Sporadische Abstürze des Windows Explorers, modifizierter MBR

AlterHase · 27.01.2014, 18:41

Wir hatten vermehrte Abstürze des Windows Explorers in unregelmäßigen Abständen. Gmer meldete einen unbekannten MBR. Wir führten einen Virenscan mit dem Tool Desinfec't durch. Dabei wurden verschiedene Trojaner gemeldet (Ct-desinfect_Funde.csv).

Code:

ATTFilter

Infizierte Datei,"ggf. Datei in Archiv","Fund durch Avira","Fund durch Bitdefender","Fund durch ClamAV","Fund durch Kaspersky" 		
,,,,, 	
/media/3646EAFF46EABEAD/Windows/winsxs/x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619/volsnap.sys,,,,Win.Trojan.Tdss-22483,
/media/3646EAFF46EABEAD/Windows/System32/DriverStore/FileRepository/volume.inf_1e6030e4/volsnap.sys,,,,Win.Trojan.Tdss-22483, 	
/media/3646EAFF46EABEAD/Users/Guru/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/06FGFL3T/update[1],,,,Trojan.Autoit-128,
/media/18B09D58B09D3D66/Maria/RSSolo_4_german.exe,,,Gen:Variant.Application.MediaFinder.2,, 	
/media/3646EAFF46EABEAD/Users/Edith/Downloads/AutosbauenmitWillySetup-dm.exe,,,,Trojan.TDSS-8633, 	
/media/3646EAFF46EABEAD/Program Files/Microsoft Office/Office12/excelcnv.exe,,,,W32.Virut.Gen.D-163, 	
/media/3646EAFF46EABEAD/Program Files/Botanica - Reise ins Unbekannte/vlsfzhn.exe,,,,Trojan.Downloader-112965, 	
/media/18B09D58B09D3D66/Programme/Office/Office12/XLVIEW.EXE,,,,W32.Virut.Gen.D-163, 	
/media/3646EAFF46EABEAD/Windows/System32/kbd106nd.exe,,TR/Crypt.XPACK.Gen,Gen:Variant.Graftor.124887,, 	
/media/3646EAFF46EABEAD/Program Files/Botanica - Reise ins Unbekannte/Botanica_IntoTheUnknown.exe,,,,Trojan.Downloader-112965, 	
/media/3646EAFF46EABEAD/Windows/System32/DlProtectSvc.exe,,ADWARE/GFilter.A.30,,,

Die Funde wurden mit der Erweiterung .VIRUS umbenannt. Daraufhin wurden die Explorer-Abstürze deutlich weniger. Wegen der Meldung "unbekannter MBR" sind wir aber sehr besorgt, dass wir uns einen gefährlichen Rootkit eingefangen haben

Der Defogger-Log

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:55 on 27/01/2014 (Guru)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Der FRST-Log

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-01-2014
Ran by Guru (administrator) on TRAUMBOY on 27-01-2014 18:00:18
Running from C:\Users\Guru\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(IVT Corporation) D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\E_S00RP2.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\SAgent4.exe
(IVT Corporation) D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Cyberlink Corp.) C:\Program Files\PowerDVD\PDVDServ.exe
(Elaborate Bytes AG) D:\Tools\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
() C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(IVT Corporation) D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Users\Guru\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(ArcSoft, Inc.) C:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RemoteControl] - C:\Program Files\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM\...\Run: [VirtualCloneDrive] - D:\Tools\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [52168 2008-06-29] (Elaborate Bytes AG)
HKLM\...\Run: [Eraser] - C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM\...\Run: [] - [x]
HKLM\...\Run: [HTC Sync Loader] - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [655360 2012-12-12] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [BtTray] - D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [315478 2009-09-02] (IVT Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Guru\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCU\...\Run: [Alamandi tray notifier] - c:\program files\deutschland spielt\alamandi\TaskBarNotifier.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Edith\...\Run: [PC Suite Tray] - "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKU\Edith\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Edith\...\Run: [Alamandi tray notifier] - C:\Program Files\DEUTSCHLAND SPIELT\AlamandiCD\TaskBarNotifier.exe
HKU\Edith\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\Edith\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\Edith\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [ 2011-06-29] (Gemalto N.V.)
HKU\Edith\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Edith\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [ 2013-05-22] ()
HKU\Edith\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Root\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Root\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Root\...\Run: [SpybotSD TeaTimer] - D:\Tools\Spybot - Search & Destroy\TeaTimer.exe
HKU\Root\...\Run: [] - [x]
HKU\Root\...\Run: [NokiaOviSuite2] - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [ 2011-09-01] (Nokia)
HKU\Root\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Root\...\Run: [nvda] - C:\Program Files\NVDA\nvda.exe
HKU\Stefan\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6837] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Application Updater\ApplicationUpdater.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF4581] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9075] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7766] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1604] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF811] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF252] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF214] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2988] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5983] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3516] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6464] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7775] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF927] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings64.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF7016] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2403] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3717] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7601] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1531] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2405] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9092] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5067] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5892] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF501] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1757] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9215] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3912] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2224] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6708] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5492] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7003] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9903] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2359] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4865] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4495] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4060] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4157] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1674] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9414] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF367] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF303] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1138] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7664] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3245] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7549] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4160] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1539] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8642] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4863] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8951] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9461] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3850] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2312] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2170] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6002] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6997] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF2476] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings64.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF7138] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2314] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6549] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF236] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3782] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1250] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7116] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5303] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7838] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8820] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8418] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8119] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2265] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3297] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5843] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5529] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4667] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4698] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5717] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7117] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9717] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3884] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7472] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8045] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1259] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF906] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9713] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3216] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6263] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6918] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8974] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3911] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6988] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5773] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8619] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2254] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4648] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8289] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6896] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9326] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9032] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6286] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8589] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7392] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2609] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8334] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6701] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7300] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2316] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF709] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7554] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3683] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4437] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5968] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF443] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4668] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9855] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2390] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3173] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF33] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6160] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7626] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3622] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7341] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF89] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2204] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1451] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9101] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2143] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9646] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9303] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3054] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [DeleteMarkAny] - C:\Windows\system32\MASetupCleaner.exe [ 2012-12-18] ((주)마크애니)
Startup: C:\Users\Root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk.disabled
ShortcutTarget: OpenOffice.org 3.0.lnk.disabled -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
URLSearchHook: HKLM - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
URLSearchHook: HKCU - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F464F524D3D56453344303126713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&k=0
SearchScopes: HKCU - {0A8AE23C-A3ED-437D-917D-0BA70E1E7F7A} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {5F561372-A6B6-45F1-B03A-1F17A57CFD88} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&k=0
SearchScopes: HKCU - {7917D784-2086-42C1-A64A-5D9243A58FFF} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {9EFD52BD-8D03-470F-A6A3-22F442E06C7C} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {A75FFC07-A59B-4880-8979-34EAEBD8CD9E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
SearchScopes: HKCU - {A8FC31F3-57C3-4DE9-9C3A-2EA3F90F6023} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {F9FFBD07-CBED-4537-9120-845121F47B44} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
BHO: No Name - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: MyEmoticons Class - {DCC39ACE-709B-44EA-B062-5F6BE2774644} - C:\Users\Guru\AppData\Roaming\MyEmoticons\myemoticons-1.4.dll (GreenTree Applications)
Toolbar: HKLM - No Name - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default
FF DefaultSearchEngine: MetaGer
FF SelectedSearchEngine: MetaGer
FF Homepage: hxxp://www.metager.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll No File
FF Plugin: @digitalpublishing.de/dpLaunch - C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @real.com/npracplug;version=1.0.0.0 - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Guru\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npgcplug.dll (RealNetworks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npracplug.dll (RealNetworks)
FF SearchPlugin: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\ashampoo-de-customized-web-search.xml
FF SearchPlugin: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\metager.xml
FF SearchPlugin: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\{CC82F702-0437-4623-B58F-098E34B6D510}.xml
FF SearchPlugin: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\{E77802C1-8764-420A-BDB9-4B5B82C90948}.xml
FF SearchPlugin: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\{F088237D-FE59-4CD3-AC20-23626D5F303F}.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-04]
FF Extension: YouTube mp3 - C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\Extensions\info@youtube-mp3.org.xpi [2012-07-05]
FF Extension: NoScript - C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-07-05]
FF Extension: Adblock Plus - C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF HKLM\...\Firefox\Extensions: [myemoticons@myemoticons.com] - C:\Users\Guru\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.4
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ []
FF HKCU\...\Firefox\Extensions: [extension@preispilot.com] - C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\extensions\extension@preispilot.com

========================== Services (Whitelisted) =================

R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.)
R2 BlueSoleilCS; D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1466476 2009-09-02] (IVT Corporation)
R3 BsHelpCS; D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [102503 2009-09-02] (IVT Corporation)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2007-05-23] (CrypKey (Canada) Ltd.)
R2 EPSON_PM_RPCV2_02; C:\Windows\system32\E_S00RP2.EXE [65536 2004-02-19] (SEIKO EPSON CORPORATION)
S2 gupdate1c986be46fae48f; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-04] (Google Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
S4 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StatusAgent4; C:\Windows\system32\SAgent4.exe [122880 2002-12-11] (SEIKO EPSON CORPORATION)
S4 uvnc_service; D:\Program Files\UltraVNC\winvnc.exe [1830856 2009-07-09] (UltraVNC)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
S4 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [x]
S2 mshta32; C:\Windows\system32\kbd106nd.exe [x]
S4 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [x]

==================== Drivers (Whitelisted) ====================

R2 ACEDRV06; C:\Windows\system32\drivers\ACEDRV06.sys [99840 2010-04-29] (Protect Software GmbH)
R2 ACEDRV08; C:\Windows\system32\drivers\ACEDRV08.sys [108768 2009-10-07] (Protect Software GmbH)
R2 acedrv09; C:\Windows\system32\drivers\acedrv09.sys [373568 2007-06-18] (Protect Software GmbH)
R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 acehlp09; C:\Windows\system32\drivers\acehlp09.sys [201696 2007-05-30] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH)
S3 ADDMEM; C:\Users\Root\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [3205 2010-12-10] ()
S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [306816 2009-04-17] (AfaTech                  )
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2009-10-08] ()
S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [33800 2009-06-17] (IVT Corporation.)
S3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27528 2009-06-17] (IVT Corporation.)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [14528 2014-01-22] (Glarysoft Ltd)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [17928 2009-06-17] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [39304 2009-07-08] (IVT Corporation.)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20744 2009-06-17] (IVT Corporation.)
R3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [29192 2009-06-17] ()
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24392 2008-07-21] (Elaborate Bytes AG)
S3 gdrv; C:\Windows\gdrv.sys [17488 2009-12-17] (Windows (R) 2000 DDK provider)
R3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [25480 2009-06-17] (IVT Corporation.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-09-12] (SAMSUNG ELECTRONICS CO., LTD.)
S3 KOBCCEX; C:\Windows\System32\drivers\KOBCCEX.sys [23680 2008-07-09] (KOBIL Systems GmbH)
S3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [94720 2012-07-09] (KOBIL Systems GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2009-01-30] ()
S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [22016 2007-10-11] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKslb7c69aa2; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C357B258-6A65-4DBB-B5F1-0EB83AB66D03}\MpKslb7c69aa2.sys [40392 2014-01-27] (Microsoft Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [16896 2007-05-01] ()
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2011-12-09] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2011-12-09] (RapidSolution Software AG)
R1 SCT_SKMScan; C:\Windows\System32\DRIVERS\sct_skmscan.sys [33568 2011-03-09] (Sophos Plc)
S3 SIVDRIVER; C:\Windows\system32\Drivers\SIVX32.sys [72256 2010-09-13] (Ray Hinchliffe)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39016 2011-12-09] (RapidSolution Software AG)
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [91472 2009-08-05] (Sun Microsystems, Inc.)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [14856 2009-06-17] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [32392 2009-06-17] (IVT Corporation.)
S3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [243840 2009-01-23] (Vimicro Corporation)
S1 Ai2Chroniker; system32\DRIVERS\Ai2Chroniker.sys [x]
S3 Ai2Mmpd; system32\DRIVERS\Ai2Mmpd.sys [x]
S0 BTHidEnum; System32\Drivers\vbtenum.sys [x]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [x]
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; system32\drivers\btwavdt.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 cpuz134; \??\C:\Users\Root\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
U3 awtiipog; \??\C:\Users\Guru\AppData\Local\Temp\awtiipog.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-27 18:00 - 2014-01-27 18:00 - 00044438 _____ C:\Users\Guru\Desktop\FRST.txt
2014-01-27 17:58 - 2014-01-27 17:58 - 01223168 _____ (Farbar) C:\Users\Guru\Desktop\FRST.exe
2014-01-27 17:51 - 2014-01-25 01:01 - 00080384 _____ C:\Users\Guru\Desktop\MBRCheck.exe
2014-01-27 17:22 - 2014-01-27 17:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-27 17:22 - 2014-01-27 17:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-25 01:27 - 2014-01-25 01:27 - 00606080 _____ C:\Users\Edith\Downloads\hxd hex editor setup.exe
2014-01-25 01:03 - 2014-01-25 01:03 - 00000512 _____ C:\mbr.bin
2014-01-25 01:01 - 2014-01-25 01:01 - 00080384 _____ C:\Users\Edith\Desktop\MBRCheck.exe
2014-01-24 00:01 - 2014-01-27 17:47 - 00000320 _____ C:\Windows\Tasks\GlaryInitialize 4.job
2014-01-24 00:01 - 2014-01-24 00:01 - 00000681 _____ C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-01-24 00:01 - 2014-01-24 00:01 - 00000681 _____ C:\ProgramData\Desktop\Glary Utilities 4.lnk
2014-01-24 00:01 - 2014-01-24 00:01 - 00000000 ____D C:\ProgramData\GlarySoft
2014-01-24 00:01 - 2014-01-22 02:16 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-01-24 00:01 - 2014-01-22 02:09 - 00014528 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-01-23 23:13 - 2014-01-23 23:12 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-23 23:13 - 2014-01-23 23:12 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-23 23:13 - 2014-01-23 23:12 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-23 23:13 - 2014-01-23 23:12 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-23 23:11 - 2014-01-23 23:11 - 00921512 _____ (Oracle Corporation) C:\Users\Guru\Downloads\jre-7u51-windows-i586-iftw.exe
2014-01-23 22:46 - 2014-01-23 22:46 - 00000607 _____ C:\Users\Guru\Desktop\CDex170.lnk
2014-01-23 22:18 - 2014-01-23 22:18 - 00921000 _____ (Oracle Corporation) C:\Users\Guru\Downloads\jxpiinstall.exe
2014-01-23 20:13 - 2014-01-23 13:33 - 00001359 _____ C:\Users\Guru\Desktop\metascan.csv
2014-01-23 20:10 - 2014-01-23 20:10 - 00000489 _____ C:\Users\Guru\Desktop\gmer.log
2014-01-23 19:54 - 2014-01-23 19:54 - 00000000 ____D C:\FRST
2014-01-23 19:52 - 2014-01-27 17:55 - 00000470 _____ C:\Users\Guru\Desktop\defogger_disable.log
2014-01-23 19:52 - 2014-01-23 19:52 - 00000000 _____ C:\Users\Guru\defogger_reenable
2014-01-23 19:51 - 2014-01-23 19:51 - 00380416 _____ C:\Users\Guru\Desktop\xqe2i78s.exe
2014-01-23 19:37 - 2014-01-23 19:37 - 00050477 _____ C:\Users\Guru\Desktop\Defogger.exe
2014-01-23 16:44 - 2014-01-23 16:44 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Mael
2014-01-23 16:22 - 2014-01-23 16:50 - 00000000 ____D C:\Users\Guru\Virus-Analyse
2014-01-23 15:55 - 2014-01-23 16:44 - 00001801 _____ C:\Users\Guru\Last session Guru.prj
2014-01-23 15:37 - 2014-01-23 15:37 - 00000536 _____ C:\Users\Public\Desktop\HxD.lnk
2014-01-23 15:37 - 2014-01-23 15:37 - 00000536 _____ C:\ProgramData\Desktop\HxD.lnk
2014-01-23 14:45 - 2014-01-23 14:45 - 00000610 _____ C:\Users\Public\Desktop\Speccy.lnk
2014-01-23 14:45 - 2014-01-23 14:45 - 00000610 _____ C:\ProgramData\Desktop\Speccy.lnk
2014-01-23 14:37 - 2014-01-23 23:58 - 00000000 ____D C:\Users\Guru\Downloads\Tools
2014-01-23 14:09 - 2014-01-23 14:09 - 00000388 _____ C:\Users\Guru\Documents\gmer2.1.19324.log
2014-01-23 00:46 - 2014-01-23 00:46 - 00096256 _____ C:\Windows\system32\DlProtectSvc.exe.VIRUS
2014-01-23 00:46 - 2014-01-23 00:46 - 00070656 _____ C:\Windows\system32\kbd106nd.exe.VIRUS
2014-01-23 00:46 - 2014-01-23 00:46 - 00012800 _____ C:\ProgramData\dlprotect.exe
2014-01-23 00:46 - 2014-01-23 00:46 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Windows Net Data
2014-01-23 00:45 - 2014-01-23 00:45 - 00000147 _____ C:\Users\Guru\Desktop\Goodgame Empire.url
2014-01-23 00:44 - 2014-01-24 00:50 - 00000000 ____D C:\Users\Guru\AppData\Local\DownloadGuide
2014-01-23 00:44 - 2014-01-23 00:44 - 00621800 _____ C:\Users\Guru\Downloads\GMER_Setup_Download.exe
2014-01-22 15:05 - 2012-04-27 15:41 - 01317376 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2014-01-22 01:20 - 2014-01-24 00:01 - 00000000 ____D C:\Users\Guru\AppData\Roaming\GlarySoft
2014-01-22 00:58 - 2014-01-22 00:58 - 00000000 ____D C:\Users\Guru\AppData\Roaming\aignes
2014-01-21 15:34 - 2014-01-21 15:34 - 00000000 _____ C:\Users\Guru\daemonprocess.txt
2014-01-20 13:35 - 2014-01-20 13:35 - 00000000 ____D C:\Users\Guru\AppData\Roaming\EAC
2014-01-20 13:35 - 2014-01-20 13:35 - 00000000 ____D C:\Users\Guru\AppData\Roaming\AccurateRip
2014-01-20 12:47 - 2014-01-20 12:47 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Mp3jam
2014-01-20 12:15 - 2014-01-21 15:49 - 00000000 ____D C:\Users\Guru\AppData\Local\Mobogenie
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D C:\Users\Guru\Documents\Mobogenie
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D C:\Users\Guru\AppData\Local\cache
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D C:\Users\Guru\.android
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 _____ C:\Users\Edith\daemonprocess.txt
2014-01-20 12:14 - 2014-01-20 12:15 - 00000000 ____D C:\Program Files\Mobogenie
2014-01-20 12:14 - 2014-01-20 12:14 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Mp3jam
2014-01-14 23:04 - 2014-01-14 23:04 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Screenshots
2014-01-14 22:12 - 2014-01-14 22:12 - 00000000 ____D C:\Users\Edith\AppData\Roaming\AlexanderTheGreat
2014-01-14 22:11 - 2014-01-14 22:11 - 00000000 ____D C:\Program Files\Playrix Entertainment
2014-01-12 23:41 - 2014-01-13 19:55 - 00001767 _____ C:\Users\Edith\Documents\captune.log
2014-01-08 22:44 - 2014-01-08 22:44 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Maximize Games
2014-01-04 16:58 - 2014-01-04 16:58 - 00000000 ____D C:\Users\Edith\AppData\Local\Astar Games
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Maximize Games
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\ProgramData\Maximize Games
2014-01-04 16:12 - 2014-01-04 16:12 - 00002012 _____ C:\Users\Public\Desktop\Silent Scream Die Tänzerin.lnk
2014-01-04 16:12 - 2014-01-04 16:12 - 00002012 _____ C:\ProgramData\Desktop\Silent Scream Die Tänzerin.lnk
2014-01-04 16:11 - 2014-01-24 22:44 - 00002549 _____ C:\Users\Public\Desktop\Dreamland.lnk
2014-01-04 16:11 - 2014-01-24 22:44 - 00002549 _____ C:\ProgramData\Desktop\Dreamland.lnk
2014-01-04 16:10 - 2014-01-04 16:18 - 00002867 _____ C:\Users\Public\Desktop\Prinzessin Isabella Die Rückkehr des Fluches Sammleredition.lnk
2014-01-04 16:10 - 2014-01-04 16:18 - 00002867 _____ C:\ProgramData\Desktop\Prinzessin Isabella Die Rückkehr des Fluches Sammleredition.lnk
2014-01-04 16:05 - 2014-01-04 16:19 - 00002447 _____ C:\Users\Public\Desktop\GAME CENTER.lnk
2014-01-04 16:05 - 2014-01-04 16:19 - 00002447 _____ C:\ProgramData\Desktop\GAME CENTER.lnk
2014-01-04 16:05 - 2014-01-04 16:12 - 00000000 ____D C:\Program Files\DEUTSCHLAND SPIELT
2014-01-04 13:59 - 2014-01-21 22:58 - 00000000 ____D C:\Users\Edith\AppData\Local\bluesoleil
2014-01-04 13:05 - 2014-01-04 13:47 - 00000257 _____ C:\Windows\system32\SHORTCUT.INI
2014-01-04 13:05 - 2014-01-04 13:08 - 00000130 _____ C:\Windows\system32\REMOTEDEVICE.INI
2014-01-04 13:04 - 2014-01-27 17:46 - 00005064 _____ C:\Windows\system32\LOCALSERVICE.INI
2014-01-04 13:04 - 2014-01-04 13:52 - 00000100 _____ C:\Windows\system32\LOCALDEVICE.INI
2014-01-04 12:43 - 2014-01-21 22:58 - 00000000 ____D C:\Users\Guru\AppData\Local\bluesoleil
2014-01-04 12:34 - 2014-01-04 12:34 - 00000000 _____ C:\Windows\system32\BSPRINT.INI
2014-01-02 17:06 - 2014-01-02 17:08 - 00000000 ____D C:\Users\Edith\Test
2014-01-02 13:57 - 2014-01-21 23:44 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Dropbox
2014-01-02 13:56 - 2014-01-21 23:49 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Dropbox
2013-12-30 13:02 - 2013-12-30 13:29 - 00000000 ____D C:\Users\Edith\AppData\Roaming\ImgBurn
2013-12-30 12:54 - 2013-12-30 12:54 - 00000692 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2013-12-30 12:54 - 2013-12-30 12:54 - 00000692 _____ C:\ProgramData\Desktop\ImgBurn.lnk

