents\LOLReplay\data\3.7.0.328\League Of Legends.exe
=== C: other files ==
2013-06-07 11:32:21	0CE162B71D2398B46F4E8CC4DDD64CBB	870680	----a-w-	C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2013-06-05 19:44:02	959FB591C9702648D3AB9265201DE83F	118	----a-w-	C:\Users\****\AppData\Local\Temp\kll.bat
2013-06-05 19:42:42	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\****\AppData\Local\Temp\{2CB20AC3-CEA1-401F-86E8-844AEC5347B8}.bat
2013-06-05 14:03:06	0BB97D43299910CBFBA59C461B99B910	25928	----a-w-	C:\Windows\System32\drivers\mbam.sys
2013-06-05 07:12:47	5B56983A4125AC01D6C8AF401AD1FA61	499	----a-w-	C:\Windows\DeleteOnReboot.bat

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe"
"fsc-reg"="c:\fsc-reg\fscreg.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /detectMem"

[HKEY_USERS\S-1-5-21-3029538542-3273361527-2256941593-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Akamai NetSession Interface"="C:\Users\****\AppData\Local\Akamai\netsession_win.exe"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files (x86)\Picasa2\PicasaMediaDetector.exe"
"fsc-reg"="c:\fsc-reg\fscreg.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"WindowsWelcomeCenter"="rundll32.exe oobefldr.dll,ShowWelcomeCenter"
"Akamai NetSession Interface"="C:\Users\****\AppData\Local\Akamai\netsession_win.exe"
"ehTray.exe"="C:\Windows\ehome\ehTray.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Kies\\External\\FirmwareUpdate\\KiesPDLR.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Aeria Ignite]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Aeria Ignite"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Aeria Games\\Ignite\\aeriaignite.exe\" silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AutoStartNPSAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AutoStartNPSAgent"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Samsung\\Samsung New PC Studio\\NPSAgent.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DS3 Tool]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DS3 Tool"
"hkey"="HKCU"
"command"="C:\\Users\\****\\Downloads\\DS3_Tool.exe -mini"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EnergySettings]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EnergySettings"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Fujitsu Siemens Computers\\Energy Settings\\EnergySettings.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON SX110 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EPSON SX110 Series"
"hkey"="HKCU"
"command"="C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIFBE.EXE /FU \"C:\\Windows\\TEMP\\E_S2664.tmp\" /EF \"HKCU\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON SX110 Series (Kopie 1)]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EPSON SX110 Series (Kopie 1)"
"hkey"="HKCU"
"command"="C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIFBE.EXE /FU \"C:\\Windows\\TEMP\\E_S46B0.tmp\" /EF \"HKCU\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google EULA Launcher]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google EULA Launcher"
"hkey"="HKLM"
"command"="c:\\Program Files\\Google\\Google EULA\\GoogleEULALauncher.exe IE PA"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Google Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Google Update"
"hkey"="HKCU"
"command"="\"C:\\Users\\****\\AppData\\Local\\Google\\Update\\GoogleUpdate.exe\" /c"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\icq]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="icq"
"hkey"="HKCU"
"command"="C:\\Users\\****\\AppData\\Roaming\\ICQM\\icq.exe -CU"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Pando Media Booster]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Pando Media Booster"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Pando Networks\\Media Booster\\PMB.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickScanner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickScanner"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Defender Pro Quick Scanner\\quickscan.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify"
"hkey"="HKCU"
"command"="\"C:\\Users\\****\\AppData\\Roaming\\Spotify\\Spotify.exe\" /uri spotify:autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify Web Helper"
"hkey"="HKCU"
"command"="\"C:\\Users\\****\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Steam\\steam.exe\" -silent"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UIExec]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UIExec"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\1&1 Surf-Stick\\UIExec.exe\""


==== Startup Folders ======================

2013-05-29 04:23:20	1838	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15.05.2013 16:57]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029538542-3273361527-2256941593-1000Core.job --a------ C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [03.02.2013 17:44]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3029538542-3273361527-2256941593-1000UA.job --a------ C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [03.02.2013 17:44]

==== Firefox Extensions ======================

ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\8zu5s3ea.default
3D928B3FE97C403A33F803B3D1A260C9	- C:\Users\****\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll -	Google Update
7ABE33792F2787D599B6963E71B9E8CD	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll -	Shockwave Flash
ADC539F67D3198679F480974EE203678	- C:\Windows\SysWOW64\npDeployJava1.dll -	Java Deployment Toolkit 7.0.210.11
CF25FDD7CA6BC88442A58F74DBB6CFA6	- C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll -	Shockwave for Director / Shockwave for Director
AB87EEFFD18F2BAAFC274E7075EA6C67	- C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -	Windows Presentation Foundation / Windows Presentation Foundation
DFCAB29E8FD38F95650CC1E203E8D318	- C:\Windows\SysWOW64\npmproxy.dll -	Microsoft® Windows® Operating System


==== Chrome Look ======================

YouTube - **** - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
AdBlock - **** - Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
ProxMate - Improve your Internet - **** - Default\Extensions\hgjpnmnpjmabddgmjdiaggacbololbjm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{483830EE-A4CD-4b71-B0A3-3D82E62A6909} Unknown  Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3029538542-3273361527-2256941593-1000\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\users\****\AppData\Local\Mozilla\Firefox\Profiles\8zu5s3ea.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\****\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\****\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 08.06.2013 at 16:21:35,02 ======================
         
Was ich zum momentanen Zeitpunkt sagen kann:
Die Mocaflix Seiten werden beim Start des Browser nicht mehr geöffnet/gestartet und die BrowserDefender.exe Meldung kommt auch nicht mehr : )


Alt 08.06.2013, 16:57   #6
smeenk
/// Malwareteam / Visitor
 
Browser mocaflix Problem - Standard

Browser mocaflix Problem



Schon das es geklappt hat
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
  • Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
  • Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
  • Kopiere untenstehende Code in das Textfeld:
    Code:
    ATTFilter
    chrdefaults;
    C:\Windows\Sysnative\Tasks\BrowserDefendert;f
    %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender;f
             
  • Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
    Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
  • Poste mir das Log File zoek-results.log


Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


Alt 09.06.2013, 11:47   #7
kryschtel
 
Browser mocaflix Problem - Standard

Browser mocaflix Problem



zoek

Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 03-June-2013
Tool run by **** on 09.06.2013 at  1:00:43,72.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x64
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results08.06.2013-1621.log	21178 bytes

==== Deleting Files \ Folders ======================

"%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender" not found 
"C:\Windows\Sysnative\Tasks\BrowserDefendert" deleted
"C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender\Uninstall BrowserDefender.lnk" deleted
"C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender" deleted

==== Reset Google Chrome ======================

C:\users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\***\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== EOF on 09.06.2013 at  1:01:28,46 ======================
         
MBAR

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.08.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [administrator]

09.06.2013 01:46:19
-log-2013-06-09 (01-46-19).txt

Scan type: Quick scan
Scan options enabled: PUM | P2P
Scan options disabled: Anti-Rootkit | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | Deep Anti-Rootkit Scan | PUP
Objects scanned: 0
Time elapsed: 

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows (TM) Vista Home Premium x64
Ran by **** on 09.06.2013 at  2:20:05,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\8zu5s3ea.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.06.2013 at  2:23:51,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
Zitat:
Zitat von kryschtel Beitrag anzeigen
zoek

Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 03-June-2013
Tool run by **** on 09.06.2013 at  1:00:43,72.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x64
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results08.06.2013-1621.log	21178 bytes

==== Deleting Files \ Folders ======================

"%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender" not found 
"C:\Windows\Sysnative\Tasks\BrowserDefendert" deleted
"C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender\Uninstall BrowserDefender.lnk" deleted
"C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender" deleted

==== Reset Google Chrome ======================

C:\users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\***\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== EOF on 09.06.2013 at  1:01:28,46 ======================
         
MBAR

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.08.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [administrator]

09.06.2013 01:46:19
-log-2013-06-09 (01-46-19).txt

Scan type: Quick scan
Scan options enabled: PUM | P2P
Scan options disabled: Anti-Rootkit | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | Deep Anti-Rootkit Scan | PUP
Objects scanned: 0
Time elapsed: 

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows (TM) Vista Home Premium x64
Ran by **** on 09.06.2013 at  2:20:05,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\8zu5s3ea.default\minidumps [4 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.06.2013 at  2:23:51,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Zu meinem Bedauern muss ich leider mitteilen, dass sich die websearch.mocaflix - Seiten immer noch öffnen

Alt 09.06.2013, 21:16   #8
smeenk
/// Malwareteam / Visitor
 
Browser mocaflix Problem - Standard

Browser mocaflix Problem



Bei welchem Browser hast du diese Probleme, bestehen diese Probleme in alle Browsers?

Alt 09.06.2013, 21:28   #9
kryschtel
 
Browser mocaflix Problem - Standard

Browser mocaflix Problem



Zitat:
Zitat von smeenk Beitrag anzeigen
Bei welchem Browser hast du diese Probleme, bestehen diese Probleme in alle Browsers?
Ich habe dieses Problem nur beim Google Chrome Browser.

Wenn ich Google Chrome startet, erscheint er so:



Nach der Säuberung wurden die Seiten für's Erste nicht mehr angezeigt, aber erschienen dann von selbst wieder, ohne dass ich jegliche Daten oder anderes in dieser Richtung heruntergeladen bzw. installiert habe.