==================== One Month Modified Files and Folders =======

2014-01-27 18:00 - 2014-01-27 18:00 - 00044438 _____ C:\Users\Guru\Desktop\FRST.txt
2014-01-27 17:59 - 2009-08-26 12:51 - 00000440 _____ C:\Windows\Tasks\ParetoLogic Registration.job
2014-01-27 17:58 - 2014-01-27 17:58 - 01223168 _____ (Farbar) C:\Users\Guru\Desktop\FRST.exe
2014-01-27 17:55 - 2014-01-23 19:52 - 00000470 _____ C:\Users\Guru\Desktop\defogger_disable.log
2014-01-27 17:47 - 2014-01-24 00:01 - 00000320 _____ C:\Windows\Tasks\GlaryInitialize 4.job
2014-01-27 17:46 - 2014-01-04 13:04 - 00005064 _____ C:\Windows\system32\LOCALSERVICE.INI
2014-01-27 17:46 - 2009-07-01 11:21 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-27 17:46 - 2009-03-10 15:14 - 00000416 ____H C:\Windows\Tasks\SupBackGroundTask.job
2014-01-27 17:22 - 2014-01-27 17:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-27 17:22 - 2014-01-27 17:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-27 17:22 - 2008-12-19 22:29 - 00000000 ____D C:\Users\Guru\AppData\Local\Adobe
2014-01-27 17:19 - 2008-10-18 09:21 - 01647548 _____ C:\Windows\WindowsUpdate.log
2014-01-27 17:05 - 2013-02-23 14:27 - 00022940 _____ C:\Windows\error.log
2014-01-27 17:05 - 2009-09-07 15:42 - 00000933 _____ C:\Windows\system32\bscs.ini
2014-01-27 17:05 - 2008-01-21 03:47 - 01236402 _____ C:\Windows\PFRO.log
2014-01-27 17:05 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-27 17:05 - 2006-11-02 13:47 - 00004912 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-27 17:05 - 2006-11-02 13:47 - 00004912 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-27 17:04 - 2006-11-02 14:01 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-27 17:01 - 2009-07-01 11:21 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-26 21:43 - 2012-02-27 22:22 - 00002391 _____ C:\Users\Edith\Desktop\capella reader.lnk
2014-01-26 16:43 - 2008-09-12 02:46 - 00000000 ____D C:\Windows\nvtmpinst
2014-01-26 01:35 - 2010-11-21 18:39 - 00000000 ___RD C:\Users\Edith\Mails
2014-01-26 01:28 - 2011-12-28 16:07 - 00000000 ____D C:\Users\Edith\AppData\Roaming\vlc
2014-01-26 00:40 - 2008-12-19 20:49 - 00000000 ____D C:\Users\Edith
2014-01-26 00:40 - 2008-12-18 21:09 - 00000000 ____D C:\Users\Guru
2014-01-25 23:29 - 2010-10-10 21:50 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-25 17:25 - 2006-11-02 11:33 - 01646180 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-25 01:27 - 2014-01-25 01:27 - 00606080 _____ C:\Users\Edith\Downloads\hxd hex editor setup.exe
2014-01-25 01:03 - 2014-01-25 01:03 - 00000512 _____ C:\mbr.bin
2014-01-25 01:01 - 2014-01-27 17:51 - 00080384 _____ C:\Users\Guru\Desktop\MBRCheck.exe
2014-01-25 01:01 - 2014-01-25 01:01 - 00080384 _____ C:\Users\Edith\Desktop\MBRCheck.exe
2014-01-24 22:44 - 2014-01-04 16:11 - 00002549 _____ C:\Users\Public\Desktop\Dreamland.lnk
2014-01-24 22:44 - 2014-01-04 16:11 - 00002549 _____ C:\ProgramData\Desktop\Dreamland.lnk
2014-01-24 01:12 - 2012-05-08 00:21 - 00000000 ____D C:\Program Files\StarMoney 8.0 S-Edition
2014-01-24 00:57 - 2008-12-18 21:09 - 00001501 _____ C:\Users\Guru\Desktop\Windows Explorer.lnk
2014-01-24 00:50 - 2014-01-23 00:44 - 00000000 ____D C:\Users\Guru\AppData\Local\DownloadGuide
2014-01-24 00:16 - 2013-11-10 18:19 - 00001064 _____ C:\Users\Edith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-01-24 00:16 - 2013-11-10 18:19 - 00001056 _____ C:\Users\Edith\Desktop\Mozilla Firefox.lnk
2014-01-24 00:16 - 2010-08-04 11:37 - 00000998 _____ C:\Users\Root\Desktop\Procmon.exe - Verknüpfung.lnk
2014-01-24 00:15 - 2013-01-15 23:52 - 00001231 _____ C:\Users\Edith\Desktop\Handbuch_GT-N7105_UM_Open_Jellybean_Ger_Rev.1.1_121106_Screen.pdf - Verknüpfung.lnk
2014-01-24 00:15 - 2011-08-21 13:28 - 00000956 _____ C:\Users\Edith\Desktop\Mobile Atlas Creator.exe - Verknüpfung.lnk
2014-01-24 00:14 - 2011-01-22 10:33 - 00001139 _____ C:\Users\Edith\Desktop\HTC_Desire_HD_Benutzerhandbuch.pdf - Verknüpfung.lnk
2014-01-24 00:14 - 2008-12-29 17:15 - 00000903 _____ C:\Users\Stefan\Desktop\DiscSpeed_5.0.1.250.exe - Verknüpfung.lnk
2014-01-24 00:01 - 2014-01-24 00:01 - 00000681 _____ C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-01-24 00:01 - 2014-01-24 00:01 - 00000681 _____ C:\ProgramData\Desktop\Glary Utilities 4.lnk
2014-01-24 00:01 - 2014-01-24 00:01 - 00000000 ____D C:\ProgramData\GlarySoft
2014-01-24 00:01 - 2014-01-22 01:20 - 00000000 ____D C:\Users\Guru\AppData\Roaming\GlarySoft
2014-01-23 23:58 - 2014-01-23 14:37 - 00000000 ____D C:\Users\Guru\Downloads\Tools
2014-01-23 23:17 - 2013-11-01 14:44 - 00000000 ____D C:\ProgramData\Oracle
2014-01-23 23:12 - 2014-01-23 23:13 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-23 23:12 - 2014-01-23 23:13 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-23 23:12 - 2014-01-23 23:13 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-23 23:12 - 2014-01-23 23:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-23 23:11 - 2014-01-23 23:11 - 00921512 _____ (Oracle Corporation) C:\Users\Guru\Downloads\jre-7u51-windows-i586-iftw.exe
2014-01-23 22:46 - 2014-01-23 22:46 - 00000607 _____ C:\Users\Guru\Desktop\CDex170.lnk
2014-01-23 22:18 - 2014-01-23 22:18 - 00921000 _____ (Oracle Corporation) C:\Users\Guru\Downloads\jxpiinstall.exe
2014-01-23 21:40 - 2011-12-19 18:24 - 00000000 ____D C:\Users\Guru\AppData\Roaming\vlc
2014-01-23 20:10 - 2014-01-23 20:10 - 00000489 _____ C:\Users\Guru\Desktop\gmer.log
2014-01-23 20:07 - 2012-07-08 14:25 - 00000000 ____D C:\Users\Guru\Downloads\Virus-Tools
2014-01-23 19:54 - 2014-01-23 19:54 - 00000000 ____D C:\FRST
2014-01-23 19:52 - 2014-01-23 19:52 - 00000000 _____ C:\Users\Guru\defogger_reenable
2014-01-23 19:51 - 2014-01-23 19:51 - 00380416 _____ C:\Users\Guru\Desktop\xqe2i78s.exe
2014-01-23 19:37 - 2014-01-23 19:37 - 00050477 _____ C:\Users\Guru\Desktop\Defogger.exe
2014-01-23 16:50 - 2014-01-23 16:22 - 00000000 ____D C:\Users\Guru\Virus-Analyse
2014-01-23 16:44 - 2014-01-23 16:44 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Mael
2014-01-23 16:44 - 2014-01-23 15:55 - 00001801 _____ C:\Users\Guru\Last session Guru.prj
2014-01-23 15:37 - 2014-01-23 15:37 - 00000536 _____ C:\Users\Public\Desktop\HxD.lnk
2014-01-23 15:37 - 2014-01-23 15:37 - 00000536 _____ C:\ProgramData\Desktop\HxD.lnk
2014-01-23 14:45 - 2014-01-23 14:45 - 00000610 _____ C:\Users\Public\Desktop\Speccy.lnk
2014-01-23 14:45 - 2014-01-23 14:45 - 00000610 _____ C:\ProgramData\Desktop\Speccy.lnk
2014-01-23 14:09 - 2014-01-23 14:09 - 00000388 _____ C:\Users\Guru\Documents\gmer2.1.19324.log
2014-01-23 13:33 - 2014-01-23 20:13 - 00001359 _____ C:\Users\Guru\Desktop\metascan.csv
2014-01-23 00:46 - 2014-01-23 00:46 - 00096256 _____ C:\Windows\system32\DlProtectSvc.exe.VIRUS
2014-01-23 00:46 - 2014-01-23 00:46 - 00070656 _____ C:\Windows\system32\kbd106nd.exe.VIRUS
2014-01-23 00:46 - 2014-01-23 00:46 - 00012800 _____ C:\ProgramData\dlprotect.exe
2014-01-23 00:46 - 2014-01-23 00:46 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Windows Net Data
2014-01-23 00:45 - 2014-01-23 00:45 - 00000147 _____ C:\Users\Guru\Desktop\Goodgame Empire.url
2014-01-23 00:44 - 2014-01-23 00:44 - 00621800 _____ C:\Users\Guru\Downloads\GMER_Setup_Download.exe
2014-01-22 02:16 - 2014-01-24 00:01 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-01-22 02:09 - 2014-01-24 00:01 - 00014528 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-01-22 00:58 - 2014-01-22 00:58 - 00000000 ____D C:\Users\Guru\AppData\Roaming\aignes
2014-01-22 00:15 - 2009-12-16 17:09 - 00000000 ____D C:\Users\Edith\Chor
2014-01-21 23:49 - 2014-01-02 13:56 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Dropbox
2014-01-21 23:44 - 2014-01-02 13:57 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Dropbox
2014-01-21 23:37 - 2013-08-14 15:31 - 00000000 ____D C:\Windows\system32\MRT
2014-01-21 23:15 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-21 23:00 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\Msdtc
2014-01-21 23:00 - 2006-11-02 11:22 - 69206016 _____ C:\Windows\system32\config\software_previous
2014-01-21 23:00 - 2006-11-02 11:22 - 45613056 _____ C:\Windows\system32\config\components_previous
2014-01-21 23:00 - 2006-11-02 11:22 - 24117248 _____ C:\Windows\system32\config\system_previous
2014-01-21 23:00 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\default_previous
2014-01-21 23:00 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2014-01-21 23:00 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2014-01-21 22:59 - 2008-12-20 22:00 - 00000000 ____D C:\Users\Stefan
2014-01-21 22:59 - 2008-12-20 17:08 - 00000000 ____D C:\Users\Root
2014-01-21 22:58 - 2014-01-04 13:59 - 00000000 ____D C:\Users\Edith\AppData\Local\bluesoleil
2014-01-21 22:58 - 2014-01-04 12:43 - 00000000 ____D C:\Users\Guru\AppData\Local\bluesoleil
2014-01-21 22:58 - 2013-11-14 21:42 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP MP3 Converter
2014-01-21 22:58 - 2013-03-26 13:58 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud
2014-01-21 22:58 - 2013-03-06 22:39 - 00000000 ____D C:\Users\Guru\AppData\Roaming\nvda
2014-01-21 22:58 - 2013-03-02 22:00 - 00000000 ____D C:\Users\Guru\AppData\Local\fd
2014-01-21 22:58 - 2013-02-26 21:38 - 00000000 ____D C:\Users\Guru\Documents\Das Vermachtnis - Das Geheimniss des Verchollenen Konigreiches
2014-01-21 22:58 - 2013-02-24 17:26 - 00000000 ___RD C:\Users\Guru\Documents\IVONA Reader Podcasts
2014-01-21 22:58 - 2013-01-17 00:21 - 00000000 ____D C:\Users\Edith\AppData\Roaming\MyPhoneExplorer
2014-01-21 22:58 - 2013-01-08 00:32 - 00000000 ____D C:\Users\Guru\AppData\Roaming\DVDVideoSoft
2014-01-21 22:58 - 2013-01-06 13:54 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-01-21 22:58 - 2013-01-06 13:36 - 00000000 ____D C:\Users\Edith\AppData\Roaming\IrfanView
2014-01-21 22:58 - 2013-01-06 13:33 - 00000000 ____D C:\Users\Guru\AppData\Roaming\IrfanView
2014-01-21 22:58 - 2012-11-09 21:56 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fritz und Fertig
2014-01-21 22:58 - 2012-10-31 17:37 - 00000000 ____D C:\Users\Guru\AppData\Roaming\MyEmoticons
2014-01-21 22:58 - 2012-10-31 17:37 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyEmoticons
2014-01-21 22:58 - 2012-10-15 23:02 - 00000000 ____D C:\Users\Guru\Documents\Audible
2014-01-21 22:58 - 2012-07-29 00:51 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Tales - Der Mord in der Rue Morgue von Edgar Allan Poe
2014-01-21 22:58 - 2012-04-10 19:03 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Skype
2014-01-21 22:58 - 2011-12-26 23:59 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Dimensions - Stadt im Nebel Sammleredition
2014-01-21 22:58 - 2011-11-28 14:16 - 00000000 ____D C:\Users\Guru\AppData\Roaming\MusE
2014-01-21 22:58 - 2011-11-26 23:34 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\capella-software
2014-01-21 22:58 - 2011-10-26 00:46 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - Gefaehrliche Schatten Sammleredition
2014-01-21 22:58 - 2011-08-10 23:06 - 00000000 ____D C:\Users\Guru\AppData\Roaming\TOMI3
2014-01-21 22:58 - 2011-07-11 11:47 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2014-01-21 22:58 - 2011-05-22 20:29 - 00000000 ____D C:\Users\Guru\Documents\DVDVideoSoft
2014-01-21 22:58 - 2010-11-01 15:24 - 00000000 ____D C:\Users\Guru\AppData\Roaming\GetRightToGo
2014-01-21 22:58 - 2010-10-12 21:20 - 00000000 ____D C:\BigFishGamesCache
2014-01-21 22:58 - 2009-12-07 01:32 - 00000000 ___RD C:\Users\Guru\dwhelper
2014-01-21 22:58 - 2009-10-07 12:22 - 00000000 ___SD C:\Users\Guru\Documents\Eigene Webs
2014-01-21 22:58 - 2009-08-03 15:48 - 00000000 ____D C:\Users\Guru\10DaysUnderTheSea
2014-01-21 22:58 - 2009-06-25 13:29 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Thunderbird
2014-01-21 22:58 - 2009-01-30 23:22 - 00000000 ____D C:\Users\Guru\AppData\Roaming\.pknowledge
2014-01-21 22:58 - 2009-01-25 00:29 - 00000000 ____D C:\Users\Guru\AppData\Roaming\TMInc
2014-01-21 22:58 - 2009-01-23 23:00 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\COKTEL
2014-01-21 22:58 - 2008-12-31 16:10 - 00000000 ____D C:\Users\Edith\AppData\Roaming\dvdcss
2014-01-21 22:58 - 2008-12-18 21:09 - 00000000 ___RD C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-21 22:58 - 2008-12-18 21:09 - 00000000 ___RD C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-21 22:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool
2014-01-21 22:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2014-01-21 21:56 - 2008-09-12 04:49 - 00000000 ____D C:\Windows\Options
2014-01-21 15:49 - 2014-01-20 12:15 - 00000000 ____D C:\Users\Guru\AppData\Local\Mobogenie
2014-01-21 15:34 - 2014-01-21 15:34 - 00000000 _____ C:\Users\Guru\daemonprocess.txt
2014-01-20 13:35 - 2014-01-20 13:35 - 00000000 ____D C:\Users\Guru\AppData\Roaming\EAC
2014-01-20 13:35 - 2014-01-20 13:35 - 00000000 ____D C:\Users\Guru\AppData\Roaming\AccurateRip
2014-01-20 12:47 - 2014-01-20 12:47 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Mp3jam
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D C:\Users\Guru\Documents\Mobogenie
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D C:\Users\Guru\AppData\Local\cache
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D C:\Users\Guru\.android
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 _____ C:\Users\Edith\daemonprocess.txt
2014-01-20 12:15 - 2014-01-20 12:14 - 00000000 ____D C:\Program Files\Mobogenie
2014-01-20 12:14 - 2014-01-20 12:14 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Mp3jam
2014-01-19 08:32 - 2009-10-03 06:02 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-14 23:04 - 2014-01-14 23:04 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Screenshots
2014-01-14 22:12 - 2014-01-14 22:12 - 00000000 ____D C:\Users\Edith\AppData\Roaming\AlexanderTheGreat
2014-01-14 22:11 - 2014-01-14 22:11 - 00000000 ____D C:\Program Files\Playrix Entertainment
2014-01-13 19:55 - 2014-01-12 23:41 - 00001767 _____ C:\Users\Edith\Documents\captune.log
2014-01-08 22:44 - 2014-01-08 22:44 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Maximize Games
2014-01-06 23:40 - 2009-04-23 18:31 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Boomzap
2014-01-06 01:28 - 2010-03-13 18:31 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Boomzap
2014-01-05 13:45 - 2013-08-26 14:40 - 00000819 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-05 13:45 - 2013-08-26 14:40 - 00000819 _____ C:\ProgramData\Desktop\VLC media player.lnk
2014-01-04 16:58 - 2014-01-04 16:58 - 00000000 ____D C:\Users\Edith\AppData\Local\Astar Games
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Maximize Games
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\ProgramData\Maximize Games
2014-01-04 16:19 - 2014-01-04 16:05 - 00002447 _____ C:\Users\Public\Desktop\GAME CENTER.lnk
2014-01-04 16:19 - 2014-01-04 16:05 - 00002447 _____ C:\ProgramData\Desktop\GAME CENTER.lnk
2014-01-04 16:18 - 2014-01-04 16:10 - 00002867 _____ C:\Users\Public\Desktop\Prinzessin Isabella Die Rückkehr des Fluches Sammleredition.lnk
2014-01-04 16:18 - 2014-01-04 16:10 - 00002867 _____ C:\ProgramData\Desktop\Prinzessin Isabella Die Rückkehr des Fluches Sammleredition.lnk
2014-01-04 16:12 - 2014-01-04 16:12 - 00002012 _____ C:\Users\Public\Desktop\Silent Scream Die Tänzerin.lnk
2014-01-04 16:12 - 2014-01-04 16:12 - 00002012 _____ C:\ProgramData\Desktop\Silent Scream Die Tänzerin.lnk
2014-01-04 16:12 - 2014-01-04 16:05 - 00000000 ____D C:\Program Files\DEUTSCHLAND SPIELT
2014-01-04 16:05 - 2008-12-18 22:43 - 00000000 ____D C:\Program Files\OXXOGames
2014-01-04 15:02 - 2010-04-29 21:57 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tivola
2014-01-04 13:52 - 2014-01-04 13:04 - 00000100 _____ C:\Windows\system32\LOCALDEVICE.INI
2014-01-04 13:47 - 2014-01-04 13:05 - 00000257 _____ C:\Windows\system32\SHORTCUT.INI
2014-01-04 13:25 - 2008-12-20 01:16 - 00005632 _____ C:\Users\Guru\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-04 13:08 - 2014-01-04 13:05 - 00000130 _____ C:\Windows\system32\REMOTEDEVICE.INI
2014-01-04 13:03 - 2008-09-12 05:01 - 00002039 _____ C:\Users\Public\Desktop\Samsung Update Plus.lnk
2014-01-04 13:03 - 2008-09-12 05:01 - 00002039 _____ C:\ProgramData\Desktop\Samsung Update Plus.lnk
2014-01-04 12:34 - 2014-01-04 12:34 - 00000000 _____ C:\Windows\system32\BSPRINT.INI
2014-01-04 12:34 - 2009-06-10 00:51 - 00000032 _____ C:\Windows\0
2014-01-04 12:21 - 2009-06-09 21:39 - 00000000 ____D C:\ProgramData\Bluetooth
2014-01-02 18:17 - 2012-10-29 14:18 - 00000000 ____D C:\Users\Edith\Documents\Amazon Music Importer
2014-01-02 17:08 - 2014-01-02 17:06 - 00000000 ____D C:\Users\Edith\Test
2014-01-02 15:26 - 2011-01-23 23:04 - 00000000 ____D C:\Users\Edith\AppData\Roaming\HTC
2014-01-02 12:19 - 2011-06-30 10:19 - 00001534 _____ C:\ProgramData\ss.ini
2014-01-01 16:28 - 2009-08-26 12:51 - 00000414 _____ C:\Windows\Tasks\ParetoLogic Update Version2.job
2013-12-30 19:35 - 2008-09-12 20:41 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-12-30 13:29 - 2013-12-30 13:02 - 00000000 ____D C:\Users\Edith\AppData\Roaming\ImgBurn
2013-12-30 12:54 - 2013-12-30 12:54 - 00000692 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2013-12-30 12:54 - 2013-12-30 12:54 - 00000692 _____ C:\ProgramData\Desktop\ImgBurn.lnk

Files to move or delete:
====================
C:\ProgramData\dlprotect.exe


Some content of TEMP:
====================
C:\Users\Edith\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Edith\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Edith\AppData\Local\Temp\LEGOLOTR.exe
C:\Users\Root\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\Root\AppData\Local\Temp\AskSLib.dll
C:\Users\Root\AppData\Local\Temp\ConResGr.dll
C:\Users\Root\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Root\AppData\Local\Temp\NEventMessages.dll
C:\Users\Root\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Root\AppData\Local\Temp\setup_3.0.5481.exe
C:\Users\Root\AppData\Local\Temp\siw_sdk.dll
C:\Users\Root\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-27 17:11

==================== End Of Log ============================

--- --- ---

Der Gmer-Log

Code:

ATTFilter

GMER 2.1.19355 - hxxp://www.gmer.net
Rootkit quick scan 2014-01-27 18:14:28
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: co9715eh.exe; Driver: C:\Users\Guru\AppData\Local\Temp\awtiipog.sys


---- Disk sectors - GMER 2.1 ----

Disk  \Device\Harddisk0\DR0  unknown MBR code

---- EOF - GMER 2.1 ----

schrauber · 27.01.2014, 23:13

hi,

Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

AlterHase · 28.01.2014, 13:05

Hallo "Schrauber"

habe Combofix nach Anleitung ausgeführt. Es lief ca. 2h ohne zu terminieren, sondern blieb bei Schritt 50 stehen. Im Taskmanager war ein Prozess "ATTIB.3EX" mit ca. 50% Last gelistet. Ich habe dann Comboix beendet. Auffällig ist auch dass Combofix im Verzeichnis "Desktop" nicht gelistet ist und kein Logfile auf dem Desktop vorhanden ist . Ich weiß nicht ob das weiterhilft.

Gruß
Alter Hase

Nachtrag zu meiner Antwort,

das Programm heisst ATTRIB.3EX und nicht ATTIB.3EX und Combofix existiert doch im Desktop-Verzeichnis. Sorry

schrauber · 29.01.2014, 10:00

Combofix löschen und neu laden,bitte nochmal versuchen. Wenn es immer noch nicht will dann:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

AlterHase · 29.01.2014, 15:43

Hallo Schrauber,

hier die Ergebnisse:

Combofix lief wieder nicht durch, kam bis zum Schritt_50 und schien dann zu hängen. Nach ca 25 Minuten Abbruch. Im Taskmanager war ein Prozess ATTRIB.3XE mit ca. 50% Last am laufen (vor dem Abbruch).

Der Malwarebytes-Log:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.01.29.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Guru :: TRAUMBOY [Administrator]

29.01.2014 14:45:45
mbam-log-2014-01-29 (14-45-45).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 340913
Laufzeit: 9 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Edith\Downloads\hxd hex editor setup.exe (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Der AdwCleaner-Log:

Code:

ATTFilter

# AdwCleaner v3.018 - Bericht erstellt am 29/01/2014 um 15:09:22
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Guru - TRAUMBOY
# Gestartet von : C:\Users\Guru\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files\FreeRIP3
Ordner Gelöscht : C:\Program Files\Softonic
Ordner Gelöscht : C:\Users\Guru\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Guru\AppData\Roaming\Windows Net Data
Ordner Gelöscht : C:\Users\Edith\AppData\Local\~0
Ordner Gelöscht : C:\Users\Edith\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Guru\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Datei Gelöscht : C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\softonic.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366906630}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.crossrider.bic", "143bc5b50b360acddbaa5fcaf41ce8d1");

[ Datei : C:\Users\Edith\AppData\Roaming\Mozilla\Firefox\Profiles\odyk7o5g.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.crossrider.bic", "143c097a7311ad75027fcc1611998fa2");

[ Datei : C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\m3ipnhk2.default\prefs.js ]


[ Datei : C:\Users\Root\AppData\Roaming\Mozilla\Firefox\Profiles\ozi7nt2d.default\prefs.js ]


*************************

AdwCleaner[0].txt - [25581 octets] - [15/08/2013 10:17:36]
AdwCleaner[R0].txt - [6252 octets] - [30/09/2013 19:05:32]
AdwCleaner[R1].txt - [1865 octets] - [30/09/2013 19:16:55]
AdwCleaner[R2].txt - [1561 octets] - [01/10/2013 00:45:13]
AdwCleaner[R3].txt - [1681 octets] - [01/10/2013 00:52:19]
AdwCleaner[R4].txt - [1656 octets] - [01/10/2013 00:57:43]
AdwCleaner[R5].txt - [1776 octets] - [01/10/2013 01:05:33]
AdwCleaner[R6].txt - [1896 octets] - [01/10/2013 01:10:28]
AdwCleaner[R7].txt - [2014 octets] - [01/10/2013 01:18:25]
AdwCleaner[R8].txt - [4501 octets] - [29/01/2014 15:05:31]
AdwCleaner[S0].txt - [6253 octets] - [30/09/2013 19:08:15]
AdwCleaner[S1].txt - [1926 octets] - [30/09/2013 19:19:36]
AdwCleaner[S2].txt - [1622 octets] - [01/10/2013 00:47:00]
AdwCleaner[S3].txt - [1742 octets] - [01/10/2013 00:53:34]
AdwCleaner[S4].txt - [1717 octets] - [01/10/2013 01:00:15]
AdwCleaner[S5].txt - [1837 octets] - [01/10/2013 01:07:02]
AdwCleaner[S6].txt - [1957 octets] - [01/10/2013 01:14:17]
AdwCleaner[S7].txt - [4434 octets] - [29/01/2014 15:09:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [4494 octets] ##########

Der JRT-Log:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Guru on 29.01.2014 at 15:19:01,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\plus-hd-3.8
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-649218269-1362006895-3548190089-1003\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322902230}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\Guru\AppData\Roaming\big fish games"
Successfully deleted: [Folder] "C:\Users\Guru\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Guru\AppData\Roaming\mozilla\firefox\profiles\23nc5p0g.default\minidumps [16 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.01.2014 at 15:22:13,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Und zum Schluß der FRST-Log:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2014 01
Ran by Guru (administrator) on TRAUMBOY on 29-01-2014 15:25:34
Running from C:\Users\Guru\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(IVT Corporation) D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\E_S00RP2.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\SAgent4.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(IVT Corporation) D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Cyberlink Corp.) C:\Program Files\PowerDVD\PDVDServ.exe
(Elaborate Bytes AG) D:\Tools\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
() C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(IVT Corporation) D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Users\Guru\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(ArcSoft, Inc.) C:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RemoteControl] - C:\Program Files\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM\...\Run: [VirtualCloneDrive] - D:\Tools\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [52168 2008-06-29] (Elaborate Bytes AG)
HKLM\...\Run: [Eraser] - C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM\...\Run: [] - [x]
HKLM\...\Run: [HTC Sync Loader] - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [655360 2012-12-12] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [BtTray] - D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [315478 2009-09-02] (IVT Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Guru\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCU\...\Run: [Alamandi tray notifier] - c:\program files\deutschland spielt\alamandi\TaskBarNotifier.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Edith\...\Run: [PC Suite Tray] - "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKU\Edith\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Edith\...\Run: [Alamandi tray notifier] - C:\Program Files\DEUTSCHLAND SPIELT\AlamandiCD\TaskBarNotifier.exe
HKU\Edith\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\Edith\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\Edith\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [ 2011-06-29] (Gemalto N.V.)
HKU\Edith\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Edith\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [ 2013-05-22] ()
HKU\Edith\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Root\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Root\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Root\...\Run: [SpybotSD TeaTimer] - D:\Tools\Spybot - Search & Destroy\TeaTimer.exe
HKU\Root\...\Run: [] - [x]
HKU\Root\...\Run: [NokiaOviSuite2] - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [ 2011-09-01] (Nokia)
HKU\Root\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Root\...\Run: [nvda] - C:\Program Files\NVDA\nvda.exe
HKU\Stefan\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6837] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Application Updater\ApplicationUpdater.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF4581] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9075] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7766] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1604] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF811] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF252] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF214] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2988] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5983] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3516] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6464] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7775] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF927] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings64.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF7016] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2403] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3717] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7601] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1531] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2405] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9092] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5067] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5892] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF501] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1757] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9215] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3912] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2224] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6708] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5492] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7003] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9903] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2359] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4865] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4495] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4060] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4157] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1674] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9414] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF367] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF303] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1138] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7664] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3245] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7549] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4160] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1539] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8642] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4863] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8951] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9461] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3850] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2312] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2170] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6002] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6997] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF2476] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings64.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF7138] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2314] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6549] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF236] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3782] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1250] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7116] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5303] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7838] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8820] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8418] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8119] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2265] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3297] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5843] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5529] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4667] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4698] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5717] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7117] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9717] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3884] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7472] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8045] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1259] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF906] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9713] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3216] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6263] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6918] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8974] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3911] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6988] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5773] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8619] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2254] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4648] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8289] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6896] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9326] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9032] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6286] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8589] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7392] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2609] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8334] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6701] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7300] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2316] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF709] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7554] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3683] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4437] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5968] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF443] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4668] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9855] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2390] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3173] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF33] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6160] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7626] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3622] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7341] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF89] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2204] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1451] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9101] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2143] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9646] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9303] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3054] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [DeleteMarkAny] - C:\Windows\system32\MASetupCleaner.exe [ 2012-12-18] ((주)마크애니)
Startup: C:\Users\Root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk.disabled
ShortcutTarget: OpenOffice.org 3.0.lnk.disabled -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
URLSearchHook: HKLM - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
URLSearchHook: HKCU - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F464F524D3D56453344303126713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&k=0
SearchScopes: HKCU - {0A8AE23C-A3ED-437D-917D-0BA70E1E7F7A} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {5F561372-A6B6-45F1-B03A-1F17A57CFD88} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&k=0
SearchScopes: HKCU - {7917D784-2086-42C1-A64A-5D9243A58FFF} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {9EFD52BD-8D03-470F-A6A3-22F442E06C7C} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {A75FFC07-A59B-4880-8979-34EAEBD8CD9E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
SearchScopes: HKCU - {A8FC31F3-57C3-4DE9-9C3A-2EA3F90F6023} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {F9FFBD07-CBED-4537-9120-845121F47B44} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
BHO: No Name - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: MyEmoticons Class - {DCC39ACE-709B-44EA-B062-5F6BE2774644} - C:\Users\Guru\AppData\Roaming\MyEmoticons\myemoticons-1.4.dll (GreenTree Applications)
Toolbar: HKLM - No Name - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default
FF DefaultSearchEngine: MetaGer
FF SelectedSearchEngine: MetaGer
FF Homepage: hxxp://www.metager.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll No File
FF Plugin: @digitalpublishing.de/dpLaunch - C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @real.com/npracplug;version=1.0.0.0 - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Guru\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npgcplug.dll (RealNetworks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npracplug.dll (RealNetworks)
FF SearchPlugin: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\ashampoo-de-customized-web-search.xml
FF SearchPlugin: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\metager.xml
FF SearchPlugin: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\{CC82F702-0437-4623-B58F-098E34B6D510}.xml
FF SearchPlugin: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\{E77802C1-8764-420A-BDB9-4B5B82C90948}.xml
FF SearchPlugin: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\{F088237D-FE59-4CD3-AC20-23626D5F303F}.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-04]
FF Extension: YouTube mp3 - C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\Extensions\info@youtube-mp3.org.xpi [2012-07-05]
FF Extension: NoScript - C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-07-05]
FF Extension: Adblock Plus - C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF HKLM\...\Firefox\Extensions: [myemoticons@myemoticons.com] - C:\Users\Guru\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.4
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ []
FF HKCU\...\Firefox\Extensions: [extension@preispilot.com] - C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\extensions\extension@preispilot.com

========================== Services (Whitelisted) =================

R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.)
R2 BlueSoleilCS; D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1466476 2009-09-02] (IVT Corporation)
R3 BsHelpCS; D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [102503 2009-09-02] (IVT Corporation)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2007-05-23] (CrypKey (Canada) Ltd.)
R2 EPSON_PM_RPCV2_02; C:\Windows\system32\E_S00RP2.EXE [65536 2004-02-19] (SEIKO EPSON CORPORATION)
S2 gupdate1c986be46fae48f; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-04] (Google Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
S4 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StatusAgent4; C:\Windows\system32\SAgent4.exe [122880 2002-12-11] (SEIKO EPSON CORPORATION)
S4 uvnc_service; D:\Program Files\UltraVNC\winvnc.exe [1830856 2009-07-09] (UltraVNC)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
S4 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [x]
S2 mshta32; C:\Windows\system32\kbd106nd.exe [x]
S4 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [x]

==================== Drivers (Whitelisted) ====================

R2 ACEDRV06; C:\Windows\system32\drivers\ACEDRV06.sys [99840 2010-04-29] (Protect Software GmbH)
R2 ACEDRV08; C:\Windows\system32\drivers\ACEDRV08.sys [108768 2009-10-07] (Protect Software GmbH)
R2 acedrv09; C:\Windows\system32\drivers\acedrv09.sys [373568 2007-06-18] (Protect Software GmbH)
R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 acehlp09; C:\Windows\system32\drivers\acehlp09.sys [201696 2007-05-30] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH)
S3 ADDMEM; C:\Users\Root\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [3205 2010-12-10] ()
S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [306816 2009-04-17] (AfaTech                  )
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2009-10-08] ()
S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [33800 2009-06-17] (IVT Corporation.)
S3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27528 2009-06-17] (IVT Corporation.)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [14528 2014-01-22] (Glarysoft Ltd)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [17928 2009-06-17] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [39304 2009-07-08] (IVT Corporation.)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20744 2009-06-17] (IVT Corporation.)
R3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [29192 2009-06-17] ()
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24392 2008-07-21] (Elaborate Bytes AG)
S3 gdrv; C:\Windows\gdrv.sys [17488 2009-12-17] (Windows (R) 2000 DDK provider)
R3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [25480 2009-06-17] (IVT Corporation.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-09-12] (SAMSUNG ELECTRONICS CO., LTD.)
S3 KOBCCEX; C:\Windows\System32\drivers\KOBCCEX.sys [23680 2008-07-09] (KOBIL Systems GmbH)
S3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [94720 2012-07-09] (KOBIL Systems GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2009-01-30] ()
S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [22016 2007-10-11] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [16896 2007-05-01] ()
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2011-12-09] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2011-12-09] (RapidSolution Software AG)
R1 SCT_SKMScan; C:\Windows\System32\DRIVERS\sct_skmscan.sys [33568 2011-03-09] (Sophos Plc)
S3 SIVDRIVER; C:\Windows\system32\Drivers\SIVX32.sys [72256 2010-09-13] (Ray Hinchliffe)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39016 2011-12-09] (RapidSolution Software AG)
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [91472 2009-08-05] (Sun Microsystems, Inc.)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [14856 2009-06-17] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [32392 2009-06-17] (IVT Corporation.)
S3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [243840 2009-01-23] (Vimicro Corporation)
S1 Ai2Chroniker; system32\DRIVERS\Ai2Chroniker.sys [x]
S3 Ai2Mmpd; system32\DRIVERS\Ai2Mmpd.sys [x]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S0 BTHidEnum; System32\Drivers\vbtenum.sys [x]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [x]
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; system32\drivers\btwavdt.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 catchme; \??\C:\Users\Guru\AppData\Local\Temp\catchme.sys [x]
S3 cpuz134; \??\C:\Users\Root\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-29 15:25 - 2014-01-29 15:25 - 00044556 _____ C:\Users\Guru\Desktop\FRST.txt
2014-01-29 15:25 - 2014-01-29 15:25 - 00000000 ____D C:\Users\Guru\Desktop\FRST-OlderVersion
2014-01-29 15:22 - 2014-01-29 15:22 - 00001515 _____ C:\Users\Guru\Desktop\JRT.txt
2014-01-29 15:18 - 2014-01-29 15:18 - 00000000 ____D C:\Windows\ERUNT
2014-01-29 15:17 - 2014-01-29 15:17 - 01037068 _____ (Thisisu) C:\Users\Guru\Desktop\JRT.exe
2014-01-29 15:12 - 2014-01-29 15:12 - 00004574 _____ C:\Users\Guru\Desktop\AdwCleaner[S7].txt
2014-01-29 15:03 - 2014-01-29 15:03 - 01166132 _____ C:\Users\Guru\Desktop\adwcleaner.exe
2014-01-29 14:42 - 2014-01-29 14:42 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 14:42 - 2014-01-29 14:42 - 00000866 _____ C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 14:42 - 2014-01-29 14:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-29 14:42 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-29 14:41 - 2014-01-29 14:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Guru\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 13:42 - 2014-01-29 14:14 - 00000000 ___SD C:\ComboFix
2014-01-29 13:40 - 2014-01-29 13:40 - 05177551 ____R (Swearware) C:\Users\Guru\Desktop\ComboFix.exe
2014-01-28 18:14 - 2014-01-28 18:14 - 01357912 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Guru\Downloads\GPU-Z.0.7.6.exe
2014-01-28 17:11 - 2014-01-28 17:11 - 00000000 ____D C:\Users\Guru\Downloads\GPU24_Meter
2014-01-28 17:09 - 2014-01-28 17:09 - 00000000 ____D C:\Users\Guru\Downloads\CoreTemp32
2014-01-28 17:06 - 2014-01-28 17:06 - 00617196 _____ C:\Users\Guru\Downloads\GPU24_Meter.zip
2014-01-28 17:05 - 2014-01-28 17:05 - 00734473 _____ C:\Users\Guru\Downloads\CoreTemp_1.0rc6.zip
2014-01-28 17:04 - 2014-01-28 17:04 - 00206064 _____ C:\Users\Guru\Downloads\All_CPU473_Meter.zip
2014-01-28 00:27 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-28 00:27 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-28 00:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-28 00:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-28 00:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-28 00:27 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-28 00:27 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-28 00:27 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-28 00:26 - 2014-01-29 13:42 - 00000000 ___SD C:\32788R22FWJFW
2014-01-28 00:26 - 2014-01-28 00:27 - 00000000 ____D C:\Qoobox
2014-01-28 00:26 - 2014-01-28 00:26 - 00000000 ____D C:\Windows\erdnt
2014-01-27 18:47 - 2014-01-27 18:47 - 00007338 _____ C:\Users\Guru\Desktop\Ct-desinfect_Funde.htm
2014-01-27 18:14 - 2014-01-27 18:14 - 00000388 _____ C:\Users\Guru\Desktop\Gmer.log
2014-01-27 18:02 - 2014-01-27 18:02 - 00380416 _____ C:\Users\Guru\Desktop\co9715eh.exe
2014-01-27 17:58 - 2014-01-29 15:25 - 01137152 _____ (Farbar) C:\Users\Guru\Desktop\FRST.exe
2014-01-27 17:51 - 2014-01-25 01:01 - 00080384 _____ C:\Users\Guru\Desktop\MBRCheck.exe
2014-01-27 17:22 - 2014-01-27 17:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-27 17:22 - 2014-01-27 17:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-25 01:03 - 2014-01-25 01:03 - 00000512 _____ C:\mbr.bin
2014-01-25 01:01 - 2014-01-25 01:01 - 00080384 _____ C:\Users\Edith\Desktop\MBRCheck.exe
2014-01-24 00:01 - 2014-01-29 15:12 - 00000320 _____ C:\Windows\Tasks\GlaryInitialize 4.job
2014-01-24 00:01 - 2014-01-24 00:01 - 00000681 _____ C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-01-24 00:01 - 2014-01-24 00:01 - 00000681 _____ C:\ProgramData\Desktop\Glary Utilities 4.lnk
2014-01-24 00:01 - 2014-01-24 00:01 - 00000000 ____D C:\ProgramData\GlarySoft
2014-01-24 00:01 - 2014-01-22 02:16 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-01-24 00:01 - 2014-01-22 02:09 - 00014528 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-01-23 23:13 - 2014-01-23 23:12 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-23 23:13 - 2014-01-23 23:12 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-23 23:13 - 2014-01-23 23:12 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-23 23:13 - 2014-01-23 23:12 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-23 23:11 - 2014-01-23 23:11 - 00921512 _____ (Oracle Corporation) C:\Users\Guru\Downloads\jre-7u51-windows-i586-iftw.exe
2014-01-23 22:46 - 2014-01-23 22:46 - 00000607 _____ C:\Users\Guru\Desktop\CDex170.lnk
2014-01-23 22:18 - 2014-01-23 22:18 - 00921000 _____ (Oracle Corporation) C:\Users\Guru\Downloads\jxpiinstall.exe
2014-01-23 19:54 - 2014-01-29 15:25 - 00000000 ____D C:\FRST
2014-01-23 19:52 - 2014-01-27 17:55 - 00000470 _____ C:\Users\Guru\Desktop\defogger_disable.log
2014-01-23 19:52 - 2014-01-23 19:52 - 00000000 _____ C:\Users\Guru\defogger_reenable
2014-01-23 19:37 - 2014-01-23 19:37 - 00050477 _____ C:\Users\Guru\Desktop\Defogger.exe
2014-01-23 16:44 - 2014-01-23 16:44 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Mael
2014-01-23 16:22 - 2014-01-23 16:50 - 00000000 ____D C:\Users\Guru\Virus-Analyse
2014-01-23 15:55 - 2014-01-23 16:44 - 00001801 _____ C:\Users\Guru\Last session Guru.prj
2014-01-23 15:37 - 2014-01-23 15:37 - 00000536 _____ C:\Users\Public\Desktop\HxD.lnk
2014-01-23 15:37 - 2014-01-23 15:37 - 00000536 _____ C:\ProgramData\Desktop\HxD.lnk
2014-01-23 14:45 - 2014-01-23 14:45 - 00000610 _____ C:\Users\Public\Desktop\Speccy.lnk
2014-01-23 14:45 - 2014-01-23 14:45 - 00000610 _____ C:\ProgramData\Desktop\Speccy.lnk
2014-01-23 14:37 - 2014-01-23 23:58 - 00000000 ____D C:\Users\Guru\Downloads\Tools
2014-01-23 14:09 - 2014-01-23 14:09 - 00000388 _____ C:\Users\Guru\Documents\gmer2.1.19324.log
2014-01-23 00:46 - 2014-01-23 00:46 - 00096256 _____ C:\Windows\system32\DlProtectSvc.exe.VIRUS
2014-01-23 00:46 - 2014-01-23 00:46 - 00070656 _____ C:\Windows\system32\kbd106nd.exe.VIRUS
2014-01-23 00:46 - 2014-01-23 00:46 - 00012800 _____ C:\ProgramData\dlprotect.exe
2014-01-23 00:45 - 2014-01-23 00:45 - 00000147 _____ C:\Users\Guru\Desktop\Goodgame Empire.url
2014-01-23 00:44 - 2014-01-23 00:44 - 00621800 _____ C:\Users\Guru\Downloads\GMER_Setup_Download.exe
2014-01-22 15:05 - 2012-04-27 15:41 - 01317376 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2014-01-22 01:20 - 2014-01-24 00:01 - 00000000 ____D C:\Users\Guru\AppData\Roaming\GlarySoft
2014-01-22 00:58 - 2014-01-22 00:58 - 00000000 ____D C:\Users\Guru\AppData\Roaming\aignes
2014-01-21 15:34 - 2014-01-21 15:34 - 00000000 _____ C:\Users\Guru\daemonprocess.txt
2014-01-20 13:35 - 2014-01-20 13:35 - 00000000 ____D C:\Users\Guru\AppData\Roaming\EAC
2014-01-20 13:35 - 2014-01-20 13:35 - 00000000 ____D C:\Users\Guru\AppData\Roaming\AccurateRip
2014-01-20 12:47 - 2014-01-20 12:47 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Mp3jam
2014-01-20 12:15 - 2014-01-21 15:49 - 00000000 ____D C:\Users\Guru\AppData\Local\Mobogenie
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D C:\Users\Guru\Documents\Mobogenie
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D C:\Users\Guru\AppData\Local\cache
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D C:\Users\Guru\.android
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 _____ C:\Users\Edith\daemonprocess.txt
2014-01-20 12:14 - 2014-01-20 12:15 - 00000000 ____D C:\Program Files\Mobogenie
2014-01-20 12:14 - 2014-01-20 12:14 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Mp3jam
2014-01-14 23:04 - 2014-01-14 23:04 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Screenshots
2014-01-14 22:12 - 2014-01-14 22:12 - 00000000 ____D C:\Users\Edith\AppData\Roaming\AlexanderTheGreat
2014-01-14 22:11 - 2014-01-14 22:11 - 00000000 ____D C:\Program Files\Playrix Entertainment
2014-01-12 23:41 - 2014-01-13 19:55 - 00001767 _____ C:\Users\Edith\Documents\captune.log
2014-01-08 22:44 - 2014-01-08 22:44 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Maximize Games
2014-01-04 16:58 - 2014-01-04 16:58 - 00000000 ____D C:\Users\Edith\AppData\Local\Astar Games
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Maximize Games
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\ProgramData\Maximize Games
2014-01-04 16:12 - 2014-01-04 16:12 - 00002012 _____ C:\Users\Public\Desktop\Silent Scream Die Tänzerin.lnk
2014-01-04 16:12 - 2014-01-04 16:12 - 00002012 _____ C:\ProgramData\Desktop\Silent Scream Die Tänzerin.lnk
2014-01-04 16:11 - 2014-01-24 22:44 - 00002549 _____ C:\Users\Public\Desktop\Dreamland.lnk
2014-01-04 16:11 - 2014-01-24 22:44 - 00002549 _____ C:\ProgramData\Desktop\Dreamland.lnk
2014-01-04 16:10 - 2014-01-04 16:18 - 00002867 _____ C:\Users\Public\Desktop\Prinzessin Isabella Die Rückkehr des Fluches Sammleredition.lnk
2014-01-04 16:10 - 2014-01-04 16:18 - 00002867 _____ C:\ProgramData\Desktop\Prinzessin Isabella Die Rückkehr des Fluches Sammleredition.lnk
2014-01-04 16:05 - 2014-01-04 16:19 - 00002447 _____ C:\Users\Public\Desktop\GAME CENTER.lnk
2014-01-04 16:05 - 2014-01-04 16:19 - 00002447 _____ C:\ProgramData\Desktop\GAME CENTER.lnk
2014-01-04 16:05 - 2014-01-04 16:12 - 00000000 ____D C:\Program Files\DEUTSCHLAND SPIELT
2014-01-04 13:59 - 2014-01-21 22:58 - 00000000 ____D C:\Users\Edith\AppData\Local\bluesoleil
2014-01-04 13:05 - 2014-01-04 13:47 - 00000257 _____ C:\Windows\system32\SHORTCUT.INI
2014-01-04 13:05 - 2014-01-04 13:08 - 00000130 _____ C:\Windows\system32\REMOTEDEVICE.INI
2014-01-04 13:04 - 2014-01-29 15:12 - 00005064 _____ C:\Windows\system32\LOCALSERVICE.INI
2014-01-04 13:04 - 2014-01-04 13:52 - 00000100 _____ C:\Windows\system32\LOCALDEVICE.INI
2014-01-04 12:43 - 2014-01-21 22:58 - 00000000 ____D C:\Users\Guru\AppData\Local\bluesoleil
2014-01-04 12:34 - 2014-01-04 12:34 - 00000000 _____ C:\Windows\system32\BSPRINT.INI
2014-01-02 17:06 - 2014-01-02 17:08 - 00000000 ____D C:\Users\Edith\Test
2014-01-02 13:57 - 2014-01-21 23:44 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Dropbox
2014-01-02 13:56 - 2014-01-21 23:49 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Dropbox
2013-12-30 13:02 - 2013-12-30 13:29 - 00000000 ____D C:\Users\Edith\AppData\Roaming\ImgBurn
2013-12-30 12:54 - 2013-12-30 12:54 - 00000692 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2013-12-30 12:54 - 2013-12-30 12:54 - 00000692 _____ C:\ProgramData\Desktop\ImgBurn.lnk

==================== One Month Modified Files and Folders =======

2014-01-29 15:26 - 2014-01-29 15:25 - 00044556 _____ C:\Users\Guru\Desktop\FRST.txt
2014-01-29 15:25 - 2014-01-29 15:25 - 00000000 ____D C:\Users\Guru\Desktop\FRST-OlderVersion
2014-01-29 15:25 - 2014-01-27 17:58 - 01137152 _____ (Farbar) C:\Users\Guru\Desktop\FRST.exe
2014-01-29 15:25 - 2014-01-23 19:54 - 00000000 ____D C:\FRST
2014-01-29 15:22 - 2014-01-29 15:22 - 00001515 _____ C:\Users\Guru\Desktop\JRT.txt
2014-01-29 15:18 - 2014-01-29 15:18 - 00000000 ____D C:\Windows\ERUNT
2014-01-29 15:17 - 2014-01-29 15:17 - 01037068 _____ (Thisisu) C:\Users\Guru\Desktop\JRT.exe
2014-01-29 15:16 - 2008-10-18 09:21 - 01758588 _____ C:\Windows\WindowsUpdate.log
2014-01-29 15:12 - 2014-01-29 15:12 - 00004574 _____ C:\Users\Guru\Desktop\AdwCleaner[S7].txt
2014-01-29 15:12 - 2014-01-24 00:01 - 00000320 _____ C:\Windows\Tasks\GlaryInitialize 4.job
2014-01-29 15:12 - 2014-01-04 13:04 - 00005064 _____ C:\Windows\system32\LOCALSERVICE.INI
2014-01-29 15:11 - 2013-02-23 14:27 - 00023436 _____ C:\Windows\error.log
2014-01-29 15:11 - 2009-09-07 15:42 - 00000933 _____ C:\Windows\system32\bscs.ini
2014-01-29 15:11 - 2009-07-01 11:21 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-29 15:11 - 2009-03-10 15:14 - 00000416 ____H C:\Windows\Tasks\SupBackGroundTask.job
2014-01-29 15:11 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-29 15:11 - 2006-11-02 13:47 - 00004912 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-29 15:11 - 2006-11-02 13:47 - 00004912 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-29 15:09 - 2013-08-15 10:17 - 00000000 ____D C:\AdwCleaner
2014-01-29 15:09 - 2006-11-02 14:01 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-29 15:03 - 2014-01-29 15:03 - 01166132 _____ C:\Users\Guru\Desktop\adwcleaner.exe
2014-01-29 15:01 - 2009-07-01 11:21 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-29 14:58 - 2008-01-21 03:47 - 01238182 _____ C:\Windows\PFRO.log
2014-01-29 14:42 - 2014-01-29 14:42 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 14:42 - 2014-01-29 14:42 - 00000866 _____ C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 14:42 - 2014-01-29 14:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-29 14:41 - 2014-01-29 14:41 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Guru\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 14:14 - 2014-01-29 13:42 - 00000000 ___SD C:\ComboFix
2014-01-29 13:42 - 2014-01-28 00:26 - 00000000 ___SD C:\32788R22FWJFW
2014-01-29 13:41 - 2012-05-08 00:21 - 00000000 ____D C:\Program Files\StarMoney 8.0 S-Edition
2014-01-29 13:40 - 2014-01-29 13:40 - 05177551 ____R (Swearware) C:\Users\Guru\Desktop\ComboFix.exe
2014-01-29 13:36 - 2009-08-26 12:51 - 00000414 _____ C:\Windows\Tasks\ParetoLogic Update Version2.job
2014-01-29 02:19 - 2008-12-25 21:49 - 00029184 _____ C:\Users\Edith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-28 18:25 - 2012-02-27 22:22 - 00002391 _____ C:\Users\Edith\Desktop\capella reader.lnk
2014-01-28 18:15 - 2013-12-20 22:55 - 00000000 ____D C:\Users\Guru\AppData\Roaming\NVIDIA
2014-01-28 18:14 - 2014-01-28 18:14 - 01357912 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Guru\Downloads\GPU-Z.0.7.6.exe
2014-01-28 17:59 - 2009-08-26 12:51 - 00000440 _____ C:\Windows\Tasks\ParetoLogic Registration.job
2014-01-28 17:11 - 2014-01-28 17:11 - 00000000 ____D C:\Users\Guru\Downloads\GPU24_Meter
2014-01-28 17:09 - 2014-01-28 17:09 - 00000000 ____D C:\Users\Guru\Downloads\CoreTemp32
2014-01-28 17:06 - 2014-01-28 17:06 - 00617196 _____ C:\Users\Guru\Downloads\GPU24_Meter.zip
2014-01-28 17:05 - 2014-01-28 17:05 - 00734473 _____ C:\Users\Guru\Downloads\CoreTemp_1.0rc6.zip
2014-01-28 17:04 - 2014-01-28 17:04 - 00206064 _____ C:\Users\Guru\Downloads\All_CPU473_Meter.zip
2014-01-28 00:27 - 2014-01-28 00:26 - 00000000 ____D C:\Qoobox
2014-01-28 00:26 - 2014-01-28 00:26 - 00000000 ____D C:\Windows\erdnt
2014-01-27 18:47 - 2014-01-27 18:47 - 00007338 _____ C:\Users\Guru\Desktop\Ct-desinfect_Funde.htm
2014-01-27 18:14 - 2014-01-27 18:14 - 00000388 _____ C:\Users\Guru\Desktop\Gmer.log
2014-01-27 18:02 - 2014-01-27 18:02 - 00380416 _____ C:\Users\Guru\Desktop\co9715eh.exe
2014-01-27 17:55 - 2014-01-23 19:52 - 00000470 _____ C:\Users\Guru\Desktop\defogger_disable.log
2014-01-27 17:22 - 2014-01-27 17:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-27 17:22 - 2014-01-27 17:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-27 17:22 - 2008-12-19 22:29 - 00000000 ____D C:\Users\Guru\AppData\Local\Adobe
2014-01-26 16:43 - 2008-09-12 02:46 - 00000000 ____D C:\Windows\nvtmpinst
2014-01-26 01:35 - 2010-11-21 18:39 - 00000000 ___RD C:\Users\Edith\Mails
2014-01-26 01:28 - 2011-12-28 16:07 - 00000000 ____D C:\Users\Edith\AppData\Roaming\vlc
2014-01-26 00:40 - 2008-12-19 20:49 - 00000000 ____D C:\Users\Edith
2014-01-26 00:40 - 2008-12-18 21:09 - 00000000 ____D C:\Users\Guru
2014-01-25 23:29 - 2010-10-10 21:50 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-25 17:25 - 2006-11-02 11:33 - 01646180 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-25 01:03 - 2014-01-25 01:03 - 00000512 _____ C:\mbr.bin
2014-01-25 01:01 - 2014-01-27 17:51 - 00080384 _____ C:\Users\Guru\Desktop\MBRCheck.exe
2014-01-25 01:01 - 2014-01-25 01:01 - 00080384 _____ C:\Users\Edith\Desktop\MBRCheck.exe
2014-01-24 22:44 - 2014-01-04 16:11 - 00002549 _____ C:\Users\Public\Desktop\Dreamland.lnk
2014-01-24 22:44 - 2014-01-04 16:11 - 00002549 _____ C:\ProgramData\Desktop\Dreamland.lnk
2014-01-24 00:57 - 2008-12-18 21:09 - 00001501 _____ C:\Users\Guru\Desktop\Windows Explorer.lnk
2014-01-24 00:16 - 2013-11-10 18:19 - 00001064 _____ C:\Users\Edith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-01-24 00:16 - 2013-11-10 18:19 - 00001056 _____ C:\Users\Edith\Desktop\Mozilla Firefox.lnk
2014-01-24 00:16 - 2010-08-04 11:37 - 00000998 _____ C:\Users\Root\Desktop\Procmon.exe - Verknüpfung.lnk
2014-01-24 00:15 - 2013-01-15 23:52 - 00001231 _____ C:\Users\Edith\Desktop\Handbuch_GT-N7105_UM_Open_Jellybean_Ger_Rev.1.1_121106_Screen.pdf - Verknüpfung.lnk
2014-01-24 00:15 - 2011-08-21 13:28 - 00000956 _____ C:\Users\Edith\Desktop\Mobile Atlas Creator.exe - Verknüpfung.lnk
2014-01-24 00:14 - 2011-01-22 10:33 - 00001139 _____ C:\Users\Edith\Desktop\HTC_Desire_HD_Benutzerhandbuch.pdf - Verknüpfung.lnk
2014-01-24 00:14 - 2008-12-29 17:15 - 00000903 _____ C:\Users\Stefan\Desktop\DiscSpeed_5.0.1.250.exe - Verknüpfung.lnk
2014-01-24 00:01 - 2014-01-24 00:01 - 00000681 _____ C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-01-24 00:01 - 2014-01-24 00:01 - 00000681 _____ C:\ProgramData\Desktop\Glary Utilities 4.lnk
2014-01-24 00:01 - 2014-01-24 00:01 - 00000000 ____D C:\ProgramData\GlarySoft
2014-01-24 00:01 - 2014-01-22 01:20 - 00000000 ____D C:\Users\Guru\AppData\Roaming\GlarySoft
2014-01-23 23:58 - 2014-01-23 14:37 - 00000000 ____D C:\Users\Guru\Downloads\Tools
2014-01-23 23:17 - 2013-11-01 14:44 - 00000000 ____D C:\ProgramData\Oracle
2014-01-23 23:12 - 2014-01-23 23:13 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-23 23:12 - 2014-01-23 23:13 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-23 23:12 - 2014-01-23 23:13 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-23 23:12 - 2014-01-23 23:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-23 23:11 - 2014-01-23 23:11 - 00921512 _____ (Oracle Corporation) C:\Users\Guru\Downloads\jre-7u51-windows-i586-iftw.exe
2014-01-23 22:46 - 2014-01-23 22:46 - 00000607 _____ C:\Users\Guru\Desktop\CDex170.lnk
2014-01-23 22:18 - 2014-01-23 22:18 - 00921000 _____ (Oracle Corporation) C:\Users\Guru\Downloads\jxpiinstall.exe
2014-01-23 21:40 - 2011-12-19 18:24 - 00000000 ____D C:\Users\Guru\AppData\Roaming\vlc
2014-01-23 20:07 - 2012-07-08 14:25 - 00000000 ____D C:\Users\Guru\Downloads\Virus-Tools
2014-01-23 19:52 - 2014-01-23 19:52 - 00000000 _____ C:\Users\Guru\defogger_reenable
2014-01-23 19:37 - 2014-01-23 19:37 - 00050477 _____ C:\Users\Guru\Desktop\Defogger.exe
2014-01-23 16:50 - 2014-01-23 16:22 - 00000000 ____D C:\Users\Guru\Virus-Analyse
2014-01-23 16:44 - 2014-01-23 16:44 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Mael
2014-01-23 16:44 - 2014-01-23 15:55 - 00001801 _____ C:\Users\Guru\Last session Guru.prj
2014-01-23 15:37 - 2014-01-23 15:37 - 00000536 _____ C:\Users\Public\Desktop\HxD.lnk
2014-01-23 15:37 - 2014-01-23 15:37 - 00000536 _____ C:\ProgramData\Desktop\HxD.lnk
2014-01-23 14:45 - 2014-01-23 14:45 - 00000610 _____ C:\Users\Public\Desktop\Speccy.lnk
2014-01-23 14:45 - 2014-01-23 14:45 - 00000610 _____ C:\ProgramData\Desktop\Speccy.lnk
2014-01-23 14:09 - 2014-01-23 14:09 - 00000388 _____ C:\Users\Guru\Documents\gmer2.1.19324.log
2014-01-23 00:46 - 2014-01-23 00:46 - 00096256 _____ C:\Windows\system32\DlProtectSvc.exe.VIRUS
2014-01-23 00:46 - 2014-01-23 00:46 - 00070656 _____ C:\Windows\system32\kbd106nd.exe.VIRUS
2014-01-23 00:46 - 2014-01-23 00:46 - 00012800 _____ C:\ProgramData\dlprotect.exe
2014-01-23 00:45 - 2014-01-23 00:45 - 00000147 _____ C:\Users\Guru\Desktop\Goodgame Empire.url
2014-01-23 00:44 - 2014-01-23 00:44 - 00621800 _____ C:\Users\Guru\Downloads\GMER_Setup_Download.exe
2014-01-22 02:16 - 2014-01-24 00:01 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-01-22 02:09 - 2014-01-24 00:01 - 00014528 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-01-22 00:58 - 2014-01-22 00:58 - 00000000 ____D C:\Users\Guru\AppData\Roaming\aignes
2014-01-22 00:15 - 2009-12-16 17:09 - 00000000 ____D C:\Users\Edith\Chor
2014-01-21 23:49 - 2014-01-02 13:56 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Dropbox
2014-01-21 23:44 - 2014-01-02 13:57 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Dropbox
2014-01-21 23:37 - 2013-08-14 15:31 - 00000000 ____D C:\Windows\system32\MRT
2014-01-21 23:15 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-21 23:00 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\Msdtc
2014-01-21 23:00 - 2006-11-02 11:22 - 69206016 _____ C:\Windows\system32\config\software_previous
2014-01-21 23:00 - 2006-11-02 11:22 - 45613056 _____ C:\Windows\system32\config\components_previous
2014-01-21 23:00 - 2006-11-02 11:22 - 24117248 _____ C:\Windows\system32\config\system_previous
2014-01-21 23:00 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\default_previous
2014-01-21 23:00 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2014-01-21 23:00 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2014-01-21 22:59 - 2008-12-20 22:00 - 00000000 ____D C:\Users\Stefan
2014-01-21 22:59 - 2008-12-20 17:08 - 00000000 ____D C:\Users\Root
2014-01-21 22:58 - 2014-01-04 13:59 - 00000000 ____D C:\Users\Edith\AppData\Local\bluesoleil
2014-01-21 22:58 - 2014-01-04 12:43 - 00000000 ____D C:\Users\Guru\AppData\Local\bluesoleil
2014-01-21 22:58 - 2013-11-14 21:42 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP MP3 Converter
2014-01-21 22:58 - 2013-03-26 13:58 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud
2014-01-21 22:58 - 2013-03-06 22:39 - 00000000 ____D C:\Users\Guru\AppData\Roaming\nvda
2014-01-21 22:58 - 2013-03-02 22:00 - 00000000 ____D C:\Users\Guru\AppData\Local\fd
2014-01-21 22:58 - 2013-02-26 21:38 - 00000000 ____D C:\Users\Guru\Documents\Das Vermachtnis - Das Geheimniss des Verchollenen Konigreiches
2014-01-21 22:58 - 2013-02-24 17:26 - 00000000 ___RD C:\Users\Guru\Documents\IVONA Reader Podcasts
2014-01-21 22:58 - 2013-01-17 00:21 - 00000000 ____D C:\Users\Edith\AppData\Roaming\MyPhoneExplorer
2014-01-21 22:58 - 2013-01-08 00:32 - 00000000 ____D C:\Users\Guru\AppData\Roaming\DVDVideoSoft
2014-01-21 22:58 - 2013-01-06 13:54 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-01-21 22:58 - 2013-01-06 13:36 - 00000000 ____D C:\Users\Edith\AppData\Roaming\IrfanView
2014-01-21 22:58 - 2013-01-06 13:33 - 00000000 ____D C:\Users\Guru\AppData\Roaming\IrfanView
2014-01-21 22:58 - 2012-11-09 21:56 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fritz und Fertig
2014-01-21 22:58 - 2012-10-31 17:37 - 00000000 ____D C:\Users\Guru\AppData\Roaming\MyEmoticons
2014-01-21 22:58 - 2012-10-31 17:37 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyEmoticons
2014-01-21 22:58 - 2012-10-15 23:02 - 00000000 ____D C:\Users\Guru\Documents\Audible
2014-01-21 22:58 - 2012-07-29 00:51 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Tales - Der Mord in der Rue Morgue von Edgar Allan Poe
2014-01-21 22:58 - 2012-04-10 19:03 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Skype
2014-01-21 22:58 - 2011-12-26 23:59 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Dimensions - Stadt im Nebel Sammleredition
2014-01-21 22:58 - 2011-11-28 14:16 - 00000000 ____D C:\Users\Guru\AppData\Roaming\MusE
2014-01-21 22:58 - 2011-11-26 23:34 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\capella-software
2014-01-21 22:58 - 2011-10-26 00:46 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - Gefaehrliche Schatten Sammleredition
2014-01-21 22:58 - 2011-08-10 23:06 - 00000000 ____D C:\Users\Guru\AppData\Roaming\TOMI3
2014-01-21 22:58 - 2011-07-11 11:47 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2014-01-21 22:58 - 2011-05-22 20:29 - 00000000 ____D C:\Users\Guru\Documents\DVDVideoSoft
2014-01-21 22:58 - 2010-10-12 21:20 - 00000000 ____D C:\BigFishGamesCache
2014-01-21 22:58 - 2009-12-07 01:32 - 00000000 ___RD C:\Users\Guru\dwhelper
2014-01-21 22:58 - 2009-10-07 12:22 - 00000000 ___SD C:\Users\Guru\Documents\Eigene Webs
2014-01-21 22:58 - 2009-08-03 15:48 - 00000000 ____D C:\Users\Guru\10DaysUnderTheSea
2014-01-21 22:58 - 2009-06-25 13:29 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Thunderbird
2014-01-21 22:58 - 2009-01-30 23:22 - 00000000 ____D C:\Users\Guru\AppData\Roaming\.pknowledge
2014-01-21 22:58 - 2009-01-25 00:29 - 00000000 ____D C:\Users\Guru\AppData\Roaming\TMInc
2014-01-21 22:58 - 2009-01-23 23:00 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\COKTEL
2014-01-21 22:58 - 2008-12-31 16:10 - 00000000 ____D C:\Users\Edith\AppData\Roaming\dvdcss
2014-01-21 22:58 - 2008-12-18 21:09 - 00000000 ___RD C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-21 22:58 - 2008-12-18 21:09 - 00000000 ___RD C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-21 22:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool
2014-01-21 22:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2014-01-21 21:56 - 2008-09-12 04:49 - 00000000 ____D C:\Windows\Options
2014-01-21 15:49 - 2014-01-20 12:15 - 00000000 ____D C:\Users\Guru\AppData\Local\Mobogenie
2014-01-21 15:34 - 2014-01-21 15:34 - 00000000 _____ C:\Users\Guru\daemonprocess.txt
2014-01-20 13:35 - 2014-01-20 13:35 - 00000000 ____D C:\Users\Guru\AppData\Roaming\EAC
2014-01-20 13:35 - 2014-01-20 13:35 - 00000000 ____D C:\Users\Guru\AppData\Roaming\AccurateRip
2014-01-20 12:47 - 2014-01-20 12:47 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Mp3jam
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D C:\Users\Guru\Documents\Mobogenie
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D C:\Users\Guru\AppData\Local\cache
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D C:\Users\Guru\.android
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 _____ C:\Users\Edith\daemonprocess.txt
2014-01-20 12:15 - 2014-01-20 12:14 - 00000000 ____D C:\Program Files\Mobogenie
2014-01-20 12:14 - 2014-01-20 12:14 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Mp3jam
2014-01-19 08:32 - 2009-10-03 06:02 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-14 23:04 - 2014-01-14 23:04 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Screenshots
2014-01-14 22:12 - 2014-01-14 22:12 - 00000000 ____D C:\Users\Edith\AppData\Roaming\AlexanderTheGreat
2014-01-14 22:11 - 2014-01-14 22:11 - 00000000 ____D C:\Program Files\Playrix Entertainment
2014-01-13 19:55 - 2014-01-12 23:41 - 00001767 _____ C:\Users\Edith\Documents\captune.log
2014-01-08 22:44 - 2014-01-08 22:44 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Maximize Games
2014-01-06 23:40 - 2009-04-23 18:31 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Boomzap
2014-01-06 01:28 - 2010-03-13 18:31 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Boomzap
2014-01-05 13:45 - 2013-08-26 14:40 - 00000819 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-05 13:45 - 2013-08-26 14:40 - 00000819 _____ C:\ProgramData\Desktop\VLC media player.lnk
2014-01-04 16:58 - 2014-01-04 16:58 - 00000000 ____D C:\Users\Edith\AppData\Local\Astar Games
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Maximize Games
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\ProgramData\Maximize Games
2014-01-04 16:19 - 2014-01-04 16:05 - 00002447 _____ C:\Users\Public\Desktop\GAME CENTER.lnk
2014-01-04 16:19 - 2014-01-04 16:05 - 00002447 _____ C:\ProgramData\Desktop\GAME CENTER.lnk
2014-01-04 16:18 - 2014-01-04 16:10 - 00002867 _____ C:\Users\Public\Desktop\Prinzessin Isabella Die Rückkehr des Fluches Sammleredition.lnk
2014-01-04 16:18 - 2014-01-04 16:10 - 00002867 _____ C:\ProgramData\Desktop\Prinzessin Isabella Die Rückkehr des Fluches Sammleredition.lnk
2014-01-04 16:12 - 2014-01-04 16:12 - 00002012 _____ C:\Users\Public\Desktop\Silent Scream Die Tänzerin.lnk
2014-01-04 16:12 - 2014-01-04 16:12 - 00002012 _____ C:\ProgramData\Desktop\Silent Scream Die Tänzerin.lnk
2014-01-04 16:12 - 2014-01-04 16:05 - 00000000 ____D C:\Program Files\DEUTSCHLAND SPIELT
2014-01-04 16:05 - 2008-12-18 22:43 - 00000000 ____D C:\Program Files\OXXOGames
2014-01-04 15:02 - 2010-04-29 21:57 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tivola
2014-01-04 13:52 - 2014-01-04 13:04 - 00000100 _____ C:\Windows\system32\LOCALDEVICE.INI
2014-01-04 13:47 - 2014-01-04 13:05 - 00000257 _____ C:\Windows\system32\SHORTCUT.INI
2014-01-04 13:25 - 2008-12-20 01:16 - 00005632 _____ C:\Users\Guru\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-04 13:08 - 2014-01-04 13:05 - 00000130 _____ C:\Windows\system32\REMOTEDEVICE.INI
2014-01-04 13:03 - 2008-09-12 05:01 - 00002039 _____ C:\Users\Public\Desktop\Samsung Update Plus.lnk
2014-01-04 13:03 - 2008-09-12 05:01 - 00002039 _____ C:\ProgramData\Desktop\Samsung Update Plus.lnk
2014-01-04 12:34 - 2014-01-04 12:34 - 00000000 _____ C:\Windows\system32\BSPRINT.INI
2014-01-04 12:34 - 2009-06-10 00:51 - 00000032 _____ C:\Windows\0
2014-01-04 12:21 - 2009-06-09 21:39 - 00000000 ____D C:\ProgramData\Bluetooth
2014-01-02 18:17 - 2012-10-29 14:18 - 00000000 ____D C:\Users\Edith\Documents\Amazon Music Importer
2014-01-02 17:08 - 2014-01-02 17:06 - 00000000 ____D C:\Users\Edith\Test
2014-01-02 15:26 - 2011-01-23 23:04 - 00000000 ____D C:\Users\Edith\AppData\Roaming\HTC
2014-01-02 12:19 - 2011-06-30 10:19 - 00001534 _____ C:\ProgramData\ss.ini
2013-12-30 19:35 - 2008-09-12 20:41 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-12-30 13:29 - 2013-12-30 13:02 - 00000000 ____D C:\Users\Edith\AppData\Roaming\ImgBurn
2013-12-30 12:54 - 2013-12-30 12:54 - 00000692 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2013-12-30 12:54 - 2013-12-30 12:54 - 00000692 _____ C:\ProgramData\Desktop\ImgBurn.lnk