Alt 09.06.2013, 21:40   #10
smeenk
/// Malwareteam / Visitor
 
Browser mocaflix Problem - Standard

Browser mocaflix Problem



Anscheinend ist irgendwas noch aktiv
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
  • Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
  • Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
  • Kopiere untenstehende Code in das Textfeld:
    Code:
    ATTFilter
    chrdefaults;
    %localappdata%\Google\Chrome\User Data\Default\extensions;v
             
  • Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
    Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
  • Poste mir das Log File zoek-results.log

Alt 09.06.2013, 21:55   #11
kryschtel
 
Browser mocaflix Problem - Standard

Browser mocaflix Problem



Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 03-June-2013
Tool run by **** on 09.06.2013 at 22:51:10,66.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x64
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results08.06.2013-1621.log	21178 bytes
C:\zoek-results09.06.2013-0101.log	1060 bytes

==== Folders Found In %localappdata%\Google\Chrome\User Data\Default\extensions ======================

2013-06-08 23:02:02	d-----w-	C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake
2013-06-08 23:02:03	d-----w-	C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf
2013-06-08 23:02:03	d-----w-	C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\extensions\coobgpohoikkiipiblmjeljniedjpjpf
2013-06-08 23:02:03	d-----w-	C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia
2013-06-08 23:02:04	d-----w-	C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
2013-06-09 10:50:57	d-----w-	C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\extensions\gighmmpiobklfepjocnamgkkbiglidom
2013-06-09 10:51:11	d-----w-	C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\extensions\hgjpnmnpjmabddgmjdiaggacbololbjm

==== Reset Google Chrome ======================

C:\users\****\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\****\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== EOF on 09.06.2013 at 22:52:23,33 ======================
         
Jetzt sind die Symptome für's Erste anscheinend wieder fix'd

Alt 09.06.2013, 22:01   #12
smeenk
/// Malwareteam / Visitor
 
Browser mocaflix Problem - Standard

Browser mocaflix Problem



Mach mal eine System-Neustart und teste ob es fix bleibt

Alt 09.06.2013, 22:19   #13
kryschtel
 
Browser mocaflix Problem - Standard

Browser mocaflix Problem



Zitat:
Zitat von smeenk Beitrag anzeigen
Mach mal eine System-Neustart und teste ob es fix bleibt
System-Neustart ausgeführt.
Scheint jetzt erst mal keine Probleme mehr zu geben.

Ich werde auf jeden Fall morgen nochmal ne' Rückmeldung hier abgeben wie der Stand der Dinge ist, sollte das Ok sein.

Ich will jetzt schon mal ein großes Danke für die Hilfe an smeenk und dem Trojaner-Board da lassen

Alt 09.06.2013, 22:21   #14
smeenk
/// Malwareteam / Visitor
 
Browser mocaflix Problem - Standard

Browser mocaflix Problem



OK bis morgen

Alt 10.06.2013, 17:14   #15
kryschtel
 
Browser mocaflix Problem - Standard

Browser mocaflix Problem



Nichts bösartiges mehr gesichtet bis jetzt : )

Antwort

Themen zu Browser mocaflix Problem
adblock, adware.agent, akamai, backdoor.hupigon, browserdefendert, cyberghost, entfernen, flash player, hacktool.injector, homepage, internet browser, league of legends, malware.packer.as, msvcrt, nicht möglich, phishing, pricepeep, programm, realtek, registrierungsdatenbank, software, teamspeak



Ähnliche Themen: Browser mocaflix Problem


  1. Problem mit Browser und PC
    Plagegeister aller Art und deren Bekämpfung - 13.09.2015 (8)
  2. Malware / Browser Problem
    Plagegeister aller Art und deren Bekämpfung - 30.04.2015 (24)
  3. Habe Problem mit jeden Browser
    Plagegeister aller Art und deren Bekämpfung - 02.11.2014 (5)
  4. Problem mit Browser
    Alles rund um Windows - 31.01.2014 (5)
  5. mocaflix.com entfernen
    Anleitungen, FAQs & Links - 24.10.2013 (2)
  6. langsames Internet, LyricsPal, Websearch.Mocaflix
    Plagegeister aller Art und deren Bekämpfung - 25.07.2013 (19)
  7. Chrome|Firefox lädt keine Seiten (websearch.mocaflix.com)
    Log-Analyse und Auswertung - 11.04.2013 (9)
  8. SweetIM & Websearch.mocaflix ...
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (9)
  9. Browser Problem (IE, Opera, Firefox)
    Log-Analyse und Auswertung - 08.03.2012 (6)
  10. p95.com I-net Browser problem
    Log-Analyse und Auswertung - 20.01.2012 (26)
  11. Problem mit Browser
    Plagegeister aller Art und deren Bekämpfung - 17.04.2009 (1)
  12. Internet Browser Problem.
    Log-Analyse und Auswertung - 25.12.2008 (6)
  13. problem mit firefox browser
    Mülltonne - 24.12.2008 (0)
  14. Problem mit Browser / HJT Log-File checken
    Mülltonne - 01.07.2008 (2)
  15. HiJackThis / Browser Problem
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (5)
  16. Problem mit Browser
    Log-Analyse und Auswertung - 05.03.2008 (0)
  17. Problem: Browser Hijacking
    Log-Analyse und Auswertung - 18.08.2004 (23)

Zum Thema Browser mocaflix Problem - Mein Problem: Zum Einen öffnen sich immer zwei Seiten beim Starten von Google Chrome, die websearch.mocaflix heißen und laut Google einen auf Phishing Seiten führen sollen. Ein weiteres Problem ist, - Browser mocaflix Problem...
Archiv
Du betrachtest: Browser mocaflix Problem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.