Files to move or delete:
====================
C:\ProgramData\dlprotect.exe


Some content of TEMP:
====================
C:\Users\Edith\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Edith\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Edith\AppData\Local\Temp\LEGOLOTR.exe
C:\Users\Guru\AppData\Local\Temp\Quarantine.exe
C:\Users\Root\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\Root\AppData\Local\Temp\AskSLib.dll
C:\Users\Root\AppData\Local\Temp\ConResGr.dll
C:\Users\Root\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Root\AppData\Local\Temp\NEventMessages.dll
C:\Users\Root\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Root\AppData\Local\Temp\setup_3.0.5481.exe
C:\Users\Root\AppData\Local\Temp\siw_sdk.dll
C:\Users\Root\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 15:17

==================== End Of Log ============================

--- --- ---

--- --- ---

Gruß
AlterHase

schrauber · 30.01.2014, 14:29

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

AlterHase · 31.01.2014, 03:18

Hallo Schrauber,

hier die Ergebnisse:

Bei dem ESET-Scan ist die Logdatei leider verloren gegangen, aber ich habe zumindest die Funde aus dem Ergebinsfenster

Code:

ATTFilter

C:\Windows\System32\DlProtectSvc.exe.VIRUS	a variant of Win32/Webprefix.B trojan
C:\Windows\System32\kbd106nd.exe.VIRUS	a variant of Win32/BHO.OGV trojan
D:\Maria\RSSolo_4_german.exe.VIRUS	a variant of Win32/Adware.MediaFinder.G application
D:\Maria\vlc-2.0.5-win64.exe	Win32/StartPage.OPH trojan

Der SecurityCheck Log ist:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.79  
 Windows Vista Service Pack 2 x86   
``````````````Antivirus/Firewall Check:`````````````` 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 CCleaner     
 Java 7 Update 51  
 Adobe Flash Player 	12.0.0.43  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (Firefox.) 
 Mozilla Thunderbird (17.0.6) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  
 StarMoney 8.0 S-Edition ouservice StarMoneyOnlineUpdate.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

und der FRST-Log:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2014 01
Ran by Guru (administrator) on TRAUMBOY on 31-01-2014 03:01:42
Running from C:\Users\Guru\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(IVT Corporation) D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\E_S00RP2.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\SAgent4.exe
(IVT Corporation) D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Cyberlink Corp.) C:\Program Files\PowerDVD\PDVDServ.exe
(Elaborate Bytes AG) D:\Tools\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
() C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(IVT Corporation) D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(ArcSoft, Inc.) C:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Users\Guru\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RemoteControl] - C:\Program Files\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM\...\Run: [VirtualCloneDrive] - D:\Tools\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [52168 2008-06-29] (Elaborate Bytes AG)
HKLM\...\Run: [Eraser] - C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM\...\Run: [] - [x]
HKLM\...\Run: [HTC Sync Loader] - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [655360 2012-12-12] ()
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [BtTray] - D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [315478 2009-09-02] (IVT Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Guru\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKCU\...\Run: [Alamandi tray notifier] - c:\program files\deutschland spielt\alamandi\TaskBarNotifier.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Edith\...\Run: [PC Suite Tray] - "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKU\Edith\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Edith\...\Run: [Alamandi tray notifier] - C:\Program Files\DEUTSCHLAND SPIELT\AlamandiCD\TaskBarNotifier.exe
HKU\Edith\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\Edith\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\Edith\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [ 2011-06-29] (Gemalto N.V.)
HKU\Edith\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Edith\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [ 2013-05-22] ()
HKU\Edith\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Root\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Root\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Root\...\Run: [SpybotSD TeaTimer] - D:\Tools\Spybot - Search & Destroy\TeaTimer.exe
HKU\Root\...\Run: [] - [x]
HKU\Root\...\Run: [NokiaOviSuite2] - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
HKU\Root\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Root\...\Run: [nvda] - C:\Program Files\NVDA\nvda.exe
HKU\Stefan\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2008-01-21] (Microsoft Corporation)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6837] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Application Updater\ApplicationUpdater.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF4581] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9075] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7766] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1604] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF811] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF252] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF214] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2988] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5983] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3516] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6464] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7775] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF927] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings64.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF7016] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2403] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3717] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7601] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1531] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2405] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9092] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5067] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5892] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF501] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1757] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9215] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3912] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2224] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6708] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5492] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7003] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9903] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2359] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4865] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4495] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4060] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4157] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1674] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9414] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF367] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF303] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1138] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7664] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3245] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7549] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4160] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1539] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8642] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4863] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8951] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9461] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3850] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2312] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2170] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6002] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6997] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF2476] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings64.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF7138] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2314] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6549] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF236] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3782] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1250] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7116] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5303] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7838] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8820] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8418] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8119] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2265] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3297] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5843] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5529] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4667] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4698] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5717] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7117] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9717] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3884] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7472] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8045] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1259] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF906] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9713] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3216] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6263] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6918] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8974] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3911] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6988] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5773] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8619] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2254] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4648] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8289] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6896] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9326] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9032] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6286] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8589] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7392] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2609] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8334] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6701] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7300] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2316] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF709] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7554] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3683] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4437] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5968] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF443] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4668] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9855] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2390] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3173] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF33] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6160] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7626] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3622] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7341] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF89] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2204] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1451] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9101] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2143] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9646] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9303] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3054] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [DeleteMarkAny] - C:\Windows\system32\MASetupCleaner.exe [ 2012-12-18] ((주)마크애니)
Startup: C:\Users\Root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk.disabled
ShortcutTarget: OpenOffice.org 3.0.lnk.disabled -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
URLSearchHook: HKLM - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
URLSearchHook: HKCU - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F464F524D3D56453344303126713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&k=0
SearchScopes: HKCU - {0A8AE23C-A3ED-437D-917D-0BA70E1E7F7A} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {5F561372-A6B6-45F1-B03A-1F17A57CFD88} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&k=0
SearchScopes: HKCU - {7917D784-2086-42C1-A64A-5D9243A58FFF} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {9EFD52BD-8D03-470F-A6A3-22F442E06C7C} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {A75FFC07-A59B-4880-8979-34EAEBD8CD9E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
SearchScopes: HKCU - {A8FC31F3-57C3-4DE9-9C3A-2EA3F90F6023} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {F9FFBD07-CBED-4537-9120-845121F47B44} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
BHO: No Name - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: MyEmoticons Class - {DCC39ACE-709B-44EA-B062-5F6BE2774644} - C:\Users\Guru\AppData\Roaming\MyEmoticons\myemoticons-1.4.dll (GreenTree Applications)
Toolbar: HKLM - No Name - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default
FF DefaultSearchEngine: MetaGer
FF SelectedSearchEngine: MetaGer
FF Homepage: hxxp://www.metager.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll No File
FF Plugin: @digitalpublishing.de/dpLaunch - C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @real.com/npracplug;version=1.0.0.0 - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Guru\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npgcplug.dll (RealNetworks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npracplug.dll (RealNetworks)
FF SearchPlugin: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\ashampoo-de-customized-web-search.xml
FF SearchPlugin: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\metager.xml
FF SearchPlugin: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\{CC82F702-0437-4623-B58F-098E34B6D510}.xml
FF SearchPlugin: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\{E77802C1-8764-420A-BDB9-4B5B82C90948}.xml
FF SearchPlugin: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\{F088237D-FE59-4CD3-AC20-23626D5F303F}.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-04]
FF Extension: YouTube mp3 - C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\Extensions\info@youtube-mp3.org.xpi [2012-07-05]
FF Extension: NoScript - C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-07-05]
FF Extension: Adblock Plus - C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [myemoticons@myemoticons.com] - C:\Users\Guru\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.4
FF HKCU\...\Firefox\Extensions: [extension@preispilot.com] - C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\extensions\extension@preispilot.com

========================== Services (Whitelisted) =================

R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.)
R2 BlueSoleilCS; D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1466476 2009-09-02] (IVT Corporation)
R3 BsHelpCS; D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [102503 2009-09-02] (IVT Corporation)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2007-05-23] (CrypKey (Canada) Ltd.)
R2 EPSON_PM_RPCV2_02; C:\Windows\system32\E_S00RP2.EXE [65536 2004-02-19] (SEIKO EPSON CORPORATION)
S2 gupdate1c986be46fae48f; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-04] (Google Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
S4 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StatusAgent4; C:\Windows\system32\SAgent4.exe [122880 2002-12-11] (SEIKO EPSON CORPORATION)
S4 uvnc_service; D:\Program Files\UltraVNC\winvnc.exe [1830856 2009-07-09] (UltraVNC)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
S4 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [x]
S2 mshta32; C:\Windows\system32\kbd106nd.exe [x]
S4 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [x]

==================== Drivers (Whitelisted) ====================

R2 ACEDRV06; C:\Windows\system32\drivers\ACEDRV06.sys [99840 2010-04-29] (Protect Software GmbH)
R2 ACEDRV08; C:\Windows\system32\drivers\ACEDRV08.sys [108768 2009-10-07] (Protect Software GmbH)
R2 acedrv09; C:\Windows\system32\drivers\acedrv09.sys [373568 2007-06-18] (Protect Software GmbH)
R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 acehlp09; C:\Windows\system32\drivers\acehlp09.sys [201696 2007-05-30] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH)
S3 ADDMEM; C:\Users\Root\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [3205 2010-12-10] ()
S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [306816 2009-04-17] (AfaTech                  )
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2009-10-08] ()
S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [33800 2009-06-17] (IVT Corporation.)
S3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27528 2009-06-17] (IVT Corporation.)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [14528 2014-01-22] (Glarysoft Ltd)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [17928 2009-06-17] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [39304 2009-07-08] (IVT Corporation.)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20744 2009-06-17] (IVT Corporation.)
R3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [29192 2009-06-17] ()
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24392 2008-07-21] (Elaborate Bytes AG)
S3 gdrv; C:\Windows\gdrv.sys [17488 2009-12-17] (Windows (R) 2000 DDK provider)
R3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [25480 2009-06-17] (IVT Corporation.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-09-12] (SAMSUNG ELECTRONICS CO., LTD.)
S3 KOBCCEX; C:\Windows\System32\drivers\KOBCCEX.sys [23680 2008-07-09] (KOBIL Systems GmbH)
S3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [94720 2012-07-09] (KOBIL Systems GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2009-01-30] ()
S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [22016 2007-10-11] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [16896 2007-05-01] ()
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2011-12-09] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2011-12-09] (RapidSolution Software AG)
R1 SCT_SKMScan; C:\Windows\System32\DRIVERS\sct_skmscan.sys [33568 2011-03-09] (Sophos Plc)
S3 SIVDRIVER; C:\Windows\system32\Drivers\SIVX32.sys [72256 2010-09-13] (Ray Hinchliffe)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39016 2011-12-09] (RapidSolution Software AG)
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [91472 2009-08-05] (Sun Microsystems, Inc.)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [14856 2009-06-17] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [32392 2009-06-17] (IVT Corporation.)
S3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [243840 2009-01-23] (Vimicro Corporation)
S1 Ai2Chroniker; system32\DRIVERS\Ai2Chroniker.sys [x]
S3 Ai2Mmpd; system32\DRIVERS\Ai2Mmpd.sys [x]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S0 BTHidEnum; System32\Drivers\vbtenum.sys [x]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [x]
S3 btwaudio; system32\drivers\btwaudio.sys [x]
S3 btwavdt; system32\drivers\btwavdt.sys [x]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [x]
S3 catchme; \??\C:\Users\Guru\AppData\Local\Temp\catchme.sys [x]
S3 cpuz134; \??\C:\Users\Root\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-31 02:59 - 2014-01-31 02:59 - 00001081 _____ C:\Users\Guru\Desktop\checkup.txt
2014-01-31 02:53 - 2014-01-31 02:53 - 00987425 _____ C:\Users\Guru\Desktop\SecurityCheck.exe
2014-01-31 02:47 - 2014-01-31 02:47 - 00000301 _____ C:\Users\Guru\Desktop\Eset_Funde.txt
2014-01-29 15:25 - 2014-01-31 03:01 - 00043941 _____ C:\Users\Guru\Desktop\FRST.txt
2014-01-29 15:25 - 2014-01-29 15:25 - 00000000 ____D C:\Users\Guru\Desktop\FRST-OlderVersion
2014-01-29 15:22 - 2014-01-29 15:22 - 00001515 _____ C:\Users\Guru\Desktop\JRT.txt
2014-01-29 15:18 - 2014-01-29 15:18 - 00000000 ____D C:\Windows\ERUNT
2014-01-29 15:17 - 2014-01-29 15:17 - 01037068 _____ (Thisisu) C:\Users\Guru\Desktop\JRT.exe
2014-01-29 15:12 - 2014-01-29 15:12 - 00004574 _____ C:\Users\Guru\Desktop\AdwCleaner[S7].txt
2014-01-29 15:03 - 2014-01-29 15:03 - 01166132 _____ C:\Users\Guru\Desktop\adwcleaner.exe
2014-01-29 14:42 - 2014-01-29 14:42 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 14:42 - 2014-01-29 14:42 - 00000866 _____ C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 14:42 - 2014-01-29 14:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-29 14:42 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-29 13:42 - 2014-01-29 14:14 - 00000000 ___SD C:\ComboFix
2014-01-29 13:40 - 2014-01-29 13:40 - 05177551 ____R (Swearware) C:\Users\Guru\Desktop\ComboFix.exe
2014-01-28 17:11 - 2014-01-28 17:11 - 00000000 ____D C:\Users\Guru\Downloads\GPU24_Meter
2014-01-28 17:09 - 2014-01-28 17:09 - 00000000 ____D C:\Users\Guru\Downloads\CoreTemp32
2014-01-28 17:06 - 2014-01-28 17:06 - 00617196 _____ C:\Users\Guru\Downloads\GPU24_Meter.zip
2014-01-28 17:04 - 2014-01-28 17:04 - 00206064 _____ C:\Users\Guru\Downloads\All_CPU473_Meter.zip
2014-01-28 00:27 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-28 00:27 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-28 00:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-28 00:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-28 00:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-28 00:27 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-28 00:27 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-28 00:27 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-28 00:26 - 2014-01-29 13:42 - 00000000 ___SD C:\32788R22FWJFW
2014-01-28 00:26 - 2014-01-28 00:27 - 00000000 ____D C:\Qoobox
2014-01-28 00:26 - 2014-01-28 00:26 - 00000000 ____D C:\Windows\erdnt
2014-01-27 18:47 - 2014-01-27 18:47 - 00007338 _____ C:\Users\Guru\Desktop\Ct-desinfect_Funde.htm
2014-01-27 18:14 - 2014-01-27 18:14 - 00000388 _____ C:\Users\Guru\Desktop\Gmer.log
2014-01-27 18:02 - 2014-01-27 18:02 - 00380416 _____ C:\Users\Guru\Desktop\co9715eh.exe
2014-01-27 17:58 - 2014-01-29 15:25 - 01137152 _____ (Farbar) C:\Users\Guru\Desktop\FRST.exe
2014-01-27 17:51 - 2014-01-25 01:01 - 00080384 _____ C:\Users\Guru\Desktop\MBRCheck.exe
2014-01-27 17:22 - 2014-01-27 17:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-27 17:22 - 2014-01-27 17:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-25 01:03 - 2014-01-25 01:03 - 00000512 _____ C:\mbr.bin
2014-01-25 01:01 - 2014-01-25 01:01 - 00080384 _____ C:\Users\Edith\Desktop\MBRCheck.exe
2014-01-24 00:01 - 2014-01-30 11:21 - 00000320 _____ C:\Windows\Tasks\GlaryInitialize 4.job
2014-01-24 00:01 - 2014-01-24 00:01 - 00000681 _____ C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-01-24 00:01 - 2014-01-24 00:01 - 00000681 _____ C:\ProgramData\Desktop\Glary Utilities 4.lnk
2014-01-24 00:01 - 2014-01-24 00:01 - 00000000 ____D C:\ProgramData\GlarySoft
2014-01-24 00:01 - 2014-01-22 02:16 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-01-24 00:01 - 2014-01-22 02:09 - 00014528 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-01-23 23:13 - 2014-01-23 23:12 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-23 23:13 - 2014-01-23 23:12 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-23 23:13 - 2014-01-23 23:12 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-23 23:13 - 2014-01-23 23:12 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-23 22:46 - 2014-01-23 22:46 - 00000607 _____ C:\Users\Guru\Desktop\CDex170.lnk
2014-01-23 19:54 - 2014-01-31 03:01 - 00000000 ____D C:\FRST
2014-01-23 19:52 - 2014-01-27 17:55 - 00000470 _____ C:\Users\Guru\Desktop\defogger_disable.log
2014-01-23 19:52 - 2014-01-23 19:52 - 00000000 _____ C:\Users\Guru\defogger_reenable
2014-01-23 19:37 - 2014-01-23 19:37 - 00050477 _____ C:\Users\Guru\Desktop\Defogger.exe
2014-01-23 16:44 - 2014-01-23 16:44 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Mael
2014-01-23 16:22 - 2014-01-23 16:50 - 00000000 ____D C:\Users\Guru\Virus-Analyse
2014-01-23 15:55 - 2014-01-23 16:44 - 00001801 _____ C:\Users\Guru\Last session Guru.prj
2014-01-23 15:37 - 2014-01-23 15:37 - 00000536 _____ C:\Users\Public\Desktop\HxD.lnk
2014-01-23 15:37 - 2014-01-23 15:37 - 00000536 _____ C:\ProgramData\Desktop\HxD.lnk
2014-01-23 14:45 - 2014-01-23 14:45 - 00000610 _____ C:\Users\Public\Desktop\Speccy.lnk
2014-01-23 14:45 - 2014-01-23 14:45 - 00000610 _____ C:\ProgramData\Desktop\Speccy.lnk
2014-01-23 14:37 - 2014-01-23 23:58 - 00000000 ____D C:\Users\Guru\Downloads\Tools
2014-01-23 14:09 - 2014-01-23 14:09 - 00000388 _____ C:\Users\Guru\Documents\gmer2.1.19324.log
2014-01-23 00:46 - 2014-01-23 00:46 - 00096256 _____ C:\Windows\system32\DlProtectSvc.exe.VIRUS
2014-01-23 00:46 - 2014-01-23 00:46 - 00070656 _____ C:\Windows\system32\kbd106nd.exe.VIRUS
2014-01-23 00:46 - 2014-01-23 00:46 - 00012800 _____ C:\ProgramData\dlprotect.exe
2014-01-23 00:45 - 2014-01-23 00:45 - 00000147 _____ C:\Users\Guru\Desktop\Goodgame Empire.url
2014-01-22 15:05 - 2012-04-27 15:41 - 01317376 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2014-01-22 01:20 - 2014-01-24 00:01 - 00000000 ____D C:\Users\Guru\AppData\Roaming\GlarySoft
2014-01-22 00:58 - 2014-01-22 00:58 - 00000000 ____D C:\Users\Guru\AppData\Roaming\aignes
2014-01-21 15:34 - 2014-01-21 15:34 - 00000000 _____ C:\Users\Guru\daemonprocess.txt
2014-01-20 13:35 - 2014-01-20 13:35 - 00000000 ____D C:\Users\Guru\AppData\Roaming\EAC
2014-01-20 13:35 - 2014-01-20 13:35 - 00000000 ____D C:\Users\Guru\AppData\Roaming\AccurateRip
2014-01-20 12:47 - 2014-01-20 12:47 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Mp3jam
2014-01-20 12:15 - 2014-01-21 15:49 - 00000000 ____D C:\Users\Guru\AppData\Local\Mobogenie
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D C:\Users\Guru\Documents\Mobogenie
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D C:\Users\Guru\AppData\Local\cache
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D C:\Users\Guru\.android
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 _____ C:\Users\Edith\daemonprocess.txt
2014-01-20 12:14 - 2014-01-20 12:15 - 00000000 ____D C:\Program Files\Mobogenie
2014-01-20 12:14 - 2014-01-20 12:14 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Mp3jam
2014-01-14 23:04 - 2014-01-14 23:04 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Screenshots
2014-01-14 22:12 - 2014-01-14 22:12 - 00000000 ____D C:\Users\Edith\AppData\Roaming\AlexanderTheGreat
2014-01-14 22:11 - 2014-01-14 22:11 - 00000000 ____D C:\Program Files\Playrix Entertainment
2014-01-12 23:41 - 2014-01-13 19:55 - 00001767 _____ C:\Users\Edith\Documents\captune.log
2014-01-08 22:44 - 2014-01-08 22:44 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Maximize Games
2014-01-04 16:58 - 2014-01-04 16:58 - 00000000 ____D C:\Users\Edith\AppData\Local\Astar Games
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Maximize Games
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\ProgramData\Maximize Games
2014-01-04 16:12 - 2014-01-04 16:12 - 00002012 _____ C:\Users\Public\Desktop\Silent Scream Die Tänzerin.lnk
2014-01-04 16:12 - 2014-01-04 16:12 - 00002012 _____ C:\ProgramData\Desktop\Silent Scream Die Tänzerin.lnk
2014-01-04 16:11 - 2014-01-24 22:44 - 00002549 _____ C:\Users\Public\Desktop\Dreamland.lnk
2014-01-04 16:11 - 2014-01-24 22:44 - 00002549 _____ C:\ProgramData\Desktop\Dreamland.lnk
2014-01-04 16:10 - 2014-01-04 16:18 - 00002867 _____ C:\Users\Public\Desktop\Prinzessin Isabella Die Rückkehr des Fluches Sammleredition.lnk
2014-01-04 16:10 - 2014-01-04 16:18 - 00002867 _____ C:\ProgramData\Desktop\Prinzessin Isabella Die Rückkehr des Fluches Sammleredition.lnk
2014-01-04 16:05 - 2014-01-04 16:19 - 00002447 _____ C:\Users\Public\Desktop\GAME CENTER.lnk
2014-01-04 16:05 - 2014-01-04 16:19 - 00002447 _____ C:\ProgramData\Desktop\GAME CENTER.lnk
2014-01-04 16:05 - 2014-01-04 16:12 - 00000000 ____D C:\Program Files\DEUTSCHLAND SPIELT
2014-01-04 13:59 - 2014-01-21 22:58 - 00000000 ____D C:\Users\Edith\AppData\Local\bluesoleil
2014-01-04 13:05 - 2014-01-04 13:47 - 00000257 _____ C:\Windows\system32\SHORTCUT.INI
2014-01-04 13:05 - 2014-01-04 13:08 - 00000130 _____ C:\Windows\system32\REMOTEDEVICE.INI
2014-01-04 13:04 - 2014-01-29 22:47 - 00005064 _____ C:\Windows\system32\LOCALSERVICE.INI
2014-01-04 13:04 - 2014-01-04 13:52 - 00000100 _____ C:\Windows\system32\LOCALDEVICE.INI
2014-01-04 12:43 - 2014-01-21 22:58 - 00000000 ____D C:\Users\Guru\AppData\Local\bluesoleil
2014-01-04 12:34 - 2014-01-04 12:34 - 00000000 _____ C:\Windows\system32\BSPRINT.INI
2014-01-02 17:06 - 2014-01-02 17:08 - 00000000 ____D C:\Users\Edith\Test
2014-01-02 13:57 - 2014-01-21 23:44 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Dropbox

==================== One Month Modified Files and Folders =======

2014-01-31 03:02 - 2014-01-29 15:25 - 00043941 _____ C:\Users\Guru\Desktop\FRST.txt
2014-01-31 03:01 - 2014-01-23 19:54 - 00000000 ____D C:\FRST
2014-01-31 03:01 - 2009-07-01 11:21 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 03:00 - 2008-10-18 09:21 - 01843725 _____ C:\Windows\WindowsUpdate.log
2014-01-31 02:59 - 2014-01-31 02:59 - 00001081 _____ C:\Users\Guru\Desktop\checkup.txt
2014-01-31 02:53 - 2014-01-31 02:53 - 00987425 _____ C:\Users\Guru\Desktop\SecurityCheck.exe
2014-01-31 02:47 - 2014-01-31 02:47 - 00000301 _____ C:\Users\Guru\Desktop\Eset_Funde.txt
2014-01-31 01:19 - 2006-11-02 13:47 - 00004912 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-31 01:19 - 2006-11-02 13:47 - 00004912 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-30 23:25 - 2011-11-10 14:14 - 00000000 ____D C:\Users\Guru\AppData\Local\Htc
2014-01-30 23:24 - 2011-01-23 22:53 - 00000000 ____D C:\Users\Guru\AppData\Local\Downloaded Installations
2014-01-30 22:51 - 2010-12-04 18:51 - 00000000 ____D C:\Users\Root\Downloads\Samsung R710
2014-01-30 22:42 - 2009-04-29 15:45 - 00000000 ____D C:\ProgramData\Installations
2014-01-30 21:39 - 2009-06-01 11:07 - 00000000 ____D C:\Program Files\Common Files\Nokia
2014-01-30 21:38 - 2010-08-12 14:00 - 00000000 ____D C:\Users\Guru\AppData\Local\NokiaAccount
2014-01-30 18:00 - 2009-08-26 12:51 - 00000440 _____ C:\Windows\Tasks\ParetoLogic Registration.job
2014-01-30 16:53 - 2012-07-08 14:25 - 00000000 ____D C:\Users\Guru\Downloads\Virus-Tools
2014-01-30 13:01 - 2009-07-01 11:21 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-30 11:21 - 2014-01-24 00:01 - 00000320 _____ C:\Windows\Tasks\GlaryInitialize 4.job
2014-01-30 11:20 - 2009-03-10 15:14 - 00000416 ____H C:\Windows\Tasks\SupBackGroundTask.job
2014-01-29 22:49 - 2012-02-27 22:22 - 00002391 _____ C:\Users\Edith\Desktop\capella reader.lnk
2014-01-29 22:47 - 2014-01-04 13:04 - 00005064 _____ C:\Windows\system32\LOCALSERVICE.INI
2014-01-29 22:47 - 2013-02-23 14:27 - 00023808 _____ C:\Windows\error.log
2014-01-29 22:47 - 2009-09-07 15:42 - 00000933 _____ C:\Windows\system32\bscs.ini
2014-01-29 22:47 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-29 19:20 - 2006-11-02 14:01 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-29 15:25 - 2014-01-29 15:25 - 00000000 ____D C:\Users\Guru\Desktop\FRST-OlderVersion
2014-01-29 15:25 - 2014-01-27 17:58 - 01137152 _____ (Farbar) C:\Users\Guru\Desktop\FRST.exe
2014-01-29 15:22 - 2014-01-29 15:22 - 00001515 _____ C:\Users\Guru\Desktop\JRT.txt
2014-01-29 15:18 - 2014-01-29 15:18 - 00000000 ____D C:\Windows\ERUNT
2014-01-29 15:17 - 2014-01-29 15:17 - 01037068 _____ (Thisisu) C:\Users\Guru\Desktop\JRT.exe
2014-01-29 15:12 - 2014-01-29 15:12 - 00004574 _____ C:\Users\Guru\Desktop\AdwCleaner[S7].txt
2014-01-29 15:09 - 2013-08-15 10:17 - 00000000 ____D C:\AdwCleaner
2014-01-29 15:03 - 2014-01-29 15:03 - 01166132 _____ C:\Users\Guru\Desktop\adwcleaner.exe
2014-01-29 14:58 - 2008-01-21 03:47 - 01238182 _____ C:\Windows\PFRO.log
2014-01-29 14:42 - 2014-01-29 14:42 - 00000866 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 14:42 - 2014-01-29 14:42 - 00000866 _____ C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 14:42 - 2014-01-29 14:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-29 14:14 - 2014-01-29 13:42 - 00000000 ___SD C:\ComboFix
2014-01-29 13:42 - 2014-01-28 00:26 - 00000000 ___SD C:\32788R22FWJFW
2014-01-29 13:41 - 2012-05-08 00:21 - 00000000 ____D C:\Program Files\StarMoney 8.0 S-Edition
2014-01-29 13:40 - 2014-01-29 13:40 - 05177551 ____R (Swearware) C:\Users\Guru\Desktop\ComboFix.exe
2014-01-29 13:36 - 2009-08-26 12:51 - 00000414 _____ C:\Windows\Tasks\ParetoLogic Update Version2.job
2014-01-29 02:19 - 2008-12-25 21:49 - 00029184 _____ C:\Users\Edith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-28 18:15 - 2013-12-20 22:55 - 00000000 ____D C:\Users\Guru\AppData\Roaming\NVIDIA
2014-01-28 17:11 - 2014-01-28 17:11 - 00000000 ____D C:\Users\Guru\Downloads\GPU24_Meter
2014-01-28 17:09 - 2014-01-28 17:09 - 00000000 ____D C:\Users\Guru\Downloads\CoreTemp32
2014-01-28 17:06 - 2014-01-28 17:06 - 00617196 _____ C:\Users\Guru\Downloads\GPU24_Meter.zip
2014-01-28 17:04 - 2014-01-28 17:04 - 00206064 _____ C:\Users\Guru\Downloads\All_CPU473_Meter.zip
2014-01-28 00:27 - 2014-01-28 00:26 - 00000000 ____D C:\Qoobox
2014-01-28 00:26 - 2014-01-28 00:26 - 00000000 ____D C:\Windows\erdnt
2014-01-27 18:47 - 2014-01-27 18:47 - 00007338 _____ C:\Users\Guru\Desktop\Ct-desinfect_Funde.htm
2014-01-27 18:14 - 2014-01-27 18:14 - 00000388 _____ C:\Users\Guru\Desktop\Gmer.log
2014-01-27 18:02 - 2014-01-27 18:02 - 00380416 _____ C:\Users\Guru\Desktop\co9715eh.exe
2014-01-27 17:55 - 2014-01-23 19:52 - 00000470 _____ C:\Users\Guru\Desktop\defogger_disable.log
2014-01-27 17:22 - 2014-01-27 17:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-27 17:22 - 2014-01-27 17:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-27 17:22 - 2008-12-19 22:29 - 00000000 ____D C:\Users\Guru\AppData\Local\Adobe
2014-01-26 16:43 - 2008-09-12 02:46 - 00000000 ____D C:\Windows\nvtmpinst
2014-01-26 01:35 - 2010-11-21 18:39 - 00000000 ___RD C:\Users\Edith\Mails
2014-01-26 01:28 - 2011-12-28 16:07 - 00000000 ____D C:\Users\Edith\AppData\Roaming\vlc
2014-01-26 00:40 - 2008-12-19 20:49 - 00000000 ____D C:\Users\Edith
2014-01-26 00:40 - 2008-12-18 21:09 - 00000000 ____D C:\Users\Guru
2014-01-25 23:29 - 2010-10-10 21:50 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-25 17:25 - 2006-11-02 11:33 - 01646180 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-25 01:03 - 2014-01-25 01:03 - 00000512 _____ C:\mbr.bin
2014-01-25 01:01 - 2014-01-27 17:51 - 00080384 _____ C:\Users\Guru\Desktop\MBRCheck.exe
2014-01-25 01:01 - 2014-01-25 01:01 - 00080384 _____ C:\Users\Edith\Desktop\MBRCheck.exe
2014-01-24 22:44 - 2014-01-04 16:11 - 00002549 _____ C:\Users\Public\Desktop\Dreamland.lnk
2014-01-24 22:44 - 2014-01-04 16:11 - 00002549 _____ C:\ProgramData\Desktop\Dreamland.lnk
2014-01-24 00:57 - 2008-12-18 21:09 - 00001501 _____ C:\Users\Guru\Desktop\Windows Explorer.lnk
2014-01-24 00:16 - 2013-11-10 18:19 - 00001064 _____ C:\Users\Edith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-01-24 00:16 - 2013-11-10 18:19 - 00001056 _____ C:\Users\Edith\Desktop\Mozilla Firefox.lnk
2014-01-24 00:16 - 2010-08-04 11:37 - 00000998 _____ C:\Users\Root\Desktop\Procmon.exe - Verknüpfung.lnk
2014-01-24 00:15 - 2013-01-15 23:52 - 00001231 _____ C:\Users\Edith\Desktop\Handbuch_GT-N7105_UM_Open_Jellybean_Ger_Rev.1.1_121106_Screen.pdf - Verknüpfung.lnk
2014-01-24 00:15 - 2011-08-21 13:28 - 00000956 _____ C:\Users\Edith\Desktop\Mobile Atlas Creator.exe - Verknüpfung.lnk
2014-01-24 00:14 - 2011-01-22 10:33 - 00001139 _____ C:\Users\Edith\Desktop\HTC_Desire_HD_Benutzerhandbuch.pdf - Verknüpfung.lnk
2014-01-24 00:14 - 2008-12-29 17:15 - 00000903 _____ C:\Users\Stefan\Desktop\DiscSpeed_5.0.1.250.exe - Verknüpfung.lnk
2014-01-24 00:01 - 2014-01-24 00:01 - 00000681 _____ C:\Users\Public\Desktop\Glary Utilities 4.lnk
2014-01-24 00:01 - 2014-01-24 00:01 - 00000681 _____ C:\ProgramData\Desktop\Glary Utilities 4.lnk
2014-01-24 00:01 - 2014-01-24 00:01 - 00000000 ____D C:\ProgramData\GlarySoft
2014-01-24 00:01 - 2014-01-22 01:20 - 00000000 ____D C:\Users\Guru\AppData\Roaming\GlarySoft
2014-01-23 23:58 - 2014-01-23 14:37 - 00000000 ____D C:\Users\Guru\Downloads\Tools
2014-01-23 23:17 - 2013-11-01 14:44 - 00000000 ____D C:\ProgramData\Oracle
2014-01-23 23:12 - 2014-01-23 23:13 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-23 23:12 - 2014-01-23 23:13 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-23 23:12 - 2014-01-23 23:13 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-23 23:12 - 2014-01-23 23:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-23 22:46 - 2014-01-23 22:46 - 00000607 _____ C:\Users\Guru\Desktop\CDex170.lnk
2014-01-23 21:40 - 2011-12-19 18:24 - 00000000 ____D C:\Users\Guru\AppData\Roaming\vlc
2014-01-23 19:52 - 2014-01-23 19:52 - 00000000 _____ C:\Users\Guru\defogger_reenable
2014-01-23 19:37 - 2014-01-23 19:37 - 00050477 _____ C:\Users\Guru\Desktop\Defogger.exe
2014-01-23 16:50 - 2014-01-23 16:22 - 00000000 ____D C:\Users\Guru\Virus-Analyse
2014-01-23 16:44 - 2014-01-23 16:44 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Mael
2014-01-23 16:44 - 2014-01-23 15:55 - 00001801 _____ C:\Users\Guru\Last session Guru.prj
2014-01-23 15:37 - 2014-01-23 15:37 - 00000536 _____ C:\Users\Public\Desktop\HxD.lnk
2014-01-23 15:37 - 2014-01-23 15:37 - 00000536 _____ C:\ProgramData\Desktop\HxD.lnk
2014-01-23 14:45 - 2014-01-23 14:45 - 00000610 _____ C:\Users\Public\Desktop\Speccy.lnk
2014-01-23 14:45 - 2014-01-23 14:45 - 00000610 _____ C:\ProgramData\Desktop\Speccy.lnk
2014-01-23 14:09 - 2014-01-23 14:09 - 00000388 _____ C:\Users\Guru\Documents\gmer2.1.19324.log
2014-01-23 00:46 - 2014-01-23 00:46 - 00096256 _____ C:\Windows\system32\DlProtectSvc.exe.VIRUS
2014-01-23 00:46 - 2014-01-23 00:46 - 00070656 _____ C:\Windows\system32\kbd106nd.exe.VIRUS
2014-01-23 00:46 - 2014-01-23 00:46 - 00012800 _____ C:\ProgramData\dlprotect.exe
2014-01-23 00:45 - 2014-01-23 00:45 - 00000147 _____ C:\Users\Guru\Desktop\Goodgame Empire.url
2014-01-22 02:16 - 2014-01-24 00:01 - 00101664 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-01-22 02:09 - 2014-01-24 00:01 - 00014528 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-01-22 00:58 - 2014-01-22 00:58 - 00000000 ____D C:\Users\Guru\AppData\Roaming\aignes
2014-01-22 00:15 - 2009-12-16 17:09 - 00000000 ____D C:\Users\Edith\Chor
2014-01-21 23:44 - 2014-01-02 13:57 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Dropbox
2014-01-21 23:37 - 2013-08-14 15:31 - 00000000 ____D C:\Windows\system32\MRT
2014-01-21 23:15 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-21 23:00 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\Msdtc
2014-01-21 23:00 - 2006-11-02 11:22 - 69206016 _____ C:\Windows\system32\config\software_previous
2014-01-21 23:00 - 2006-11-02 11:22 - 45613056 _____ C:\Windows\system32\config\components_previous
2014-01-21 23:00 - 2006-11-02 11:22 - 24117248 _____ C:\Windows\system32\config\system_previous
2014-01-21 23:00 - 2006-11-02 11:22 - 00524288 _____ C:\Windows\system32\config\default_previous
2014-01-21 23:00 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\security_previous
2014-01-21 23:00 - 2006-11-02 11:22 - 00262144 _____ C:\Windows\system32\config\sam_previous
2014-01-21 22:59 - 2008-12-20 22:00 - 00000000 ____D C:\Users\Stefan
2014-01-21 22:59 - 2008-12-20 17:08 - 00000000 ____D C:\Users\Root
2014-01-21 22:58 - 2014-01-04 13:59 - 00000000 ____D C:\Users\Edith\AppData\Local\bluesoleil
2014-01-21 22:58 - 2014-01-04 12:43 - 00000000 ____D C:\Users\Guru\AppData\Local\bluesoleil
2014-01-21 22:58 - 2013-11-14 21:42 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP MP3 Converter
2014-01-21 22:58 - 2013-03-26 13:58 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud
2014-01-21 22:58 - 2013-03-06 22:39 - 00000000 ____D C:\Users\Guru\AppData\Roaming\nvda
2014-01-21 22:58 - 2013-03-02 22:00 - 00000000 ____D C:\Users\Guru\AppData\Local\fd
2014-01-21 22:58 - 2013-02-26 21:38 - 00000000 ____D C:\Users\Guru\Documents\Das Vermachtnis - Das Geheimniss des Verchollenen Konigreiches
2014-01-21 22:58 - 2013-02-24 17:26 - 00000000 ___RD C:\Users\Guru\Documents\IVONA Reader Podcasts
2014-01-21 22:58 - 2013-01-17 00:21 - 00000000 ____D C:\Users\Edith\AppData\Roaming\MyPhoneExplorer
2014-01-21 22:58 - 2013-01-08 00:32 - 00000000 ____D C:\Users\Guru\AppData\Roaming\DVDVideoSoft
2014-01-21 22:58 - 2013-01-06 13:54 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-01-21 22:58 - 2013-01-06 13:36 - 00000000 ____D C:\Users\Edith\AppData\Roaming\IrfanView
2014-01-21 22:58 - 2013-01-06 13:33 - 00000000 ____D C:\Users\Guru\AppData\Roaming\IrfanView
2014-01-21 22:58 - 2012-11-09 21:56 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fritz und Fertig
2014-01-21 22:58 - 2012-10-31 17:37 - 00000000 ____D C:\Users\Guru\AppData\Roaming\MyEmoticons
2014-01-21 22:58 - 2012-10-31 17:37 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyEmoticons
2014-01-21 22:58 - 2012-10-15 23:02 - 00000000 ____D C:\Users\Guru\Documents\Audible
2014-01-21 22:58 - 2012-07-29 00:51 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Tales - Der Mord in der Rue Morgue von Edgar Allan Poe
2014-01-21 22:58 - 2012-04-10 19:03 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Skype
2014-01-21 22:58 - 2011-12-26 23:59 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Dimensions - Stadt im Nebel Sammleredition
2014-01-21 22:58 - 2011-11-28 14:16 - 00000000 ____D C:\Users\Guru\AppData\Roaming\MusE
2014-01-21 22:58 - 2011-11-26 23:34 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\capella-software
2014-01-21 22:58 - 2011-10-26 00:46 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - Gefaehrliche Schatten Sammleredition
2014-01-21 22:58 - 2011-08-10 23:06 - 00000000 ____D C:\Users\Guru\AppData\Roaming\TOMI3
2014-01-21 22:58 - 2011-07-11 11:47 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2014-01-21 22:58 - 2011-05-22 20:29 - 00000000 ____D C:\Users\Guru\Documents\DVDVideoSoft
2014-01-21 22:58 - 2010-10-12 21:20 - 00000000 ____D C:\BigFishGamesCache
2014-01-21 22:58 - 2009-12-07 01:32 - 00000000 ___RD C:\Users\Guru\dwhelper
2014-01-21 22:58 - 2009-10-07 12:22 - 00000000 ___SD C:\Users\Guru\Documents\Eigene Webs
2014-01-21 22:58 - 2009-08-03 15:48 - 00000000 ____D C:\Users\Guru\10DaysUnderTheSea
2014-01-21 22:58 - 2009-06-25 13:29 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Thunderbird
2014-01-21 22:58 - 2009-01-30 23:22 - 00000000 ____D C:\Users\Guru\AppData\Roaming\.pknowledge
2014-01-21 22:58 - 2009-01-25 00:29 - 00000000 ____D C:\Users\Guru\AppData\Roaming\TMInc
2014-01-21 22:58 - 2009-01-23 23:00 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\COKTEL
2014-01-21 22:58 - 2008-12-31 16:10 - 00000000 ____D C:\Users\Edith\AppData\Roaming\dvdcss
2014-01-21 22:58 - 2008-12-18 21:09 - 00000000 ___RD C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-21 22:58 - 2008-12-18 21:09 - 00000000 ___RD C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-21 22:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\spool
2014-01-21 22:58 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\registration
2014-01-21 21:56 - 2008-09-12 04:49 - 00000000 ____D C:\Windows\Options
2014-01-21 15:49 - 2014-01-20 12:15 - 00000000 ____D C:\Users\Guru\AppData\Local\Mobogenie
2014-01-21 15:34 - 2014-01-21 15:34 - 00000000 _____ C:\Users\Guru\daemonprocess.txt
2014-01-20 13:35 - 2014-01-20 13:35 - 00000000 ____D C:\Users\Guru\AppData\Roaming\EAC
2014-01-20 13:35 - 2014-01-20 13:35 - 00000000 ____D C:\Users\Guru\AppData\Roaming\AccurateRip
2014-01-20 12:47 - 2014-01-20 12:47 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Mp3jam
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D C:\Users\Guru\Documents\Mobogenie
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D C:\Users\Guru\AppData\Local\cache
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D C:\Users\Guru\.android
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 _____ C:\Users\Edith\daemonprocess.txt
2014-01-20 12:15 - 2014-01-20 12:14 - 00000000 ____D C:\Program Files\Mobogenie
2014-01-20 12:14 - 2014-01-20 12:14 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Mp3jam
2014-01-19 08:32 - 2009-10-03 06:02 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-14 23:04 - 2014-01-14 23:04 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Screenshots
2014-01-14 22:12 - 2014-01-14 22:12 - 00000000 ____D C:\Users\Edith\AppData\Roaming\AlexanderTheGreat
2014-01-14 22:11 - 2014-01-14 22:11 - 00000000 ____D C:\Program Files\Playrix Entertainment
2014-01-13 19:55 - 2014-01-12 23:41 - 00001767 _____ C:\Users\Edith\Documents\captune.log
2014-01-08 22:44 - 2014-01-08 22:44 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Maximize Games
2014-01-06 23:40 - 2009-04-23 18:31 - 00000000 ____D C:\Users\Edith\AppData\Roaming\Boomzap
2014-01-06 01:28 - 2010-03-13 18:31 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Boomzap
2014-01-05 13:45 - 2013-08-26 14:40 - 00000819 _____ C:\Users\Public\Desktop\VLC media player.lnk
2014-01-05 13:45 - 2013-08-26 14:40 - 00000819 _____ C:\ProgramData\Desktop\VLC media player.lnk
2014-01-04 16:58 - 2014-01-04 16:58 - 00000000 ____D C:\Users\Edith\AppData\Local\Astar Games
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Maximize Games
2014-01-04 16:37 - 2014-01-04 16:37 - 00000000 ____D C:\ProgramData\Maximize Games
2014-01-04 16:19 - 2014-01-04 16:05 - 00002447 _____ C:\Users\Public\Desktop\GAME CENTER.lnk
2014-01-04 16:19 - 2014-01-04 16:05 - 00002447 _____ C:\ProgramData\Desktop\GAME CENTER.lnk
2014-01-04 16:18 - 2014-01-04 16:10 - 00002867 _____ C:\Users\Public\Desktop\Prinzessin Isabella Die Rückkehr des Fluches Sammleredition.lnk
2014-01-04 16:18 - 2014-01-04 16:10 - 00002867 _____ C:\ProgramData\Desktop\Prinzessin Isabella Die Rückkehr des Fluches Sammleredition.lnk
2014-01-04 16:12 - 2014-01-04 16:12 - 00002012 _____ C:\Users\Public\Desktop\Silent Scream Die Tänzerin.lnk
2014-01-04 16:12 - 2014-01-04 16:12 - 00002012 _____ C:\ProgramData\Desktop\Silent Scream Die Tänzerin.lnk
2014-01-04 16:12 - 2014-01-04 16:05 - 00000000 ____D C:\Program Files\DEUTSCHLAND SPIELT
2014-01-04 16:05 - 2008-12-18 22:43 - 00000000 ____D C:\Program Files\OXXOGames
2014-01-04 15:02 - 2010-04-29 21:57 - 00000000 ____D C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tivola
2014-01-04 13:52 - 2014-01-04 13:04 - 00000100 _____ C:\Windows\system32\LOCALDEVICE.INI
2014-01-04 13:47 - 2014-01-04 13:05 - 00000257 _____ C:\Windows\system32\SHORTCUT.INI
2014-01-04 13:25 - 2008-12-20 01:16 - 00005632 _____ C:\Users\Guru\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-04 13:08 - 2014-01-04 13:05 - 00000130 _____ C:\Windows\system32\REMOTEDEVICE.INI
2014-01-04 13:03 - 2008-09-12 05:01 - 00002039 _____ C:\Users\Public\Desktop\Samsung Update Plus.lnk
2014-01-04 13:03 - 2008-09-12 05:01 - 00002039 _____ C:\ProgramData\Desktop\Samsung Update Plus.lnk
2014-01-04 12:34 - 2014-01-04 12:34 - 00000000 _____ C:\Windows\system32\BSPRINT.INI
2014-01-04 12:34 - 2009-06-10 00:51 - 00000032 _____ C:\Windows\0
2014-01-04 12:21 - 2009-06-09 21:39 - 00000000 ____D C:\ProgramData\Bluetooth
2014-01-02 18:17 - 2012-10-29 14:18 - 00000000 ____D C:\Users\Edith\Documents\Amazon Music Importer
2014-01-02 17:08 - 2014-01-02 17:06 - 00000000 ____D C:\Users\Edith\Test
2014-01-02 15:26 - 2011-01-23 23:04 - 00000000 ____D C:\Users\Edith\AppData\Roaming\HTC
2014-01-02 12:19 - 2011-06-30 10:19 - 00001534 _____ C:\ProgramData\ss.ini

Files to move or delete:
====================
C:\ProgramData\dlprotect.exe


Some content of TEMP:
====================
C:\Users\Edith\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Edith\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Edith\AppData\Local\Temp\LEGOLOTR.exe
C:\Users\Guru\AppData\Local\Temp\NEventMessages.dll
C:\Users\Guru\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Guru\AppData\Local\Temp\Quarantine.exe
C:\Users\Root\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\Root\AppData\Local\Temp\AskSLib.dll
C:\Users\Root\AppData\Local\Temp\ConResGr.dll
C:\Users\Root\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Root\AppData\Local\Temp\NEventMessages.dll
C:\Users\Root\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Root\AppData\Local\Temp\setup_3.0.5481.exe
C:\Users\Root\AppData\Local\Temp\siw_sdk.dll
C:\Users\Root\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-29 22:55

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Die Explorer-Abstürze sind seitdem nicht mehr aufgetreten, was mich aber immer noch sehr irritiert sind die Meldungen über den unbekannten MBR.

Gruß
AlterHase

schrauber · 31.01.2014, 17:06

wer zeigt das an?

Deinstaliere bitte Spybot.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Windows\System32\DlProtectSvc.exe.VIRUS
C:\Windows\System32\kbd106nd.exe.VIRUS
C:\Windows\System32\DlProtectSvc.exe
C:\Windows\System32\kbd106nd.exe
HKU\Stefan\...\RunOnce: [SpybotDeletingF6837] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Application Updater\ApplicationUpdater.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF4581] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9075] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7766] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1604] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF811] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF252] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF214] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2988] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5983] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3516] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6464] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7775] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF927] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings64.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF7016] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2403] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3717] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7601] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1531] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2405] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9092] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5067] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5892] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF501] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1757] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9215] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3912] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2224] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6708] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5492] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7003] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9903] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2359] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4865] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4495] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4060] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4157] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1674] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9414] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF367] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF303] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1138] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7664] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3245] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7549] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4160] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1539] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8642] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4863] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8951] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9461] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3850] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2312] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2170] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6002] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6997] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF2476] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings64.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF7138] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2314] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6549] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF236] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3782] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1250] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7116] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5303] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7838] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8820] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8418] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8119] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2265] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3297] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5843] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5529] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4667] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4698] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5717] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7117] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9717] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3884] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7472] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8045] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1259] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF906] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9713] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3216] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6263] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6918] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8974] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3911] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6988] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5773] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8619] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2254] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4648] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8289] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6896] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9326] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9032] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6286] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8589] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7392] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2609] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8334] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6701] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7300] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2316] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF709] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7554] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3683] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4437] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5968] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF443] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4668] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9855] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2390] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3173] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF33] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6160] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7626] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3622] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7341] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF89] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2204] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1451] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9101] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2143] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9646] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9303] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3054] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [DeleteMarkAny] - C:\Windows\system32\MASetupCleaner.exe [ 2012-12-18] ((주)마크애니)

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

AlterHase · 31.01.2014, 19:33

Den veränderten MBR berichten GMER und CheckMbr

der Gmer-Log

Code:

ATTFilter

GMER 2.1.19355 - hxxp://www.gmer.net
Rootkit quick scan 2014-01-31 19:05:13
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: co9715eh.exe; Driver: C:\Users\Guru\AppData\Local\Temp\awtiipog.sys


---- Disk sectors - GMER 2.1 ----

Disk  \Device\Harddisk0\DR0  unknown MBR code

---- EOF - GMER 2.1 ----

der MBRCheck-log:

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer:		Phoenix Technologies Ltd.
System Manufacturer:		SAMSUNG ELECTRONICS CO., LTD.
System Product Name:		R710
Logical Drives Mask:		0x0000001c

Kernel Drivers (total 164):
  0x82408000 \SystemRoot\system32\ntoskrnl.exe
  0x827B3000 \SystemRoot\system32\hal.dll
  0x8A401000 \SystemRoot\system32\kdcom.dll
  0x8A408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8A478000 \SystemRoot\system32\PSHED.dll
  0x8A489000 \SystemRoot\system32\BOOTVID.dll
  0x8A491000 \SystemRoot\system32\CLFS.SYS
  0x8A4D2000 \SystemRoot\system32\CI.dll
  0x8A5B2000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8A633000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8A641000 \SystemRoot\system32\drivers\acpi.sys
  0x8A687000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x8A690000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8A698000 \SystemRoot\system32\drivers\pci.sys
  0x8A6BF000 \SystemRoot\System32\drivers\partmgr.sys
  0x8A6CF000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8A6D2000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8A6DC000 \SystemRoot\system32\drivers\volmgr.sys
  0x8A6EB000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8A735000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8A801000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x8A8D1000 \SystemRoot\system32\DRIVERS\iaNvStor.sys
  0x8A919000 \SystemRoot\system32\drivers\atapi.sys
  0x8A921000 \SystemRoot\system32\drivers\ataport.SYS
  0x8A93F000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8A971000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8A981000 \SystemRoot\system32\DRIVERS\MpFilter.sys
  0x8A9B1000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8AA23000 \SystemRoot\system32\drivers\ndis.sys
  0x8AB2E000 \SystemRoot\system32\drivers\msrpc.sys
  0x8AB59000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8AC07000 \SystemRoot\System32\drivers\tcpip.sys
  0x8ACF4000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8AD0F000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8AE1F000 \SystemRoot\system32\drivers\volsnap.sys
  0x8AE58000 \SystemRoot\System32\Drivers\spldr.sys
  0x8AE60000 \SystemRoot\System32\Drivers\mup.sys
  0x8AE6F000 \SystemRoot\System32\drivers\ecache.sys
  0x8AE96000 \SystemRoot\system32\drivers\disk.sys
  0x8AEA7000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8AEC8000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8AED1000 \SystemRoot\System32\Drivers\BtHidBus.sys
  0x8AED5000 \SystemRoot\System32\drivers\BootDefragDriver.sys
  0x8AEE9000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8AEF4000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8F80D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x900AA000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x9014A000 \SystemRoot\System32\drivers\watchdog.sys
  0x90156000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x90161000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x9019F000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x901AE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x9023B000 \SystemRoot\system32\DRIVERS\athr.sys
  0x90364000 \SystemRoot\system32\DRIVERS\yk60x86.sys
  0x903B0000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x903B4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x903C7000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x903D2000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x903DD000 \SystemRoot\system32\drivers\Afc.sys
  0x8AEFD000 \??\C:\Windows\system32\drivers\acehlp10.sys
  0x8AF39000 \??\C:\Windows\system32\drivers\acehlp09.sys
  0x903E5000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x903FD000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8AF69000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8F800000 \SystemRoot\System32\Drivers\btnetBus.sys
  0x8F806000 \SystemRoot\System32\Drivers\VcommMgr.sys
  0x8AF78000 \SystemRoot\System32\Drivers\IvtBtBus.sys
  0x8AF7D000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8AFAC000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8AFED000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8AEDC000 \SystemRoot\system32\drivers\tbhsd.sys
  0x8AB94000 \SystemRoot\system32\drivers\portcls.sys
  0x8ABC1000 \SystemRoot\system32\drivers\drmk.sys
  0x8A745000 \SystemRoot\system32\drivers\ks.sys
  0x8ABE6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8A76F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8A77A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8A79D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8A7AC000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8A7C0000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8A7D5000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8A7E5000 \SystemRoot\system32\DRIVERS\rrnetcap.sys
  0x8A7F0000 \SystemRoot\system32\DRIVERS\VClone.sys
  0x90C0F000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x90C35000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x90C37000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x90C41000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x90C4E000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x90C83000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x90C94000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x90E94000 \SystemRoot\system32\drivers\nvhda32v.sys
  0x90EBC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x90EC5000 \SystemRoot\System32\Drivers\Null.SYS
  0x90ECC000 \SystemRoot\System32\Drivers\Beep.SYS
  0x90EDC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x90EE3000 \SystemRoot\System32\drivers\vga.sys
  0x90EEF000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x90F10000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x90F18000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x90F20000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x90F2B000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x90F39000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x90F42000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x90F58000 \SystemRoot\system32\DRIVERS\smb.sys
  0x90F6C000 \SystemRoot\system32\drivers\afd.sys
  0x90FB4000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x90FE6000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x9100C000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x91022000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x91030000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x91043000 \SystemRoot\system32\DRIVERS\sct_skmscan.sys
  0x9104F000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x9108B000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x91095000 \SystemRoot\system32\ckldrv.sys
  0x9109A000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x9109F000 \SystemRoot\System32\Drivers\dfsc.sys
  0x910B6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x910CD000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x910CF000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x910D8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x910E8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x910F1000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x99850000 \SystemRoot\System32\win32k.sys
  0x91106000 \SystemRoot\System32\drivers\Dxapi.sys
  0x91110000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x99A70000 \SystemRoot\System32\TSDDD.dll
  0x99A90000 \SystemRoot\System32\cdd.dll
  0x9111F000 \SystemRoot\system32\drivers\luafv.sys
  0x9113A000 \??\C:\Windows\system32\drivers\ACEDRV06.sys
  0x9119A000 \??\C:\Windows\system32\drivers\ACEDRV08.sys
  0x911FC000 \SystemRoot\system32\drivers\WudfPf.sys
  0x91210000 \SystemRoot\system32\DRIVERS\kmdfmemio.sys
  0x91218000 \SystemRoot\system32\drivers\spsys.sys
  0x912C8000 \SystemRoot\system32\DRIVERS\irda.sys
  0x912E6000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x912F6000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x91320000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x9132A000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x9133D000 \SystemRoot\system32\drivers\HTTP.sys
  0x913AA000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x913C7000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x913E0000 \SystemRoot\System32\drivers\mpsdrv.sys
  0xA4005000 \SystemRoot\system32\drivers\mrxdav.sys
  0xA4026000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA4045000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA407E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA4096000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA40BE000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA4125000 \SystemRoot\System32\Drivers\SENTINEL.SYS
  0xA413A000 \??\C:\Windows\system32\drivers\acedrv09.sys
  0xA419B000 \??\C:\Windows\system32\drivers\acedrv10.sys
  0xA422C000 \??\C:\Windows\system32\drivers\acedrv11.sys
  0xA4258000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0xA429B000 \SystemRoot\system32\DRIVERS\VComm.sys
  0xA429D000 \SystemRoot\system32\DRIVERS\btnetdrv.sys
  0xA42A5000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0xA42AA000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
  0xA42C3000 \SystemRoot\system32\drivers\peauth.sys
  0xA43A1000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA43AB000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA43B7000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xA43CD000 \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CE6D92B1-B07C-4EE3-A47C-AD603308B183}\MpKsl614c048d.sys
  0xA43D3000 \??\C:\Users\Guru\AppData\Local\Temp\awtiipog.sys
  0x773A0000 \Windows\System32\ntdll.dll

Processes (total 89):
       0 System Idle Process
       4 System
     604 C:\Windows\System32\smss.exe
     672 csrss.exe
     724 C:\Windows\System32\wininit.exe
     736 csrss.exe
     768 C:\Windows\System32\services.exe
     780 C:\Windows\System32\lsass.exe
     788 C:\Windows\System32\lsm.exe
     960 C:\Windows\System32\winlogon.exe
     984 C:\Windows\System32\svchost.exe
    1028 C:\Windows\System32\nvvsvc.exe
    1060 C:\Windows\System32\svchost.exe
    1112 C:\Program Files\Microsoft Security Client\MsMpEng.exe
    1260 C:\Windows\System32\svchost.exe
    1284 C:\Windows\System32\svchost.exe
    1300 C:\Windows\System32\svchost.exe
    1384 C:\Windows\System32\audiodg.exe
    1408 C:\Windows\System32\svchost.exe
    1432 C:\Windows\System32\SLsvc.exe
    1480 C:\Windows\System32\svchost.exe
    1588 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    1596 C:\Windows\System32\nvvsvc.exe
    1740 C:\Windows\System32\svchost.exe
    2008 C:\Windows\System32\spoolsv.exe
    2016 C:\Windows\System32\taskeng.exe
    2044 C:\Windows\System32\svchost.exe
    1848 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
     380 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
     848 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    1924 D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
     784 C:\Windows\System32\Crypserv.exe
    2152 C:\Windows\System32\E_S00RP2.EXE
    2188 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    2364 C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
    2616 C:\Windows\System32\dwm.exe
    2668 C:\Windows\explorer.exe
    2788 C:\Windows\System32\taskeng.exe
    2796 C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    2832 C:\Windows\System32\svchost.exe
    2876 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    2892 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    2928 C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    3016 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    3028 C:\Windows\System32\taskeng.exe
    3036 C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
    3080 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    3384 C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
    3400 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    3484 C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
    3496 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    3520 C:\Windows\RtHDVCpl.exe
    3528 C:\Program Files\PowerDVD\PDVDServ.exe
    3572 D:\Tools\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    3580 C:\Program Files\Eraser\Eraser.exe
    3620 C:\Windows\System32\SAgent4.exe
    3632 C:\Windows\System32\svchost.exe
    3664 C:\Windows\System32\svchost.exe
    3708 C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    3740 C:\Program Files\Microsoft Security Client\msseces.exe
    3796 C:\Windows\System32\SearchIndexer.exe
    3828 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3844 D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
    3856 C:\Windows\ehome\ehtray.exe
    3880 C:\Program Files\Windows Media Player\wmpnscfg.exe
    4052 C:\Program Files\Microsoft Security Client\NisSrv.exe
    2564 D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
    2812 C:\Users\Guru\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
    3416 C:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
    1212 C:\Windows\ehome\ehmsas.exe
    1232 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4176 C:\Windows\System32\wbem\unsecapp.exe
    4248 WmiPrvSE.exe
    4384 C:\Program Files\Mozilla Firefox\firefox.exe
    4616 C:\Windows\System32\svchost.exe
    4808 C:\Program Files\Mozilla Firefox\plugin-container.exe
    4848 C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
    4928 C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
    5516 C:\Windows\System32\conime.exe
    4160 C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    4336 C:\Windows\System32\notepad.exe
    4628 C:\Windows\System32\notepad.exe
    4348 D:\Program Files\HxD\HxD.exe
    5940 MpCmdRun.exe
    2488 C:\Windows\System32\SearchProtocolHost.exe
    5916 C:\Windows\System32\SearchFilterHost.exe
    3808 dllhost.exe
    4864 dllhost.exe
    5872 C:\Users\Guru\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`85d00000  (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-35ZCT0, Rev: 11.01A11

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Unknown MBR code
            SHA1: 898F3CF28E8EC7228D29035E39B672E205D702F2


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Der FRST Fixlog:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 29-01-2014 01
Ran by Guru at 2014-01-31 19:23:37 Run:1
Running from C:\Users\Guru\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Windows\System32\DlProtectSvc.exe.VIRUS
C:\Windows\System32\kbd106nd.exe.VIRUS
C:\Windows\System32\DlProtectSvc.exe
C:\Windows\System32\kbd106nd.exe
HKU\Stefan\...\RunOnce: [SpybotDeletingF6837] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Application Updater\ApplicationUpdater.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF4581] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9075] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7766] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1604] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF811] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF252] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF214] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2988] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5983] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3516] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6464] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7775] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF927] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings64.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF7016] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2403] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3717] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7601] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1531] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2405] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9092] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5067] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5892] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF501] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1757] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9215] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3912] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2224] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6708] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5492] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7003] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9903] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2359] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4865] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4495] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4060] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4157] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1674] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9414] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF367] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF303] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1138] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7664] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3245] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7549] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4160] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1539] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8642] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4863] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8951] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9461] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3850] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2312] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2170] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6002] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6997] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF2476] - "C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe" "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings64.exe"
HKU\Stefan\...\RunOnce: [SpybotDeletingF7138] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2314] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6549] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF236] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3782] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1250] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7116] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5303] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7838] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8820] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8418] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8119] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2265] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3297] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5843] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5529] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4667] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4698] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5717] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7117] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9717] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3884] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7472] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8045] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1259] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF906] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9713] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3216] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6263] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6918] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8974] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3911] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6988] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5773] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8619] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2254] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4648] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8289] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6896] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9326] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9032] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6286] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8589] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7392] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2609] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF8334] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6701] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7300] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2316] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF709] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7554] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3683] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4437] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF5968] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF443] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF4668] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9855] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2390] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3173] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF33] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF6160] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7626] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3622] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF7341] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF89] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2204] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF1451] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9101] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF2143] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9646] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF9303] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [SpybotDeletingF3054] - C:\Program Files\Spybot - Search & Destroy 2\SDDelFile.exe [ 2012-11-13] (Safer-Networking Ltd.)
HKU\Stefan\...\RunOnce: [DeleteMarkAny] - C:\Windows\system32\MASetupCleaner.exe [ 2012-12-18] ((?)????)
         
*****************

C:\Windows\System32\DlProtectSvc.exe.VIRUS => Moved successfully.
C:\Windows\System32\kbd106nd.exe.VIRUS => Moved successfully.
"C:\Windows\System32\DlProtectSvc.exe" => File/Directory not found.
"C:\Windows\System32\kbd106nd.exe" => File/Directory not found.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF6837 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF4581 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF9075 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF7766 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF1604 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF811 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF252 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF214 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF2988 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF5983 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF3516 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF6464 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF7775 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF927 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF7016 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF2403 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF3717 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF7601 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF1531 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF2405 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF9092 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF5067 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF5892 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF501 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF1757 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF9215 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF3912 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF2224 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF6708 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF5492 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF7003 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF9903 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF2359 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF4865 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF4495 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF4060 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF4157 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF1674 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF9414 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF367 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF303 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF1138 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF7664 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF3245 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF7549 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF4160 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF1539 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF8642 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF4863 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF8951 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF9461 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF3850 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF2312 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF2170 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF6002 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF6997 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF2476 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF7138 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF2314 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF6549 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF236 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF3782 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF1250 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF7116 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF5303 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF7838 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF8820 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF8418 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF8119 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF2265 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF3297 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF5843 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF5529 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF4667 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF4698 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF5717 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF7117 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF9717 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF3884 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF7472 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF8045 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF1259 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF906 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF9713 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF3216 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF6263 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF6918 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF8974 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF3911 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF6988 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF5773 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF8619 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF2254 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF4648 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF8289 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF6896 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF9326 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF9032 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF6286 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF8589 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF7392 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF2609 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF8334 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF6701 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF7300 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF2316 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF709 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF7554 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF3683 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF4437 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF5968 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF443 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF4668 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF9855 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF2390 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF3173 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF33 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF6160 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF7626 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF3622 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF7341 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF89 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF2204 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF1451 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF9101 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF2143 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF9646 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF9303 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingF3054 => Value deleted successfully.
HKU\Stefan\Software\Microsoft\Windows\CurrentVersion\RunOnce\\DeleteMarkAny => Value deleted successfully.

==== End of Fixlog ====

Wenn es hilft kann ich auch einen dump des ersten Sektors der Festplatte (MBR) und des Bootsektors (Sektor 1 von Laufwek C: ) senden.

Gruß
AlterHase

schrauber · 01.02.2014, 17:21

Sollte eigentlich durch CF weg sein, schauen wir mal

Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.

Führe die mbrmastr.exe aus.
Drücke auf Backup MBR und speichere es als emsi auf den Desktop.
Schliesse dann das Programm wieder.
Packe die erstellte emsi.mbr in ein zip-Archiv (Rechtsklick -> Senden an -> Zip-komprimierten Ordner) und hänge die Datei hier an.
Auf dem Desktop wird ebenfalls eine Textdatei MBRMastr_<date>_<time>.txt erstellt. Poste deren Inhalt bitte hier.

AlterHase · 01.02.2014, 17:57

Hallo Schrauber,

falls CF Combofix bedeutet, kann ich sagen dass das Programm bei meinen zwei Versuchen nie regulär beendet, sondern von mir mit dem Taskmanager abgebrochen wurde.

Der Inhalt von MBRMaster

Code:

ATTFilter

Detected Windows version: 6.0 Build 6002 Service Pack 2
Installing direct disk access driver ...
Driver connection handle: 0x000000D0
1 valid drive(s) found.

Details for Disk 0 - WDC WD32 00BEVT-35ZCT Rev 11.0:
  Device name              : \\.\PhysicalDrive0
  Geometry (C/H/S)         : 38913/255/63
  Boot loader reputation   : Unknown
  Cross view comparison    : Passed
  Partition table integrity: Passed

  Boot loader hashes
    SHA-1                  : 898F3CF28E8EC7228D29035E39B672E205D702F2
    MD5                    : 61A349592C4728853F4A90FF78F7628E

Zu den Explorer-Abstürzen muß ich ergänzen dass meine Frau kürzlich einen Absturz beim Versuch "Datei-Umbenennen" hatte.

Gruß
AlterHase

schrauber · 02.02.2014, 07:13

Zitat:

falls CF Combofix bedeutet, kann ich sagen dass das Programm bei meinen zwei Versuchen nie regulär beendet, sondern von mir mit dem Taskmanager abgebrochen wurde.

Stimmt ja, nee dann kann er das ja auch nit fixen

Ja der MBr ist schon komisch.

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

AlterHase · 02.02.2014, 14:12

Hallo Schrauber,

habe den TDSSKiller laufen lassen. Nach Programmstart wurde gemeldet, dass die Version alt sei. Ich habe dann die neue Version heruntergeladen und ausgeführt. Bei den "Settings" gibt es unter "Additional Options" eine weitere Checkbox "use KSN to scan objects". Dies habe ich nicht abgewählt.
Der Log vom ersten Aufruf:

Code:

ATTFilter

13:45:58.0018 5064  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:46:15.0380 5064  Perform update action was selected
13:46:15.0382 5892  Deinitialize success

Der Log vom zweiten Aufruf:

Code:

ATTFilter

13:49:35.0453 0x0c38  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
13:49:47.0600 0x0c38  ============================================================
13:49:47.0600 0x0c38  Current date / time: 2014/02/02 13:49:47.0600
13:49:47.0600 0x0c38  SystemInfo:
13:49:47.0600 0x0c38  
13:49:47.0600 0x0c38  OS Version: 6.0.6002 ServicePack: 2.0
13:49:47.0600 0x0c38  Product type: Workstation
13:49:47.0601 0x0c38  ComputerName: TRAUMBOY
13:49:47.0603 0x0c38  UserName: Guru
13:49:47.0603 0x0c38  Windows directory: C:\Windows
13:49:47.0603 0x0c38  System windows directory: C:\Windows
13:49:47.0603 0x0c38  Processor architecture: Intel x86
13:49:47.0603 0x0c38  Number of processors: 2
13:49:47.0603 0x0c38  Page size: 0x1000
13:49:47.0603 0x0c38  Boot type: Normal boot
13:49:47.0603 0x0c38  ============================================================
13:49:48.0168 0x0c38  KLMD registered as C:\Windows\system32\drivers\36885204.sys
13:49:48.0494 0x0c38  System UUID: {206E0109-6591-0473-02B5-AB4E17A2859A}
13:49:50.0329 0x0c38  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:49:50.0407 0x0c38  ============================================================
13:49:50.0407 0x0c38  \Device\Harddisk0\DR0:
13:49:50.0407 0x0c38  MBR partitions:
13:49:50.0407 0x0c38  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x1202E000
13:49:50.0407 0x0c38  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1342E800, BlocksNum 0x11FFF800
13:49:50.0407 0x0c38  ============================================================
13:49:50.0408 0x0c38  C: <-> \Device\Harddisk0\DR0\Partition1
13:49:50.0476 0x0c38  D: <-> \Device\Harddisk0\DR0\Partition2
13:49:50.0476 0x0c38  ============================================================
13:49:50.0476 0x0c38  Initialize success
13:49:50.0476 0x0c38  ============================================================
13:51:34.0828 0x16fc  ============================================================
13:51:34.0828 0x16fc  Scan started
13:51:34.0828 0x16fc  Mode: Manual; SigCheck; TDLFS; 
13:51:34.0828 0x16fc  ============================================================
13:51:34.0828 0x16fc  KSN ping started
13:51:37.0307 0x16fc  KSN ping finished: true
13:51:37.0603 0x16fc  ================ Scan system memory ========================
13:51:37.0603 0x16fc  System memory - ok
13:51:37.0604 0x16fc  ================ Scan services =============================
13:51:37.0761 0x16fc  [ 44010948BDE6ADE50DD1386657C73E83, D5344784B092D31D9660406D371ED62EDFAB3EB880D129BEC0783208AE172274 ] ACEDRV06        C:\Windows\system32\drivers\ACEDRV06.sys
13:51:38.0030 0x16fc  ACEDRV06 - detected UnsignedFile.Multi.Generic ( 1 )
13:51:38.0135 0x16fc  ACEDRV06 ( UnsignedFile.Multi.Generic ) - warning
13:51:40.0623 0x16fc  [ DA06D89CDFDD0D24DE75165CF6D4270B, 39C2B53E7BAF15A5B536E70B834B32D1D0E50617E697DB318816C828825E61C1 ] ACEDRV08        C:\Windows\system32\drivers\ACEDRV08.sys
13:51:40.0951 0x16fc  ACEDRV08 - ok
13:51:41.0002 0x16fc  [ BD4E8C841716D5F2804CE000CFE61524, 3BCE8EB245C030D1AC1E88F90DF5697F1861EAF30620CB308F6A76713B5EFD9E ] acedrv09        C:\Windows\system32\drivers\acedrv09.sys
13:51:41.0103 0x16fc  acedrv09 - ok
13:51:41.0166 0x16fc  [ 0059FF74927A27395C5E190F9AA392DF, CAB034EA66AAC5705F9F3029B67A4C1E2CF3A6EBCCABB2C3A8FE8CD39CD7008C ] acedrv10        C:\Windows\system32\drivers\acedrv10.sys
13:51:41.0284 0x16fc  acedrv10 - ok
13:51:41.0340 0x16fc  [ E6F53D6C0DEA3D375362265E175CA638, 6C0C25DF28DB250BE3CD3A672AED26C3383F16E91D6FD3D964D15CD80208A8B6 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
13:51:41.0631 0x16fc  acedrv11 - ok
13:51:41.0677 0x16fc  [ 7B19E528F2F40524E2C40F754A571EB8, 0D76212B31C748C84D68D383A36E28DBC5C00D31924E5E092304BF5EE19FFD41 ] acehlp09        C:\Windows\system32\drivers\acehlp09.sys
13:51:41.0746 0x16fc  acehlp09 - ok
13:51:41.0789 0x16fc  [ 6625A32AD17A3FA6C7F405AEAC945AA7, 9B9BFAE7586CD2601DE2AD77560B1345E8628B8E9A90CADBE134534EBAAF829F ] acehlp10        C:\Windows\system32\drivers\acehlp10.sys
13:51:41.0862 0x16fc  acehlp10 - ok
13:51:41.0917 0x16fc  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
13:51:41.0961 0x16fc  ACPI - ok
13:51:42.0079 0x16fc  [ 2DD8DBA29C207DFB9D83CC9AFDE12385, 835A7024282EE1E05F914FEF6C93BF4F94939F9C984750350F15F85B864C914A ] ADDMEM          C:\Users\Root\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS
13:51:42.0124 0x16fc  ADDMEM - detected UnsignedFile.Multi.Generic ( 1 )
13:51:42.0124 0x16fc  ADDMEM ( UnsignedFile.Multi.Generic ) - warning
13:51:44.0672 0x16fc  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:51:44.0709 0x16fc  AdobeARMservice - ok
13:51:44.0779 0x16fc  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:51:44.0855 0x16fc  adp94xx - ok
13:51:44.0912 0x16fc  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:51:44.0980 0x16fc  adpahci - ok
13:51:45.0001 0x16fc  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
13:51:45.0042 0x16fc  adpu160m - ok
13:51:45.0075 0x16fc  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:51:45.0131 0x16fc  adpu320 - ok
13:51:45.0181 0x16fc  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:51:45.0271 0x16fc  AeLookupSvc - ok
13:51:45.0335 0x16fc  [ 3CD15EBAA1D68BC18CE14A26683BC1EC, 5A39CEE48A7CB7B3D2401278D6443B1BA9F043C36A3DADE15AAB30D040A88C3B ] AF15BDA         C:\Windows\system32\DRIVERS\AF15BDA.sys
13:51:45.0448 0x16fc  AF15BDA - ok
13:51:45.0500 0x16fc  [ A7B8A3A79D35215D798A300DF49ED23F, D441633C0F8E22F8976B95D6A3DCD552AA07C616AC5FE4379472954F7BE6075E ] Afc             C:\Windows\system32\drivers\Afc.sys
13:51:45.0519 0x16fc  Afc - detected UnsignedFile.Multi.Generic ( 1 )
13:51:45.0519 0x16fc  Afc ( UnsignedFile.Multi.Generic ) - warning
13:51:48.0137 0x16fc  [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD             C:\Windows\system32\drivers\afd.sys
13:51:48.0250 0x16fc  AFD - ok
13:51:48.0373 0x16fc  [ CE91B158FA490CF4C4D487A4130F4660, C343AEB125B15E6FC8428499E1C48390EF5073FACB0DC9BAB9040EFB170D04A5 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
13:51:48.0572 0x16fc  AgereSoftModem - ok
13:51:48.0610 0x16fc  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
13:51:48.0646 0x16fc  agp440 - ok
13:51:48.0670 0x16fc  Ai2Chroniker - ok
13:51:48.0684 0x16fc  Ai2Mmpd - ok
13:51:48.0726 0x16fc  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
13:51:48.0763 0x16fc  aic78xx - ok
13:51:48.0785 0x16fc  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
13:51:48.0917 0x16fc  ALG - ok
13:51:48.0932 0x16fc  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
13:51:48.0947 0x16fc  aliide - ok
13:51:48.0964 0x16fc  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
13:51:48.0980 0x16fc  amdagp - ok
13:51:48.0997 0x16fc  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
13:51:49.0012 0x16fc  amdide - ok
13:51:49.0030 0x16fc  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
13:51:49.0059 0x16fc  AmdK7 - ok
13:51:49.0068 0x16fc  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:51:49.0110 0x16fc  AmdK8 - ok
13:51:49.0164 0x16fc  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
13:51:49.0216 0x16fc  Appinfo - ok
13:51:49.0315 0x16fc  [ A8AA9D47F971570A5162B862B80F87E8, D33A9A2B7838288E99B56B95A10E6B62E4EFF973CF7FFA0073CC2A9145C0E11D ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
13:51:49.0333 0x16fc  Apple Mobile Device - ok
13:51:49.0360 0x16fc  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
13:51:49.0380 0x16fc  arc - ok
13:51:49.0409 0x16fc  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:51:49.0429 0x16fc  arcsas - ok
13:51:49.0512 0x16fc  [ 40C145F12FF461A0220303BDA134F598, 27623BE626417151F62200127B8C68F35FB78D21E4D14B69E2B20F81C5D84C61 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:51:49.0529 0x16fc  aspnet_state - ok
13:51:49.0562 0x16fc  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:51:49.0609 0x16fc  AsyncMac - ok
13:51:49.0635 0x16fc  [ 2D9C903DC76A66813D350A562DE40ED9, 82609F01A08C6842E4C17C077BB641C1429C0E6657964B7F2D114035E1BDCBF3 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:51:49.0657 0x16fc  atapi - ok
13:51:49.0762 0x16fc  [ F32FEE7CB2EE32C1F808409BC8019701, 4EB9C8388BC27EA0EEFAD8F6C7C62310832D8B13F0EE5D6667F37E6FC1D46794 ] athr            C:\Windows\system32\DRIVERS\athr.sys
13:51:49.0937 0x16fc  athr - ok
13:51:49.0987 0x16fc  [ 3C4B9850A2631C2263507400D029057B, A3DFF043B92C2F8C533BA609FB9FB20CF132E9D516449877CC2EDD75F1D6BC5C ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
13:51:50.0088 0x16fc  atksgt - ok
13:51:50.0141 0x16fc  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:51:50.0200 0x16fc  AudioEndpointBuilder - ok
13:51:50.0219 0x16fc  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:51:50.0267 0x16fc  Audiosrv - ok
13:51:50.0294 0x16fc  [ 08015D34F6FDD0B355805BAD978497C3, AAD5F919215B8630DCCADF2AC8DC82BAA543C52B1682B476093E014532B20EBD ] bcm4sbxp        C:\Windows\system32\DRIVERS\bcm4sbxp.sys
13:51:50.0467 0x16fc  bcm4sbxp - ok
13:51:50.0552 0x16fc  [ 6163664C7E9CD110AF70180C126C3FDC, 9A801295CDE2BDE4EE0E96C610E4C01F6915DBDA2104D0E8873AFF1BC34A0FA1 ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
13:51:50.0574 0x16fc  BcmSqlStartupSvc - ok
13:51:50.0592 0x16fc  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:51:50.0652 0x16fc  Beep - ok
13:51:50.0730 0x16fc  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
13:51:50.0853 0x16fc  BFE - ok
13:51:50.0957 0x16fc  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
13:51:51.0134 0x16fc  BITS - ok
13:51:51.0163 0x16fc  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
13:51:51.0223 0x16fc  blbdrive - ok
13:51:51.0265 0x16fc  [ 05C2204229CADC0A74553ED71A6E3E6F, 54EC8FD0B266A4166F2490B494639E16E9F13D1318A3E1F4C1016CBC0A4E71C8 ] BlueletAudio    C:\Windows\system32\DRIVERS\blueletaudio.sys
13:51:51.0283 0x16fc  BlueletAudio - ok
13:51:51.0302 0x16fc  [ 61CC3E8FE7A041630EC8C701A2594A36, F6B401F1D6F1DD22312840D926B1BF29ABE07F41ECF31A36C2B4EB7BB3314AE7 ] BlueletSCOAudio C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys
13:51:51.0320 0x16fc  BlueletSCOAudio - ok
13:51:51.0528 0x16fc  [ 941E435E5A903CC60E50E72037FA39D0, 4DBA2351EF3F001D1A56BC107540671500E8B13E7FB5FB7AD2BCBC3FE79E0275 ] BlueSoleilCS    D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
13:51:51.0802 0x16fc  BlueSoleilCS - detected UnsignedFile.Multi.Generic ( 1 )
13:51:51.0802 0x16fc  BlueSoleilCS ( UnsignedFile.Multi.Generic ) - warning
13:51:54.0378 0x16fc  [ 02303A73CEC912BC2A8AAB12D042C0E5, A4AA02313AD21E7A6D715FFD654B672A84DBB1BE796728E73685A99D85F49166 ] BootDefragDriver C:\Windows\system32\drivers\BootDefragDriver.sys
13:51:54.0409 0x16fc  BootDefragDriver - ok
13:51:54.0451 0x16fc  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:51:54.0479 0x16fc  bowser - ok
13:51:54.0512 0x16fc  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
13:51:54.0549 0x16fc  BrFiltLo - ok
13:51:54.0571 0x16fc  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
13:51:54.0612 0x16fc  BrFiltUp - ok
13:51:54.0646 0x16fc  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
13:51:54.0692 0x16fc  Browser - ok
13:51:54.0720 0x16fc  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
13:51:54.0778 0x16fc  Brserid - ok
13:51:54.0790 0x16fc  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
13:51:54.0848 0x16fc  BrSerWdm - ok
13:51:54.0861 0x16fc  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
13:51:54.0916 0x16fc  BrUsbMdm - ok
13:51:54.0927 0x16fc  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
13:51:54.0973 0x16fc  BrUsbSer - ok
13:51:55.0028 0x16fc  [ 6986302B57BFFC135414488FA67464F1, 55360B83A8CF86EA1FF5F49E284739832BCE6384395812F4980328A90D8485EA ] BsHelpCS        D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
13:51:55.0058 0x16fc  BsHelpCS - detected UnsignedFile.Multi.Generic ( 1 )
13:51:55.0058 0x16fc  BsHelpCS ( UnsignedFile.Multi.Generic ) - warning
13:51:55.0058 0x16fc  Force sending object to P2P due to detect: D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
13:51:57.0530 0x16fc  Object send P2P result: true
13:51:59.0979 0x16fc  [ 33A331BD56AEAEF290E175E926D52C57, FE0EBE84B904CF7298EF7EAAC2739FA6ADD95E29BB3046707F54D889825BE5C6 ] BT              C:\Windows\system32\DRIVERS\btnetdrv.sys
13:52:00.0005 0x16fc  BT - ok
13:52:00.0047 0x16fc  [ CD4113699CE34FE4B63C99AAA13F10C1, A651C62600355C43FC9EE2DDF1689A58C7CBF40450C3B6BF50E7F8C7C9F36384 ] Btcsrusb        C:\Windows\system32\Drivers\btcusb.sys
13:52:00.0074 0x16fc  Btcsrusb - ok
13:52:00.0111 0x16fc  [ 6D39C954799B63BA866910234CF7D726, 1D807C3410C01C76E5810D626F23C1CCED3C9C5A65F39267B770C494C8D64114 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
13:52:00.0178 0x16fc  BthEnum - ok
13:52:00.0219 0x16fc  [ AC2E61482A57EA50730F8C2679F37040, 2532645A38F132264665C57220D67E1CE345D976CA249B43A8DA8D52093BFCBC ] BtHidBus        C:\Windows\system32\Drivers\BtHidBus.sys
13:52:00.0245 0x16fc  BtHidBus - ok
13:52:00.0255 0x16fc  BTHidEnum - ok
13:52:00.0279 0x16fc  BTHidMgr - ok
13:52:00.0325 0x16fc  [ 9A966A8E86D1771911AE34A20D11BFF3, FBD5F621A47A3530B325816E71F0C4BCE5CCE731C57DEBD42ACFC8BCAA258656 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:52:00.0402 0x16fc  BTHMODEM - ok
13:52:00.0452 0x16fc  [ 5904EFA25F829BF84EA6FB045134A1D8, 66E4160CC404744576BA6E9DD606B533F42B3D4A3E2FDD457DAA016CC72A81CC ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
13:52:00.0550 0x16fc  BthPan - ok
13:52:00.0615 0x16fc  [ 611FF3F2F095C8D4A6D4CFD9DCC09793, 2F27A1287ABCDB9C316EB720D1855100666240959CF969D5B2679C9ABCBD6050 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
13:52:00.0719 0x16fc  BTHPORT - ok
13:52:00.0760 0x16fc  [ A4C8377FA4A994E07075107DBE2E3DCE, C3CDAA7B83D130100044341C23897CC6C257FA075A8D08B8551F4A28AE8CE6C4 ] BthServ         C:\Windows\System32\bthserv.dll
13:52:00.0810 0x16fc  BthServ - ok
13:52:00.0830 0x16fc  [ D330803EAB2A15CAEC7F011F1D4CB30E, 240FFF317C90AD8966DA9666F2748F98CEC3CB99C486F399D1C68FE0E393EE68 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
13:52:00.0884 0x16fc  BTHUSB - ok
13:52:00.0959 0x16fc  [ 6783C5C81BFB640469468A80DFA1CCB3, DDCD1C2774D9C6EE94C94450C796CEAFDF497D10CE1325D76784FA6636706400 ] btnetBUs        C:\Windows\system32\Drivers\btnetBus.sys
13:52:00.0985 0x16fc  btnetBUs - ok
13:52:01.0008 0x16fc  btwaudio - ok
13:52:01.0022 0x16fc  btwavdt - ok
13:52:01.0037 0x16fc  btwrchid - ok
13:52:01.0105 0x16fc  catchme - ok
13:52:01.0137 0x16fc  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:52:01.0228 0x16fc  cdfs - ok
13:52:01.0290 0x16fc  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:52:01.0365 0x16fc  cdrom - ok
13:52:01.0423 0x16fc  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
13:52:01.0496 0x16fc  CertPropSvc - ok
13:52:01.0525 0x16fc  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
13:52:01.0552 0x16fc  circlass - ok
13:52:01.0604 0x16fc  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
13:52:01.0626 0x16fc  CLFS - ok
13:52:01.0664 0x16fc  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:52:01.0678 0x16fc  clr_optimization_v2.0.50727_32 - ok
13:52:01.0734 0x16fc  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:52:01.0750 0x16fc  clr_optimization_v4.0.30319_32 - ok
13:52:01.0781 0x16fc  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:52:01.0808 0x16fc  CmBatt - ok
13:52:01.0823 0x16fc  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:52:01.0837 0x16fc  cmdide - ok
13:52:01.0843 0x16fc  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:52:01.0857 0x16fc  Compbatt - ok
13:52:01.0863 0x16fc  COMSysApp - ok
13:52:01.0877 0x16fc  cpuz134 - ok
13:52:01.0900 0x16fc  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:52:01.0914 0x16fc  crcdisk - ok
13:52:01.0933 0x16fc  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
13:52:01.0980 0x16fc  Crusoe - ok
13:52:01.0983 0x16fc  Crypkey License - ok
13:52:02.0039 0x16fc  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:52:02.0096 0x16fc  CryptSvc - ok
13:52:02.0170 0x16fc  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:52:02.0236 0x16fc  DcomLaunch - ok
13:52:02.0270 0x16fc  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:52:02.0305 0x16fc  DfsC - ok
13:52:02.0450 0x16fc  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
13:52:02.0635 0x16fc  DFSR - ok
13:52:02.0681 0x16fc  [ 6CC6C4B9D7B906A151AA094CA087B9F0, 5D06DC2FCAF86C256792D541D5581AF5AFEDA247814E07C6017BEE92284CAA56 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
13:52:02.0699 0x16fc  dg_ssudbus - ok
13:52:02.0761 0x16fc  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
13:52:02.0812 0x16fc  Dhcp - ok
13:52:02.0846 0x16fc  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
13:52:02.0866 0x16fc  disk - ok
13:52:02.0896 0x16fc  DlProtectSvc - ok
13:52:02.0949 0x16fc  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:52:03.0016 0x16fc  Dnscache - ok
13:52:03.0063 0x16fc  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
13:52:03.0142 0x16fc  dot3svc - ok
13:52:03.0189 0x16fc  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
13:52:03.0264 0x16fc  DPS - ok
13:52:03.0298 0x16fc  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:52:03.0336 0x16fc  drmkaud - ok
13:52:03.0406 0x16fc  [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:52:03.0480 0x16fc  DXGKrnl - ok
13:52:03.0514 0x16fc  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
13:52:03.0577 0x16fc  E1G60 - ok
13:52:03.0604 0x16fc  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
13:52:03.0656 0x16fc  EapHost - ok
13:52:03.0718 0x16fc  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
13:52:03.0749 0x16fc  Ecache - ok
13:52:03.0812 0x16fc  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:52:03.0899 0x16fc  ehRecvr - ok
13:52:03.0914 0x16fc  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
13:52:03.0979 0x16fc  ehSched - ok
13:52:03.0987 0x16fc  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
13:52:04.0010 0x16fc  ehstart - ok
13:52:04.0057 0x16fc  [ 28CB0B64134AD62C2ACF77DB8501A619, ADA4E42BF5EF58EF1AAD94435441003B1CC1FCAA5D38BFDBE1A3D736DC451D47 ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
13:52:04.0077 0x16fc  ElbyCDIO - ok
13:52:04.0131 0x16fc  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:52:04.0179 0x16fc  elxstor - ok
13:52:04.0255 0x16fc  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
13:52:04.0344 0x16fc  EMDMgmt - ok
13:52:04.0397 0x16fc  [ CB2BAED3F16959706FE157ADC1741987, 290C8B1EA2ECADBF9D47F491F088E5ADF33D95A91F17281F2D4F85C66A9F4540 ] EPSON_PM_RPCV2_02 C:\Windows\system32\E_S00RP2.EXE
13:52:04.0474 0x16fc  EPSON_PM_RPCV2_02 - detected UnsignedFile.Multi.Generic ( 1 )
13:52:04.0474 0x16fc  EPSON_PM_RPCV2_02 ( UnsignedFile.Multi.Generic ) - warning
13:52:04.0474 0x16fc  Force sending object to P2P due to detect: C:\Windows\system32\E_S00RP2.EXE
13:52:06.0942 0x16fc  Object send P2P result: true
13:52:09.0520 0x16fc  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:52:09.0603 0x16fc  ErrDev - ok
13:52:09.0679 0x16fc  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
13:52:09.0768 0x16fc  EventSystem - ok
13:52:09.0893 0x16fc  [ 87BFD4EF2F43399DA37B48B42A84A749, DCD62246CBD60708C0F97F403F557410FBD09E726A1FA2F87351EB38F5A32CC8 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:52:10.0213 0x16fc  EvtEng - detected UnsignedFile.Multi.Generic ( 1 )
13:52:10.0213 0x16fc  EvtEng ( UnsignedFile.Multi.Generic ) - warning
13:52:12.0781 0x16fc  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:52:12.0835 0x16fc  exfat - ok
13:52:12.0893 0x16fc  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:52:12.0958 0x16fc  fastfat - ok
13:52:12.0994 0x16fc  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:52:13.0059 0x16fc  fdc - ok
13:52:13.0094 0x16fc  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
13:52:13.0161 0x16fc  fdPHost - ok
13:52:13.0174 0x16fc  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:52:13.0242 0x16fc  FDResPub - ok
13:52:13.0275 0x16fc  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:52:13.0290 0x16fc  FileInfo - ok
13:52:13.0303 0x16fc  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:52:13.0355 0x16fc  Filetrace - ok
13:52:13.0395 0x16fc  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:52:13.0423 0x16fc  flpydisk - ok
13:52:13.0474 0x16fc  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:52:13.0494 0x16fc  FltMgr - ok
13:52:13.0593 0x16fc  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
13:52:13.0703 0x16fc  FontCache - ok
13:52:13.0779 0x16fc  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:52:13.0795 0x16fc  FontCache3.0.0.0 - ok
13:52:13.0824 0x16fc  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:52:13.0888 0x16fc  Fs_Rec - ok
13:52:13.0924 0x16fc  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:52:13.0949 0x16fc  gagp30kx - ok
13:52:13.0997 0x16fc  [ D556CB79967E92B5CC69686D16C1D846, F4FF679066269392F6B7C3BA6257FC60DD609E4F9C491B00E1A16E4C405B0B9B ] gdrv            C:\Windows\gdrv.sys
13:52:14.0069 0x16fc  gdrv - ok
13:52:14.0103 0x16fc  [ AB8A6A87D9D7255C3884D5B9541A6E80, D073B5D8A06EFA6415E8F22DFE486DE913113AE23F59CFC5EEF1B3E694CE86F3 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:52:14.0120 0x16fc  GEARAspiWDM - ok
13:52:14.0185 0x16fc  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
13:52:14.0261 0x16fc  gpsvc - ok
13:52:14.0387 0x16fc  [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdate1c986be46fae48f C:\Program Files\Google\Update\GoogleUpdate.exe
13:52:14.0410 0x16fc  gupdate1c986be46fae48f - ok
13:52:14.0431 0x16fc  [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
13:52:14.0452 0x16fc  gupdatem - ok
13:52:14.0482 0x16fc  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:52:14.0575 0x16fc  HdAudAddService - ok
13:52:14.0631 0x16fc  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:52:14.0706 0x16fc  HDAudBus - ok
13:52:14.0731 0x16fc  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:52:14.0777 0x16fc  HidBth - ok
13:52:14.0787 0x16fc  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:52:14.0832 0x16fc  HidIr - ok
13:52:14.0867 0x16fc  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\System32\hidserv.dll
13:52:14.0883 0x16fc  hidserv - ok
13:52:14.0927 0x16fc  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:52:14.0980 0x16fc  HidUsb - ok
13:52:15.0010 0x16fc  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:52:15.0040 0x16fc  hkmsvc - ok
13:52:15.0055 0x16fc  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
13:52:15.0071 0x16fc  HpCISSs - ok
13:52:15.0119 0x16fc  [ CBD09ED9CF6822177EE85AEA4D8816A2, 369897B4609B3FE55F9A82F19E38116E2E6527E349D48A956607EDED71F664D2 ] HTCAND32        C:\Windows\system32\Drivers\ANDROIDUSB.sys
13:52:15.0150 0x16fc  HTCAND32 - ok
13:52:15.0193 0x16fc  [ 52395A94C127C0266D1C0F3CCE8A4345, A5477CD488291C0F31DBF104E67E5FB41D45ADC85ABFD03059FF27BCCF07CFD8 ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
13:52:15.0245 0x16fc  htcnprot - ok
13:52:15.0295 0x16fc  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:52:15.0408 0x16fc  HTTP - ok
13:52:15.0459 0x16fc  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
13:52:15.0473 0x16fc  i2omp - ok
13:52:15.0502 0x16fc  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:52:15.0551 0x16fc  i8042prt - ok
13:52:15.0634 0x16fc  [ 496DB78E6A0C4C44023D9A92B4A7AC31, 2B44213C39F05090D2057E3A21C1718DFC4478E976D44255B6FA5C3B8CF20FFF ] ialm            C:\Windows\system32\DRIVERS\igdkmd32.sys
13:52:15.0793 0x16fc  ialm - ok
13:52:15.0826 0x16fc  [ 3E349157986C533E3CBEB8C1E17290BB, 1DEB9C8829D95FCB9DFA26169E64C2F26E09BDDB98416368A031F7D6C5630F5B ] iaNvStor        C:\Windows\system32\DRIVERS\iaNvStor.sys
13:52:15.0849 0x16fc  iaNvStor - ok
13:52:15.0874 0x16fc  [ ABFEBC5F846C71AFEBD7F8F6BA740C03, 3BD7EA27EC21A7A9BE544A11E5A284DF00FFB3E2554DDBE113802153D62DFDEF ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
13:52:15.0896 0x16fc  iaStor - ok
13:52:15.0925 0x16fc  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
13:52:15.0952 0x16fc  iaStorV - ok
13:52:16.0022 0x16fc  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:52:16.0056 0x16fc  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
13:52:16.0056 0x16fc  IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:52:18.0594 0x16fc  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:52:18.0713 0x16fc  idsvc - ok
13:52:18.0738 0x16fc  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:52:18.0771 0x16fc  iirsp - ok
13:52:18.0825 0x16fc  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
13:52:18.0867 0x16fc  IKEEXT - ok
13:52:18.0987 0x16fc  [ FFD2B3BC042596ABE785D3C15F51AB46, C2CA6E15FE95ADE211325CA907FBC213DB3B5E871DBD22CC485837FAB4E9BCEC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
13:52:19.0203 0x16fc  IntcAzAudAddService - ok
13:52:19.0262 0x16fc  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
13:52:19.0279 0x16fc  intelide - ok
13:52:19.0340 0x16fc  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:52:19.0394 0x16fc  intelppm - ok
13:52:19.0423 0x16fc  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:52:19.0461 0x16fc  IPBusEnum - ok
13:52:19.0490 0x16fc  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:52:19.0525 0x16fc  IpFilterDriver - ok
13:52:19.0567 0x16fc  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:52:19.0602 0x16fc  iphlpsvc - ok
13:52:19.0607 0x16fc  IpInIp - ok
13:52:19.0626 0x16fc  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
13:52:19.0661 0x16fc  IPMIDRV - ok
13:52:19.0685 0x16fc  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
13:52:19.0722 0x16fc  IPNAT - ok
13:52:19.0742 0x16fc  [ E50A95179211B12946F7E035D60AF560, 69765E2548BA708FF35545EC944DBA1940AD4065AF90E53B97A7792AC231DCF7 ] irda            C:\Windows\system32\DRIVERS\irda.sys
13:52:19.0801 0x16fc  irda - ok
13:52:19.0806 0x16fc  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:52:19.0845 0x16fc  IRENUM - ok
13:52:19.0896 0x16fc  [ CBB0D940221A281BCFEAEA695BD1CDA5, D05D192019524A02FE3FAE6827B98A942FA1AD651BF7AA53530A8A6F4ADFB7EB ] Irmon           C:\Windows\System32\irmon.dll
13:52:19.0978 0x16fc  Irmon - ok
13:52:20.0009 0x16fc  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:52:20.0027 0x16fc  isapnp - ok
13:52:20.0081 0x16fc  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
13:52:20.0106 0x16fc  iScsiPrt - ok
13:52:20.0124 0x16fc  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
13:52:20.0141 0x16fc  iteatapi - ok
13:52:20.0165 0x16fc  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
13:52:20.0182 0x16fc  iteraid - ok
13:52:20.0220 0x16fc  [ 01CBB39001AFDA1152F3FCE15AB646EA, 53CE1F996217A226B691C51EF69A19BAAB876FA26F100E0FD992D449D2FDAE29 ] IvtBtBUs        C:\Windows\system32\Drivers\IvtBtBus.sys
13:52:20.0233 0x16fc  IvtBtBUs - ok
13:52:20.0247 0x16fc  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:52:20.0265 0x16fc  kbdclass - ok
13:52:20.0299 0x16fc  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:52:20.0348 0x16fc  kbdhid - ok
13:52:20.0388 0x16fc  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
13:52:20.0439 0x16fc  KeyIso - ok
13:52:20.0488 0x16fc  [ EBC507F129DF8F0E0CA270DCFC0CF87F, 232E2C4118A3177019E111E23D02F669338AE251308DE9BEDE3869C1208D7F0B ] KMDFMEMIO       C:\Windows\system32\DRIVERS\kmdfmemio.sys
13:52:20.0541 0x16fc  KMDFMEMIO - ok
13:52:20.0589 0x16fc  [ FA3F6F70C75D690B4C3A3F55EB8EE94E, 94B5AC586CBA277D90BBA2318072CA41B0BB99E9407E3EC33D580C4524757D98 ] KOBCCEX         C:\Windows\system32\drivers\KOBCCEX.sys
13:52:20.0618 0x16fc  KOBCCEX - ok
13:52:20.0651 0x16fc  [ 9C820F75FE28B5680FCAB5946CDA4F29, 9D16A59C051F57BB371E762C3F229B9FABF61D3ECEFC76BC7F84B01E235597BF ] KOBCCID         C:\Windows\system32\drivers\KOBCCID.sys
13:52:20.0700 0x16fc  KOBCCID - ok
13:52:20.0773 0x16fc  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:52:20.0846 0x16fc  KSecDD - ok
13:52:20.0903 0x16fc  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:52:21.0042 0x16fc  KtmRm - ok
13:52:21.0087 0x16fc  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\System32\srvsvc.dll
13:52:21.0148 0x16fc  LanmanServer - ok
13:52:21.0189 0x16fc  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:52:21.0285 0x16fc  LanmanWorkstation - ok
13:52:21.0322 0x16fc  [ 4127E8B6DDB4090E815C1F8852C277D3, A5BC1F65FA6D8952CDDA08320ADDF0E4394E10AE4780017C8C86AC5E68DF83F8 ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
13:52:21.0349 0x16fc  lirsgt - ok
13:52:21.0372 0x16fc  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:52:21.0400 0x16fc  lltdio - ok
13:52:21.0422 0x16fc  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:52:21.0478 0x16fc  lltdsvc - ok
13:52:21.0501 0x16fc  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:52:21.0575 0x16fc  lmhosts - ok
13:52:21.0605 0x16fc  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:52:21.0622 0x16fc  LSI_FC - ok
13:52:21.0633 0x16fc  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:52:21.0649 0x16fc  LSI_SAS - ok
13:52:21.0669 0x16fc  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:52:21.0685 0x16fc  LSI_SCSI - ok
13:52:21.0706 0x16fc  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
13:52:21.0752 0x16fc  luafv - ok
13:52:21.0782 0x16fc  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:52:21.0821 0x16fc  Mcx2Svc - ok
13:52:21.0941 0x16fc  [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM             C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
13:52:21.0969 0x16fc  MDM - ok
13:52:22.0015 0x16fc  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
13:52:22.0031 0x16fc  megasas - ok
13:52:22.0069 0x16fc  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
13:52:22.0128 0x16fc  MegaSR - ok
13:52:22.0182 0x16fc  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
13:52:22.0232 0x16fc  MMCSS - ok
13:52:22.0258 0x16fc  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
13:52:22.0307 0x16fc  Modem - ok
13:52:22.0345 0x16fc  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:52:22.0395 0x16fc  monitor - ok
13:52:22.0430 0x16fc  [ 9DA04F53C26E75190E394D7C3B4A7456, 4D4A413A2792F85C0CBE9D958EF9F822AB14703E9C1C41827B536EA06245BDCC ] MosIrUsb        C:\Windows\system32\DRIVERS\MosIrUsb.sys
13:52:22.0468 0x16fc  MosIrUsb - ok
13:52:22.0489 0x16fc  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:52:22.0504 0x16fc  mouclass - ok
13:52:22.0524 0x16fc  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:52:22.0566 0x16fc  mouhid - ok
13:52:22.0573 0x16fc  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
13:52:22.0590 0x16fc  MountMgr - ok
13:52:22.0661 0x16fc  [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:52:22.0679 0x16fc  MozillaMaintenance - ok
13:52:22.0727 0x16fc  [ E77DC03DD3C8E5A388BF9EED2A28F3D1, ED0DAA975D1EC35CE036F02596218E15CC6A054167628D12A0A5AD91B841F422 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
13:52:22.0754 0x16fc  MpFilter - ok
13:52:22.0776 0x16fc  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:52:22.0793 0x16fc  mpio - ok
13:52:23.0065 0x16fc  [ 06D4F934E09C359B0EFBFB3146F1D910, 484F57CD6F8757137F3B3491B8AC8ECF6C6385A666CD1671833DDD9E962AAB4A ] MpKsl5786e87f   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{78EF89E7-B510-4903-A996-2840F5EA2A87}\MpKsl5786e87f.sys
13:52:23.0086 0x16fc  MpKsl5786e87f - ok
13:52:23.0129 0x16fc  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:52:23.0209 0x16fc  mpsdrv - ok
13:52:23.0269 0x16fc  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:52:23.0328 0x16fc  MpsSvc - ok
13:52:23.0369 0x16fc  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
13:52:23.0391 0x16fc  Mraid35x - ok
13:52:23.0529 0x16fc  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:52:23.0581 0x16fc  MRxDAV - ok
13:52:23.0631 0x16fc  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:52:23.0677 0x16fc  mrxsmb - ok
13:52:23.0726 0x16fc  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:52:23.0780 0x16fc  mrxsmb10 - ok
13:52:23.0809 0x16fc  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:52:23.0836 0x16fc  mrxsmb20 - ok
13:52:23.0878 0x16fc  [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:52:23.0901 0x16fc  msahci - ok
13:52:23.0915 0x16fc  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:52:23.0942 0x16fc  msdsm - ok
13:52:23.0960 0x16fc  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
13:52:24.0011 0x16fc  MSDTC - ok
13:52:24.0059 0x16fc  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:52:24.0104 0x16fc  Msfs - ok
13:52:24.0133 0x16fc  mshta32 - ok
13:52:24.0157 0x16fc  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:52:24.0172 0x16fc  msisadrv - ok
13:52:24.0193 0x16fc  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:52:24.0239 0x16fc  MSiSCSI - ok
13:52:24.0244 0x16fc  msiserver - ok
13:52:24.0284 0x16fc  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:52:24.0332 0x16fc  MSKSSRV - ok
13:52:24.0435 0x16fc  [ B0F49DA36F30922F5DDC3B623B778FCE, EE025AEFA4A2095AFEABFB3A49639DA77D78068A3F5EEDA6C15D34853AFD5609 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
13:52:24.0456 0x16fc  MsMpSvc - ok
13:52:24.0476 0x16fc  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:52:24.0510 0x16fc  MSPCLOCK - ok
13:52:24.0523 0x16fc  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:52:24.0556 0x16fc  MSPQM - ok
13:52:24.0600 0x16fc  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:52:24.0624 0x16fc  MsRPC - ok
13:52:24.0646 0x16fc  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
13:52:24.0664 0x16fc  mssmbios - ok
13:52:24.0747 0x16fc  MSSQL$MSSMLBIZ - ok
13:52:24.0790 0x16fc  [ 1D89EB4E2A99CABD4E81225F4F4C4B25, B9C4D956E3F74CB463A1A14287F4B550381FBB3E4B2DF9418E041E02A159E31E ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
13:52:24.0805 0x16fc  MSSQLServerADHelper - ok
13:52:24.0823 0x16fc  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:52:24.0866 0x16fc  MSTEE - ok
13:52:24.0895 0x16fc  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:52:24.0932 0x16fc  Mup - ok
13:52:25.0002 0x16fc  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
13:52:25.0062 0x16fc  napagent - ok
13:52:25.0119 0x16fc  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:52:25.0172 0x16fc  NativeWifiP - ok
13:52:25.0254 0x16fc  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:52:25.0316 0x16fc  NDIS - ok
13:52:25.0345 0x16fc  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:52:25.0403 0x16fc  NdisTapi - ok
13:52:25.0433 0x16fc  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:52:25.0477 0x16fc  Ndisuio - ok
13:52:25.0521 0x16fc  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:52:25.0563 0x16fc  NdisWan - ok
13:52:25.0574 0x16fc  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:52:25.0611 0x16fc  NDProxy - ok
13:52:25.0623 0x16fc  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:52:25.0675 0x16fc  NetBIOS - ok
13:52:25.0723 0x16fc  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
13:52:25.0751 0x16fc  netbt - ok
13:52:25.0769 0x16fc  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
13:52:25.0785 0x16fc  Netlogon - ok
13:52:25.0815 0x16fc  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
13:52:25.0853 0x16fc  Netman - ok
13:52:25.0887 0x16fc  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
13:52:25.0946 0x16fc  netprofm - ok
13:52:26.0030 0x16fc  [ D6C4E4A39A36029AC0813D476FBD0248, A0907D98580D1CD3007365CBBB53E84BEF39001E05912776F68EB0564B54B6EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:52:26.0048 0x16fc  NetTcpPortSharing - ok
13:52:26.0178 0x16fc  [ 35D5458D9A1B26B2005ABFFBF4C1C5E7, EE044FB7A49336FEDA1BDBBD2AD7A4A163C780A6A464B7712688E0BA0B4E6C40 ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
13:52:26.0401 0x16fc  NETw3v32 - ok
13:52:26.0443 0x16fc  [ C1B3E7525BF06904E475257136AAA945, 9E44E1DDACCFC8F6E9066C7C9D294A0C1C64E73852C85BD445AE18C14526DD67 ] NetworkX        C:\Windows\system32\ckldrv.sys
13:52:26.0556 0x16fc  NetworkX - detected UnsignedFile.Multi.Generic ( 1 )
13:52:26.0556 0x16fc  NetworkX ( UnsignedFile.Multi.Generic ) - warning
13:52:46.0611 0x16fc  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:52:46.0646 0x16fc  nfrd960 - ok
13:52:46.0708 0x16fc  [ 32FF06EC6D946EF791D98D6C838A3090, 319BDD491CB22D0CCCCE76A2854CF469D7AF046289F9C56CD03AE3D3CBC0275E ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:52:46.0757 0x16fc  NisDrv - ok
13:52:46.0815 0x16fc  [ 42D33042371BFB1A7D40834590CAFD30, 53DA3618EC10293B2DF686E291A4EF6ACBBD41D116EC762D54106D201A784E87 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
13:52:46.0880 0x16fc  NisSrv - ok
13:52:46.0933 0x16fc  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:52:47.0024 0x16fc  NlaSvc - ok
13:52:47.0070 0x16fc  [ CFE3462A9E94A57DCD9676F6B7FE7F67, 87166E0B2E2D3620956FE584733AB2D94EEA664BA3F3D213BDC79FDC830F4AB6 ] nmwcd           C:\Windows\system32\drivers\ccdcmb.sys
13:52:47.0178 0x16fc  nmwcd - ok
13:52:47.0220 0x16fc  [ 8F2A94F991F8C73CEC26B4B5620D1EDC, 5BE2B08C965C85F2B9FDB921589E469908293EF204D435CBEF099FE1A593D929 ] nmwcdc          C:\Windows\system32\drivers\ccdcmbo.sys
13:52:47.0291 0x16fc  nmwcdc - ok
13:52:47.0352 0x16fc  [ 99145C5D4B6C4D6F5CE83EE6ABFFE294, 2234B2402EAC038760A788F9C3728CDDD9B72CA375DE19710D4279615CB44243 ] nmwcdnsu        C:\Windows\system32\drivers\nmwcdnsu.sys
13:52:47.0432 0x16fc  nmwcdnsu - ok
13:52:47.0486 0x16fc  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:52:47.0559 0x16fc  Npfs - ok
13:52:47.0589 0x16fc  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
13:52:47.0659 0x16fc  nsi - ok
13:52:47.0680 0x16fc  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:52:47.0768 0x16fc  nsiproxy - ok
13:52:47.0894 0x16fc  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:52:48.0017 0x16fc  Ntfs - ok
13:52:48.0050 0x16fc  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
13:52:48.0095 0x16fc  ntrigdigi - ok
13:52:48.0113 0x16fc  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
13:52:48.0161 0x16fc  Null - ok
13:52:48.0207 0x16fc  [ 77F9F9A199B87FE3F852E12F5419240B, BE9C05F2AC12BB41EC71A596039F2116E5A0F454D32E5A618112296721001473 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
13:52:48.0224 0x16fc  NVHDA - ok
13:52:48.0648 0x16fc  [ 2FA5434344AF84D73F66BA402FF78690, D244C9BA5C9A582C17AA5DE3BE78A2C177AC2CEE5EE6C0E62A52AED7C51B0FB1 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:52:49.0295 0x16fc  nvlddmkm - ok
13:52:49.0321 0x16fc  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:52:49.0342 0x16fc  nvraid - ok
13:52:49.0355 0x16fc  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:52:49.0374 0x16fc  nvstor - ok
13:52:49.0441 0x16fc  [ B785320CBCF5021DE9945C803696C511, 01D374F6F0EEA385A25DA375EDDD83F5F6F3FEC6D5C3F844AE2DDE75C451A623 ] nvsvc           C:\Windows\system32\nvvsvc.exe
13:52:49.0513 0x16fc  nvsvc - ok
13:52:49.0656 0x16fc  [ D2B064796C369F82E96397F721C4A29D, 49A9E7DBCFFE5C8D0B22088193277366BAEA7D6CF51894BD4030F7C96275237B ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:52:49.0776 0x16fc  nvUpdatusService - ok
13:52:49.0799 0x16fc  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:52:49.0826 0x16fc  nv_agp - ok
13:52:49.0832 0x16fc  NwlnkFlt - ok
13:52:49.0839 0x16fc  NwlnkFwd - ok
13:52:49.0868 0x16fc  [ 790E27C3DB53410B40FF9EF2FD10A1D9, FD06F2702B8F7E04ECF1B6E88602F14301E7AE7FC44AD114282E580FAD530A9C ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
13:52:49.0934 0x16fc  ohci1394 - ok
13:52:49.0978 0x16fc  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:52:50.0003 0x16fc  ose - ok
13:52:50.0079 0x16fc  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
13:52:50.0201 0x16fc  p2pimsvc - ok
13:52:50.0233 0x16fc  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
13:52:50.0307 0x16fc  p2psvc - ok
13:52:50.0343 0x16fc  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
13:52:50.0416 0x16fc  Parport - ok
13:52:50.0456 0x16fc  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:52:50.0471 0x16fc  partmgr - ok
13:52:50.0487 0x16fc  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
13:52:50.0557 0x16fc  Parvdm - ok
13:52:50.0638 0x16fc  [ 3CAE2BBC86FCF7F94C9696994AF30386, 4DA063A60523567272CFB35DF5D7CA142B100EF9123B1F23A6F11AB89DB83486 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
13:52:53.0792 0x16fc  PassThru Service - detected UnsignedFile.Multi.Generic ( 1 )
13:52:53.0792 0x16fc  PassThru Service ( UnsignedFile.Multi.Generic ) - warning
13:53:13.0844 0x16fc  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:53:13.0907 0x16fc  PcaSvc - ok
13:53:13.0953 0x16fc  [ FD2041E9BA03DB7764B2248F02475079, DECEED110524BF83B4097188BF24BF0DDE1CE838DF7748B0DC807ABE351EB20A ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfd.sys
13:53:13.0998 0x16fc  pccsmcfd - ok
13:53:14.0046 0x16fc  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
13:53:14.0102 0x16fc  pci - ok
13:53:14.0145 0x16fc  [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:53:14.0181 0x16fc  pciide - ok
13:53:14.0211 0x16fc  [ B7C5A8769541900F6DFA6FE0C5E4D513, 1885FE8AE9D6929E8B43D674B43B7B3FEAA25AF6E45973A0B49CBA7B9CBA34C4 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:53:14.0242 0x16fc  pcmcia - ok
13:53:14.0298 0x16fc  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:53:14.0407 0x16fc  PEAUTH - ok
13:53:14.0495 0x16fc  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
13:53:14.0634 0x16fc  pla - ok
13:53:14.0676 0x16fc  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:53:14.0721 0x16fc  PlugPlay - ok
13:53:14.0762 0x16fc  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
13:53:14.0802 0x16fc  PNRPAutoReg - ok
13:53:14.0851 0x16fc  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
13:53:14.0910 0x16fc  PNRPsvc - ok
13:53:14.0976 0x16fc  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:53:15.0024 0x16fc  PolicyAgent - ok
13:53:15.0089 0x16fc  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:53:15.0142 0x16fc  PptpMiniport - ok
13:53:15.0171 0x16fc  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
13:53:15.0215 0x16fc  Processor - ok
13:53:15.0248 0x16fc  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
13:53:15.0277 0x16fc  ProfSvc - ok
13:53:15.0297 0x16fc  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
13:53:15.0312 0x16fc  ProtectedStorage - ok
13:53:15.0342 0x16fc  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
13:53:15.0380 0x16fc  PSched - ok
13:53:15.0481 0x16fc  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:53:15.0600 0x16fc  ql2300 - ok
13:53:15.0621 0x16fc  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:53:15.0641 0x16fc  ql40xx - ok
13:53:15.0696 0x16fc  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
13:53:15.0763 0x16fc  QWAVE - ok
13:53:15.0825 0x16fc  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:53:15.0876 0x16fc  QWAVEdrv - ok
13:53:15.0946 0x16fc  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:53:15.0998 0x16fc  RasAcd - ok
13:53:16.0025 0x16fc  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
13:53:16.0075 0x16fc  RasAuto - ok
13:53:16.0107 0x16fc  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:53:16.0137 0x16fc  Rasl2tp - ok
13:53:16.0201 0x16fc  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
13:53:16.0263 0x16fc  RasMan - ok
13:53:16.0315 0x16fc  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:53:16.0343 0x16fc  RasPppoe - ok
13:53:16.0374 0x16fc  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:53:16.0395 0x16fc  RasSstp - ok
13:53:16.0434 0x16fc  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:53:16.0470 0x16fc  rdbss - ok
13:53:16.0496 0x16fc  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:53:16.0548 0x16fc  RDPCDD - ok
13:53:16.0588 0x16fc  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
13:53:16.0631 0x16fc  rdpdr - ok
13:53:16.0637 0x16fc  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:53:16.0691 0x16fc  RDPENCDD - ok
13:53:16.0729 0x16fc  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:53:16.0787 0x16fc  RDPWD - ok
13:53:16.0856 0x16fc  [ 3C109EFD0CEF1B540ED3C7F573594BFD, 3AAC865732972E19CD2583209D047D176259A7CB0E8ACEB1E6D91DB82A58DCA7 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:53:17.0080 0x16fc  RegSrvc - detected UnsignedFile.Multi.Generic ( 1 )
13:53:17.0080 0x16fc  RegSrvc ( UnsignedFile.Multi.Generic ) - warning
13:53:17.0080 0x16fc  Force sending object to P2P due to detect: C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:53:37.0101 0x16fc  Object send P2P result: false
13:53:57.0172 0x16fc  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:53:57.0247 0x16fc  RemoteAccess - ok
13:53:57.0285 0x16fc  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:53:57.0351 0x16fc  RemoteRegistry - ok
13:53:57.0399 0x16fc  [ 6482707F9F4DA0ECBAB43B2E0398A101, 7D57FC36577121D7E26A4F2D46DCA8725D55EC9F75B91DF994DB742BC4FB89C2 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
13:53:57.0481 0x16fc  RFCOMM - ok
13:53:57.0557 0x16fc  [ 4D05898896EC49CF663DDA61041AB096, 1218A0AD84946F2555773D529F3D55D7B675780EC1E79A634ED0FECF8D5C9C6D ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
13:53:57.0577 0x16fc  RichVideo - ok
13:53:57.0620 0x16fc  [ 75E8A6BFA7374ABA833AE92BF41AE4E6, 5A4CF4CDEFFCC4892D01FF4A5918D91193AA44AA29469B52E83824E6BCC877A5 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
13:53:57.0646 0x16fc  ROOTMODEM - ok
13:53:57.0675 0x16fc  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
13:53:57.0703 0x16fc  RpcLocator - ok
13:53:57.0734 0x16fc  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
13:53:57.0775 0x16fc  RpcSs - ok
13:53:57.0823 0x16fc  [ 43110C2A2C5ED32EAD96C440718E4452, BAF6E770620AA5B7C80273BB062D6F8FBCD8761FC681C425CC888DD11315AFEC ] RRNetCap        C:\Windows\system32\DRIVERS\rrnetcap.sys
13:53:57.0858 0x16fc  RRNetCap - ok
13:53:57.0876 0x16fc  [ 43110C2A2C5ED32EAD96C440718E4452, BAF6E770620AA5B7C80273BB062D6F8FBCD8761FC681C425CC888DD11315AFEC ] RRNetCapMP      C:\Windows\system32\DRIVERS\rrnetcap.sys
13:53:57.0888 0x16fc  RRNetCapMP - ok
13:53:57.0914 0x16fc  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:53:57.0943 0x16fc  rspndr - ok
13:53:57.0954 0x16fc  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
13:53:57.0970 0x16fc  SamSs - ok
13:53:57.0990 0x16fc  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:53:58.0006 0x16fc  sbp2port - ok
13:53:58.0032 0x16fc  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:53:58.0059 0x16fc  SCardSvr - ok
13:53:58.0114 0x16fc  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
13:53:58.0223 0x16fc  Schedule - ok
13:53:58.0266 0x16fc  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:53:58.0289 0x16fc  SCPolicySvc - ok
13:53:58.0348 0x16fc  [ 59996F2ABEB502DA20F2B5E8CAEBC697, A32C2501C88CEBE8A75BBA4622DAC5B9B6E3BED738595A54EF4B02AC9E0FACF9 ] SCT_SKMScan     C:\Windows\system32\DRIVERS\sct_skmscan.sys
13:53:58.0363 0x16fc  SCT_SKMScan - ok
13:53:58.0394 0x16fc  [ 126EA89BCC413EE45E3004FB0764888F, 367BE2B56113177AE867E00D019C707C6449E0FC4A642101B11036A0534D6901 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
13:53:58.0451 0x16fc  sdbus - ok
13:53:58.0482 0x16fc  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:53:58.0523 0x16fc  SDRSVC - ok
13:53:58.0544 0x16fc  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:53:58.0616 0x16fc  secdrv - ok
13:53:58.0642 0x16fc  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
13:53:58.0678 0x16fc  seclogon - ok
13:53:58.0698 0x16fc  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
13:53:58.0730 0x16fc  SENS - ok
13:53:58.0792 0x16fc  [ A2CC81C30BEF6AC9F27055490EEF6DE3, 58EA0AE83249B78028ACA8A738DEAD8C82AA8774BD4D9F3009AD7E043F1A4747 ] Sentinel        C:\Windows\System32\Drivers\SENTINEL.SYS
13:53:58.0939 0x16fc  Sentinel - ok
13:53:59.0018 0x16fc  [ CE9EC966638EF0B10B864DDEDF62A099, 2DEC5A8C947D87C12B342F15B8A552A0D49B979A2AC32D2C97FC7A3A76C34524 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:53:59.0045 0x16fc  Serenum - ok
13:53:59.0077 0x16fc  [ 6D663022DB3E7058907784AE14B69898, 54263888C64A7F010D3B5E399369B0F3FF3AF0A0DE8ADB502B98277533E4D45F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:53:59.0125 0x16fc  Serial - ok
13:53:59.0154 0x16fc  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:53:59.0188 0x16fc  sermouse - ok
13:53:59.0290 0x16fc  [ 8C1F87F5FDD92229D1754B98F073913F, DF97A2B8C337E80998E93934CC616AD46A8853232AEB6EF456ABC5C174A3C301 ] ServiceLayer    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
13:53:59.0452 0x16fc  ServiceLayer - detected UnsignedFile.Multi.Generic ( 1 )
13:53:59.0452 0x16fc  ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
13:54:19.0512 0x16fc  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
13:54:19.0564 0x16fc  SessionEnv - ok
13:54:19.0581 0x16fc  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:54:19.0616 0x16fc  sffdisk - ok
13:54:19.0624 0x16fc  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:54:19.0651 0x16fc  sffp_mmc - ok
13:54:19.0659 0x16fc  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:54:19.0686 0x16fc  sffp_sd - ok
13:54:19.0694 0x16fc  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:54:19.0760 0x16fc  sfloppy - ok
13:54:19.0810 0x16fc  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:54:19.0860 0x16fc  SharedAccess - ok
13:54:19.0903 0x16fc  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:54:19.0959 0x16fc  ShellHWDetection - ok
13:54:19.0975 0x16fc  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
13:54:19.0992 0x16fc  sisagp - ok
13:54:20.0000 0x16fc  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
13:54:20.0015 0x16fc  SiSRaid2 - ok
13:54:20.0034 0x16fc  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:54:20.0051 0x16fc  SiSRaid4 - ok
13:54:20.0096 0x16fc  [ A2E5FBB02A6AA1521DCC721BDFA688FE, 5A99B379A998E9376D5C2D8CAF2052EB8E8A1E6F5804E4DCD418090BDECAAD26 ] SIVDRIVER       C:\Windows\system32\Drivers\SIVX32.sys
13:54:20.0165 0x16fc  SIVDRIVER - ok
13:54:20.0413 0x16fc  [ 388AE59FE75F1B959DFA0900923C61BB, 0D47F8B4B4FBE5BF041DBE75B0A14D905E9310FFA6F0160746455B38A349EA54 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
13:54:20.0610 0x16fc  Skype C2C Service - ok
13:54:20.0685 0x16fc  [ A4FAB5F7818A69DA6E740943CB8F7CA9, 6FA24FD46AD6642B21EF3BE4212FF22F3645EC7B0056859FCA184177F5C85AA2 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
13:54:20.0701 0x16fc  SkypeUpdate - ok
13:54:20.0880 0x16fc  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
13:54:21.0124 0x16fc  slsvc - ok
13:54:21.0166 0x16fc  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
13:54:21.0192 0x16fc  SLUINotify - ok
13:54:21.0222 0x16fc  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:54:21.0266 0x16fc  Smb - ok
13:54:21.0304 0x16fc  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:54:21.0340 0x16fc  SNMPTRAP - ok
13:54:21.0343 0x16fc  SophosVirusRemovalTool - ok
13:54:21.0381 0x16fc  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:54:21.0399 0x16fc  spldr - ok
13:54:21.0442 0x16fc  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
13:54:21.0470 0x16fc  Spooler - ok
13:54:21.0521 0x16fc  [ 86EBD8B1F23E743AAD21F4D5B4D40985, 8FA4DFDAE15712266B878C364FEFDB63CB30A3DCC25F83CDFE8C8AB3AE864BE6 ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
13:54:21.0543 0x16fc  SQLBrowser - ok
13:54:21.0596 0x16fc  [ D89083C4EB02DACA8F944B0E05E57F9D, F96416B5877C280B4EE088A83956E0202F82DC5EACDEEFF06D5979FFFAA9FA74 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:54:21.0612 0x16fc  SQLWriter - ok
13:54:21.0651 0x16fc  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:54:21.0732 0x16fc  srv - ok
13:54:21.0768 0x16fc  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:54:21.0797 0x16fc  srv2 - ok
13:54:21.0841 0x16fc  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:54:21.0881 0x16fc  srvnet - ok
13:54:21.0924 0x16fc  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:54:21.0990 0x16fc  SSDPSRV - ok
13:54:22.0022 0x16fc  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:54:22.0055 0x16fc  SstpSvc - ok
13:54:22.0119 0x16fc  [ 359FEE084F1173FFFFD7F9CCBD43D47F, 197EE7267D0565E426368868233C35F6FD29A0432D75630F8365336E061318D7 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
13:54:22.0145 0x16fc  ssudmdm - ok
13:54:22.0268 0x16fc  [ 98CC6BDCB5F593394CE2000EC454AEE4, 13973E69DDFB5A0494141C60ABF0E6F7EF555B476AC4171B18A31FF04618D54B ] StarMoney 8.0 OnlineUpdate C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
13:54:22.0431 0x16fc  StarMoney 8.0 OnlineUpdate - ok
13:54:22.0465 0x16fc  [ 453811DDA054E871F8B397A38821C511, F738BFC5ED53A13D44B8EA94EAA05912E17FB1006BD2973D9A95CEC10C197D52 ] StatusAgent4    C:\Windows\system32\SAgent4.exe
13:54:22.0541 0x16fc  StatusAgent4 - ok
13:54:22.0578 0x16fc  [ EF70B3D22B4BFFDA6EA851ECB063EFAA, 1666572F8F988805C3A2E949FA6B060B35B72DBB115B86F4CFC710FB6A86C3E3 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
13:54:22.0621 0x16fc  StillCam - ok
13:54:22.0688 0x16fc  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
13:54:22.0730 0x16fc  stisvc - ok
13:54:22.0765 0x16fc  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
13:54:22.0779 0x16fc  swenum - ok
13:54:22.0820 0x16fc  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
13:54:22.0867 0x16fc  swprv - ok
13:54:22.0885 0x16fc  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
13:54:22.0900 0x16fc  Symc8xx - ok
13:54:22.0921 0x16fc  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
13:54:22.0935 0x16fc  Sym_hi - ok
13:54:22.0955 0x16fc  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
13:54:22.0969 0x16fc  Sym_u3 - ok
13:54:23.0028 0x16fc  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
13:54:23.0090 0x16fc  SysMain - ok
13:54:23.0114 0x16fc  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:54:23.0135 0x16fc  TabletInputService - ok
13:54:23.0183 0x16fc  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:54:23.0241 0x16fc  TapiSrv - ok
13:54:23.0294 0x16fc  [ D7F411C5AF992BB44E86083A6AA7B045, 0ABD5BA0FB92349C903F9ABCDD7116FED4C8BFD954D32C451BCAC7665B69625F ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
13:54:23.0308 0x16fc  tbhsd - ok
13:54:23.0332 0x16fc  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
13:54:23.0373 0x16fc  TBS - ok
13:54:23.0449 0x16fc  [ 6D0D344F643E28B31262AC2682109A3C, 276736661876CE69A30CEED117AFCF26677221F278E234B9C7D03B85869B2C92 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:54:23.0532 0x16fc  Tcpip - ok
13:54:23.0575 0x16fc  [ 6D0D344F643E28B31262AC2682109A3C, 276736661876CE69A30CEED117AFCF26677221F278E234B9C7D03B85869B2C92 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
13:54:23.0642 0x16fc  Tcpip6 - ok
13:54:23.0699 0x16fc  [ 5877A786EF27E42C4E84D1356F922302, 1CDCC7D91086DC0FE80057EE8E1AE609A38DD9D241BC17145E7811C916E662C3 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:54:23.0726 0x16fc  tcpipreg - ok
13:54:23.0753 0x16fc  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:54:23.0780 0x16fc  TDPIPE - ok
13:54:23.0793 0x16fc  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:54:23.0822 0x16fc  TDTCP - ok
13:54:23.0859 0x16fc  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:54:23.0909 0x16fc  tdx - ok
13:54:23.0932 0x16fc  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
13:54:23.0948 0x16fc  TermDD - ok
13:54:23.0974 0x16fc  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
13:54:24.0013 0x16fc  TermService - ok
13:54:24.0038 0x16fc  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
13:54:24.0061 0x16fc  Themes - ok
13:54:24.0073 0x16fc  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
13:54:24.0103 0x16fc  THREADORDER - ok
13:54:24.0127 0x16fc  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
13:54:24.0177 0x16fc  TrkWks - ok
13:54:24.0230 0x16fc  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:54:24.0257 0x16fc  TrustedInstaller - ok
13:54:24.0289 0x16fc  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:54:24.0314 0x16fc  tssecsrv - ok
13:54:24.0340 0x16fc  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
13:54:24.0355 0x16fc  tunmp - ok
13:54:24.0377 0x16fc  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:54:24.0392 0x16fc  tunnel - ok
13:54:24.0413 0x16fc  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:54:24.0429 0x16fc  uagp35 - ok
13:54:24.0461 0x16fc  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:54:24.0516 0x16fc  udfs - ok
13:54:24.0556 0x16fc  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:54:24.0607 0x16fc  UI0Detect - ok
13:54:24.0627 0x16fc  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:54:24.0643 0x16fc  uliagpkx - ok
13:54:24.0666 0x16fc  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
13:54:24.0688 0x16fc  uliahci - ok
13:54:24.0696 0x16fc  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
13:54:24.0713 0x16fc  UlSata - ok
13:54:24.0730 0x16fc  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
13:54:24.0747 0x16fc  ulsata2 - ok
13:54:24.0763 0x16fc  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:54:24.0814 0x16fc  umbus - ok
13:54:24.0860 0x16fc  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
13:54:24.0917 0x16fc  upnphost - ok
13:54:24.0945 0x16fc  [ EC01DA44B090D2651FC032C8B9257232, 2850772CC583788A2BCD907215DB3A8E5FF583ABCAD1627CBB921BDC376E1165 ] upperdev        C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
13:54:25.0000 0x16fc  upperdev - ok
13:54:25.0062 0x16fc  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:54:25.0092 0x16fc  usbccgp - ok
13:54:25.0145 0x16fc  [ 32C068EAF37C92D7194EEE1FAA1E7853, 166D8C0BEF0C5231DC1A0104F9C54E79EFB0FF209188EC66158071BF129A10BE ] USBCCID         C:\Windows\system32\DRIVERS\usbccid.sys
13:54:25.0202 0x16fc  USBCCID - ok
13:54:25.0228 0x16fc  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:54:25.0305 0x16fc  usbcir - ok
13:54:25.0344 0x16fc  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
13:54:25.0359 0x16fc  usbehci - ok
13:54:25.0381 0x16fc  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:54:25.0404 0x16fc  usbhub - ok
13:54:25.0423 0x16fc  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:54:25.0468 0x16fc  usbohci - ok
13:54:25.0483 0x16fc  [ B51E52ACF758BE00EF3A58EA452FE360, 79E629EC5DE8AB7F31B0EE9AE94C71E8F703FED5C09A816228726974F7790C85 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
13:54:25.0531 0x16fc  usbprint - ok
13:54:25.0571 0x16fc  [ 8E6C378A885D6FFDA8F05E8D27B95C0E, 351F20B1CB510F7B6B9321EB6C7A97446EF963A89F19F7E7A9CF41381B4B19FF ] usbser          C:\Windows\system32\drivers\usbser.sys
13:54:25.0603 0x16fc  usbser - ok
13:54:25.0646 0x16fc  [ 4ABD37CFBD710E64F01F9DA8710C73F7, E9AFAD89C2BB78C698C7C34C7CAD1C17A0261A1F75E5BA6EFE5E6B5FB28A21E6 ] UsbserFilt      C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
13:54:25.0681 0x16fc  UsbserFilt - ok
13:54:25.0695 0x16fc  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:54:25.0737 0x16fc  USBSTOR - ok
13:54:25.0760 0x16fc  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
13:54:25.0775 0x16fc  usbuhci - ok
13:54:25.0812 0x16fc  [ E67998E8F14CB0627A769F6530BCB352, 60982F168E9BF13954328C728F55F4D3ADDC572CACB65289B0E895A63DAA08C1 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
13:54:25.0845 0x16fc  usbvideo - ok
13:54:25.0868 0x16fc  [ 35C9095FA7076466AFBFC5B9EC4B779E, 6E4F8241020DC3353A802849AB7930C8E4271BD19CFA66EDF2F60038CC53D836 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
13:54:25.0909 0x16fc  usb_rndisx - ok
13:54:26.0070 0x16fc  [ B840C0D1A043BD4F3D98EE0C8BD8DE72, D6689E912F2331E510884CFE7647E46F371DF9F4F489A1046E47DDD52CD78197 ] uvnc_service    D:\Program Files\UltraVNC\winvnc.exe
13:54:40.0126 0x16fc  uvnc_service - ok
13:54:40.0190 0x16fc  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
13:54:40.0232 0x16fc  UxSms - ok
13:54:40.0273 0x16fc  [ 4EF76D8D7505F20DBF54886C01A7A730, AED3E9ACEEBEC860D256934195CC267F9AA04FDDB8FCA6CD7E079552F4C8570D ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
13:54:40.0290 0x16fc  VBoxNetAdp - ok
13:54:40.0295 0x16fc  VBoxNetFlt - ok
13:54:40.0355 0x16fc  [ 9BF2EA54E5ED5ACDF96F1DEC84C117C4, 75522AD77ACD8D090582D6721CE985EE55389CCA856DF6E42CFBE35A78831063 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
13:54:40.0385 0x16fc  VClone - ok
13:54:40.0417 0x16fc  [ 025C2A8CBA0AB595D3461D278EFF5793, D6C83C85CCB1217717CCCBCEF124365B8E89137D333B29F1171F3B4243B1C801 ] VComm           C:\Windows\system32\DRIVERS\VComm.sys
13:54:40.0430 0x16fc  VComm - ok
13:54:40.0466 0x16fc  [ 95DDF14292354887D7D8C8A0881C7485, 18F068B0E6342D9950E242377EF0BE7872E53FF7B51A5B2716AB4A40370BA20D ] VcommMgr        C:\Windows\system32\Drivers\VcommMgr.sys
13:54:40.0480 0x16fc  VcommMgr - ok
13:54:40.0534 0x16fc  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
13:54:40.0629 0x16fc  vds - ok
13:54:40.0667 0x16fc  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:54:40.0735 0x16fc  vga - ok
13:54:40.0766 0x16fc  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:54:40.0832 0x16fc  VgaSave - ok
13:54:40.0855 0x16fc  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
13:54:40.0880 0x16fc  viaagp - ok
13:54:40.0894 0x16fc  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
13:54:40.0939 0x16fc  ViaC7 - ok
13:54:40.0953 0x16fc  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
13:54:40.0977 0x16fc  viaide - ok
13:54:41.0040 0x16fc  [ 86721C65A2010A9E34E3DC59DA0183CF, D500C5BFF99E1F3287E574095949AD76718D8FB6683803516FDB260A0B805E0E ] VMC302          C:\Windows\system32\Drivers\VMC302.sys
13:54:41.0112 0x16fc  VMC302 - ok
13:54:41.0131 0x16fc  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:54:41.0156 0x16fc  volmgr - ok
13:54:41.0202 0x16fc  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:54:41.0249 0x16fc  volmgrx - ok
13:54:41.0296 0x16fc  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:54:41.0329 0x16fc  volsnap - ok
13:54:41.0348 0x16fc  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:54:41.0377 0x16fc  vsmraid - ok
13:54:41.0460 0x16fc  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
13:54:41.0602 0x16fc  VSS - ok
13:54:41.0648 0x16fc  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
13:54:41.0723 0x16fc  W32Time - ok
13:54:41.0747 0x16fc  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:54:41.0820 0x16fc  WacomPen - ok
13:54:41.0832 0x16fc  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
13:54:41.0891 0x16fc  Wanarp - ok
13:54:41.0898 0x16fc  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:54:41.0935 0x16fc  Wanarpv6 - ok
13:54:41.0969 0x16fc  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:54:42.0051 0x16fc  wcncsvc - ok
13:54:42.0102 0x16fc  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:54:42.0142 0x16fc  WcsPlugInService - ok
13:54:42.0176 0x16fc  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
13:54:42.0200 0x16fc  Wd - ok
13:54:42.0268 0x16fc  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:54:42.0332 0x16fc  Wdf01000 - ok
13:54:42.0355 0x16fc  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:54:42.0405 0x16fc  WdiServiceHost - ok
13:54:42.0412 0x16fc  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:54:42.0463 0x16fc  WdiSystemHost - ok
13:54:42.0520 0x16fc  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
13:54:42.0590 0x16fc  WebClient - ok
13:54:42.0640 0x16fc  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:54:42.0691 0x16fc  Wecsvc - ok
13:54:42.0705 0x16fc  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:54:42.0761 0x16fc  wercplsupport - ok
13:54:42.0797 0x16fc  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:54:42.0865 0x16fc  WerSvc - ok
13:54:42.0926 0x16fc  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
13:54:42.0972 0x16fc  WinDefend - ok
13:54:42.0980 0x16fc  WinHttpAutoProxySvc - ok
13:54:43.0027 0x16fc  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:54:43.0070 0x16fc  Winmgmt - ok
13:54:43.0170 0x16fc  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:54:43.0324 0x16fc  WinRM - ok
13:54:43.0390 0x16fc  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE, 04374450882504D9031951F4E9317E5A128EBA5A22A3555ACD28BC742861AF9C ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
13:54:43.0419 0x16fc  WinUSB - ok
13:54:43.0479 0x16fc  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:54:43.0548 0x16fc  Wlansvc - ok
13:54:43.0620 0x16fc  [ 94A85E956A065E23E0010A6A7826243B, F70A8301D071667718F04A9F261946ED8D64EE1B08055C518186252198F8F3F1 ] WLSetupSvc      C:\Program Files\Windows Live\installer\WLSetupSvc.exe
13:54:43.0706 0x16fc  WLSetupSvc - ok
13:54:43.0731 0x16fc  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:54:43.0767 0x16fc  WmiAcpi - ok
13:54:43.0809 0x16fc  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:54:43.0850 0x16fc  wmiApSrv - ok
13:54:43.0938 0x16fc  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
13:54:44.0104 0x16fc  WMPNetworkSvc - ok
13:54:44.0127 0x16fc  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:54:44.0196 0x16fc  WPCSvc - ok
13:54:44.0241 0x16fc  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:54:44.0292 0x16fc  WPDBusEnum - ok
13:54:44.0337 0x16fc  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
13:54:44.0375 0x16fc  WpdUsb - ok
13:54:44.0548 0x16fc  [ 15673BD0B86150CB8E27766059C72A9B, 56C23289A8BFF4945EE532CF6D62D3EC81B827CA15A359F30A327789F9FE9CAF ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:54:44.0664 0x16fc  WPFFontCache_v0400 - ok
13:54:44.0708 0x16fc  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:54:44.0775 0x16fc  ws2ifsl - ok
13:54:44.0816 0x16fc  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\system32\wscsvc.dll
13:54:44.0882 0x16fc  wscsvc - ok
13:54:44.0893 0x16fc  WSearch - ok
13:54:45.0080 0x16fc  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:54:45.0221 0x16fc  wuauserv - ok
13:54:45.0252 0x16fc  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:54:45.0275 0x16fc  WudfPf - ok
13:54:45.0291 0x16fc  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:54:45.0312 0x16fc  WUDFRd - ok
13:54:45.0353 0x16fc  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:54:45.0393 0x16fc  wudfsvc - ok
13:54:45.0445 0x16fc  [ 04E268ADFC81964C49DC0C082D520F7E, 7D2574E366636AB1D59A08FE3038268095D627C39636C6ED6BCE1D5ACB44A179 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
13:54:45.0494 0x16fc  yukonwlh - ok
13:54:45.0535 0x16fc  ================ Scan global ===============================
13:54:45.0585 0x16fc  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
13:54:45.0635 0x16fc  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
13:54:45.0673 0x16fc  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
13:54:45.0727 0x16fc  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
13:54:45.0738 0x16fc  [ Global ] - ok
13:54:45.0739 0x16fc  ================ Scan MBR ==================================
13:54:45.0754 0x16fc  [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0
13:54:46.0226 0x16fc  \Device\Harddisk0\DR0 - ok
13:54:46.0227 0x16fc  ================ Scan VBR ==================================
13:54:46.0230 0x16fc  [ C66CFDF38A429ED011DD02836EF85135 ] \Device\Harddisk0\DR0\Partition1
13:54:46.0233 0x16fc  \Device\Harddisk0\DR0\Partition1 - ok
13:54:46.0256 0x16fc  [ 21948C29DB442AC0CA2A55EC3F6CBE06 ] \Device\Harddisk0\DR0\Partition2
13:54:46.0258 0x16fc  \Device\Harddisk0\DR0\Partition2 - ok
13:54:46.0277 0x16fc  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )
13:54:46.0283 0x16fc  Win FW state via NFP2: enabled
13:54:48.0775 0x16fc  ============================================================
13:54:48.0775 0x16fc  Scan finished
13:54:48.0775 0x16fc  ============================================================
13:54:48.0800 0x127c  Detected object count: 12
13:54:48.0800 0x127c  Actual detected object count: 12
13:56:33.0172 0x127c  ACEDRV06 ( UnsignedFile.Multi.Generic ) - skipped by user
13:56:33.0173 0x127c  ACEDRV06 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:56:33.0178 0x127c  ADDMEM ( UnsignedFile.Multi.Generic ) - skipped by user
13:56:33.0179 0x127c  ADDMEM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:56:33.0182 0x127c  Afc ( UnsignedFile.Multi.Generic ) - skipped by user
13:56:33.0182 0x127c  Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:56:33.0186 0x127c  BlueSoleilCS ( UnsignedFile.Multi.Generic ) - skipped by user
13:56:33.0186 0x127c  BlueSoleilCS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:56:33.0192 0x127c  BsHelpCS ( UnsignedFile.Multi.Generic ) - skipped by user
13:56:33.0192 0x127c  BsHelpCS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:56:33.0196 0x127c  EPSON_PM_RPCV2_02 ( UnsignedFile.Multi.Generic ) - skipped by user
13:56:33.0197 0x127c  EPSON_PM_RPCV2_02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:56:33.0201 0x127c  EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
13:56:33.0201 0x127c  EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:56:33.0205 0x127c  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:56:33.0206 0x127c  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:56:33.0211 0x127c  NetworkX ( UnsignedFile.Multi.Generic ) - skipped by user
13:56:33.0211 0x127c  NetworkX ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:56:33.0215 0x127c  PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:56:33.0215 0x127c  PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:56:33.0219 0x127c  RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:56:33.0219 0x127c  RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:56:33.0223 0x127c  ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
13:56:33.0224 0x127c  ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 
14:03:29.0938 0x0648  Deinitialize success

Gruß
AlterHase

schrauber · 03.02.2014, 13:17

Vista DVD da bzw wird dir ein Reparaturmodus angeoten wenn Du F8 beim Booten drückst? Damit wir den MBR neu schreiben können von aussen.

AlterHase · 03.02.2014, 16:00

Hallo Schrauber,

habe den MBR mit bootrec.exe /fixmbr wiederhergestellt. Ein anschließender MBRCheck-Lauf ergab:

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows Vista Home Premium Edition
Windows Information:		Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer:	SAMSUNG ELECTRONICS CO., LTD.
BIOS Manufacturer:		Phoenix Technologies Ltd.
System Manufacturer:		SAMSUNG ELECTRONICS CO., LTD.
System Product Name:		R710
Logical Drives Mask:		0x0000001c

Kernel Drivers (total 162):
  0x82418000 \SystemRoot\system32\ntoskrnl.exe
  0x827C3000 \SystemRoot\system32\hal.dll
  0x8A406000 \SystemRoot\system32\kdcom.dll
  0x8A40D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
  0x8A47D000 \SystemRoot\system32\PSHED.dll
  0x8A48E000 \SystemRoot\system32\BOOTVID.dll
  0x8A496000 \SystemRoot\system32\CLFS.SYS
  0x8A4D7000 \SystemRoot\system32\CI.dll
  0x8A5B7000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x8A638000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x8A646000 \SystemRoot\system32\drivers\acpi.sys
  0x8A68C000 \SystemRoot\system32\drivers\WMILIB.SYS
  0x8A695000 \SystemRoot\system32\drivers\msisadrv.sys
  0x8A69D000 \SystemRoot\system32\drivers\pci.sys
  0x8A6C4000 \SystemRoot\System32\drivers\partmgr.sys
  0x8A6D4000 \SystemRoot\system32\DRIVERS\compbatt.sys
  0x8A6D7000 \SystemRoot\system32\DRIVERS\BATTC.SYS
  0x8A6E1000 \SystemRoot\system32\drivers\volmgr.sys
  0x8A6F0000 \SystemRoot\System32\drivers\volmgrx.sys
  0x8A73A000 \SystemRoot\System32\drivers\mountmgr.sys
  0x8A802000 \SystemRoot\system32\DRIVERS\iaStor.sys
  0x8A8D2000 \SystemRoot\system32\DRIVERS\iaNvStor.sys
  0x8A91A000 \SystemRoot\system32\drivers\atapi.sys
  0x8A922000 \SystemRoot\system32\drivers\ataport.SYS
  0x8A940000 \SystemRoot\system32\drivers\fltmgr.sys
  0x8A972000 \SystemRoot\system32\drivers\fileinfo.sys
  0x8A982000 \SystemRoot\system32\DRIVERS\MpFilter.sys
  0x8A9B2000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x8AA24000 \SystemRoot\system32\drivers\ndis.sys
  0x8AB2F000 \SystemRoot\system32\drivers\msrpc.sys
  0x8AB5A000 \SystemRoot\system32\drivers\NETIO.SYS
  0x8AC03000 \SystemRoot\System32\drivers\tcpip.sys
  0x8ACF0000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x8AD0B000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x8AE1B000 \SystemRoot\system32\drivers\volsnap.sys
  0x8AE54000 \SystemRoot\System32\Drivers\spldr.sys
  0x8AE5C000 \SystemRoot\System32\Drivers\mup.sys
  0x8AE6B000 \SystemRoot\System32\drivers\ecache.sys
  0x8AE92000 \SystemRoot\system32\drivers\disk.sys
  0x8AEA3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
  0x8AEC4000 \SystemRoot\system32\drivers\crcdisk.sys
  0x8AECD000 \SystemRoot\System32\Drivers\BtHidBus.sys
  0x8AEDE000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x8AEE9000 \SystemRoot\system32\DRIVERS\tunmp.sys
  0x8EC07000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x8F4A4000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x8F544000 \SystemRoot\System32\drivers\watchdog.sys
  0x8F550000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0x8F55B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x8F599000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x8F5A8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0x8F635000 \SystemRoot\system32\DRIVERS\athr.sys
  0x8F75E000 \SystemRoot\system32\DRIVERS\yk60x86.sys
  0x8F7AA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
  0x8F7AE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0x8F7C1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x8F7CC000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x8F7D7000 \SystemRoot\system32\drivers\Afc.sys
  0x8AEF2000 \??\C:\Windows\system32\drivers\acehlp10.sys
  0x8AF2E000 \??\C:\Windows\system32\drivers\acehlp09.sys
  0x8F7DF000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x8F7F7000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x8AF5E000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0x8F7FA000 \SystemRoot\System32\Drivers\btnetBus.sys
  0x8EC00000 \SystemRoot\System32\Drivers\VcommMgr.sys
  0x8AF6D000 \SystemRoot\System32\Drivers\IvtBtBus.sys
  0x8AF72000 \SystemRoot\system32\DRIVERS\msiscsi.sys
  0x8AFA1000 \SystemRoot\system32\DRIVERS\storport.sys
  0x8AFE2000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x8AFED000 \SystemRoot\system32\drivers\tbhsd.sys
  0x8AB95000 \SystemRoot\system32\drivers\portcls.sys
  0x8ABC2000 \SystemRoot\system32\drivers\drmk.sys
  0x8A74A000 \SystemRoot\system32\drivers\ks.sys
  0x8ABE7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x8AED1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x8A774000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x8A797000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x8A7A6000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x8A7BA000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x8A7CF000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x8A7DF000 \SystemRoot\system32\DRIVERS\rrnetcap.sys
  0x8A7EA000 \SystemRoot\system32\DRIVERS\VClone.sys
  0x9040A000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
  0x90430000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x90432000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x9043C000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x90449000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x9047E000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x9048F000 \SystemRoot\system32\drivers\RTKVHDA.sys
  0x9068F000 \SystemRoot\system32\drivers\nvhda32v.sys
  0x906B7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0x906C0000 \SystemRoot\System32\Drivers\Null.SYS
  0x906C7000 \SystemRoot\System32\Drivers\Beep.SYS
  0x906D7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x906DE000 \SystemRoot\System32\drivers\vga.sys
  0x906EA000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x9070B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x90713000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x9071B000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x90726000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x90734000 \SystemRoot\System32\DRIVERS\rasacd.sys
  0x9073D000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x90753000 \SystemRoot\system32\DRIVERS\smb.sys
  0x90767000 \SystemRoot\system32\drivers\afd.sys
  0x907AF000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x907E1000 \SystemRoot\system32\drivers\ws2ifsl.sys
  0x907EA000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x9080C000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x9081A000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x9082D000 \SystemRoot\system32\DRIVERS\sct_skmscan.sys
  0x90839000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x90875000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x9087F000 \SystemRoot\system32\ckldrv.sys
  0x90884000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x90889000 \SystemRoot\System32\Drivers\dfsc.sys
  0x908A0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x908B7000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x908B9000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x908C2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x908D2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x908DB000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x94C10000 \SystemRoot\System32\win32k.sys
  0x908F0000 \SystemRoot\System32\drivers\Dxapi.sys
  0x908FA000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x94E30000 \SystemRoot\System32\TSDDD.dll
  0x94E50000 \SystemRoot\System32\cdd.dll
  0x90909000 \SystemRoot\system32\drivers\luafv.sys
  0x90924000 \??\C:\Windows\system32\drivers\ACEDRV06.sys
  0x90984000 \??\C:\Windows\system32\drivers\ACEDRV08.sys
  0x909E6000 \SystemRoot\system32\drivers\WudfPf.sys
  0x909FA000 \SystemRoot\system32\DRIVERS\kmdfmemio.sys
  0x90A02000 \SystemRoot\system32\drivers\spsys.sys
  0x90AB2000 \SystemRoot\system32\DRIVERS\irda.sys
  0x90AD0000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x90AE0000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x90B0A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x90B14000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x90B27000 \SystemRoot\system32\drivers\HTTP.sys
  0x90B94000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x90BB1000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x90BCA000 \SystemRoot\System32\drivers\mpsdrv.sys
  0x90BDF000 \SystemRoot\system32\drivers\mrxdav.sys
  0xA3C04000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xA3C23000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0xA3C5C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0xA3C74000 \SystemRoot\System32\DRIVERS\srv2.sys
  0xA3C9C000 \SystemRoot\System32\DRIVERS\srv.sys
  0xA3D03000 \SystemRoot\System32\Drivers\SENTINEL.SYS
  0xA3D18000 \??\C:\Windows\system32\drivers\acedrv09.sys
  0xA3D79000 \??\C:\Windows\system32\drivers\acedrv10.sys
  0xA3E0A000 \??\C:\Windows\system32\drivers\acedrv11.sys
  0xA3E36000 \SystemRoot\system32\DRIVERS\atksgt.sys
  0xA3E79000 \SystemRoot\system32\DRIVERS\lirsgt.sys
  0xA3E7E000 \SystemRoot\system32\DRIVERS\VComm.sys
  0xA3E80000 \SystemRoot\system32\DRIVERS\btnetdrv.sys
  0xA3E88000 \SystemRoot\system32\drivers\peauth.sys
  0xA3F66000 \SystemRoot\System32\Drivers\secdrv.SYS
  0xA3F70000 \SystemRoot\System32\drivers\tcpipreg.sys
  0xA3F7C000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
  0xA3F95000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0xA3FAB000 \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9C9335B7-4E17-4552-A5A7-187326768D2C}\MpKslcdea84fb.sys
  0x778B0000 \Windows\System32\ntdll.dll

Processes (total 82):
       0 System Idle Process
       4 System
     540 C:\Windows\System32\smss.exe
     668 csrss.exe
     720 C:\Windows\System32\wininit.exe
     732 csrss.exe
     764 C:\Windows\System32\services.exe
     780 C:\Windows\System32\lsass.exe
     788 C:\Windows\System32\lsm.exe
     928 C:\Windows\System32\svchost.exe
     976 C:\Windows\System32\nvvsvc.exe
    1000 C:\Windows\System32\winlogon.exe
    1044 C:\Windows\System32\svchost.exe
    1080 C:\Program Files\Microsoft Security Client\MsMpEng.exe
    1240 C:\Windows\System32\svchost.exe
    1272 C:\Windows\System32\svchost.exe
    1284 C:\Windows\System32\svchost.exe
    1372 C:\Windows\System32\audiodg.exe
    1396 C:\Windows\System32\svchost.exe
    1416 C:\Windows\System32\SLsvc.exe
    1444 C:\Windows\System32\svchost.exe
    1628 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    1644 C:\Windows\System32\nvvsvc.exe
    1708 C:\Windows\System32\svchost.exe
    2008 C:\Windows\System32\taskeng.exe
     328 C:\Windows\System32\spoolsv.exe
     360 C:\Windows\System32\svchost.exe
    1576 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    1692 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
     912 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    1988 D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
     672 C:\Windows\System32\Crypserv.exe
    1908 C:\Windows\System32\E_S00RP2.EXE
    2108 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    2252 C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
    2528 C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
    2556 C:\Windows\System32\svchost.exe
    2576 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    2588 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    2628 C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    2680 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    2692 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    2752 C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
    2792 C:\Windows\System32\SAgent4.exe
    2804 C:\Windows\System32\svchost.exe
    2868 C:\Windows\System32\svchost.exe
    2896 C:\Windows\System32\SearchIndexer.exe
    3116 C:\Program Files\Microsoft Security Client\NisSrv.exe
    3156 C:\Windows\servicing\TrustedInstaller.exe
    3216 D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
    3732 C:\Windows\System32\dwm.exe
    3772 C:\Windows\System32\taskeng.exe
    3820 C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
    3848 C:\Windows\System32\taskeng.exe
    3872 C:\Windows\explorer.exe
    3992 C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    4004 C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
    1460 C:\Windows\RtHDVCpl.exe
    2492 C:\Program Files\PowerDVD\PDVDServ.exe
     852 D:\Tools\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    2304 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    1960 C:\Program Files\Eraser\Eraser.exe
    1980 C:\Program Files\Microsoft Security Client\msseces.exe
    3184 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1936 D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
    3488 C:\Windows\ehome\ehtray.exe
    3496 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3940 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4036 C:\Windows\ehome\ehmsas.exe
    2176 C:\Users\Guru\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
    4100 C:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
    4396 C:\Windows\System32\wbem\unsecapp.exe
    4460 WmiPrvSE.exe
    4584 WmiPrvSE.exe
    5052 C:\Windows\System32\SearchProtocolHost.exe
    5092 C:\Windows\System32\SearchFilterHost.exe
    5652 C:\Windows\System32\svchost.exe
    5836 dllhost.exe
    5868 C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    5888 dllhost.exe
    5936 C:\Users\Guru\Desktop\MBRCheck.exe
    5976 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`80100000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`85d00000  (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVT-35ZCT0, Rev: 11.01A11

      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected
            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

einen korrekt erkannten MBR. Eine danach durchgeführte Überprüfung mit GMER ergab folgenden Log:

Code:

ATTFilter

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-03 15:46:27
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Guru\AppData\Local\Temp\awtiipog.sys


---- Kernel code sections - GMER 2.1 ----

.reloc   C:\Windows\system32\drivers\acehlp10.sys                                                             section is executable [0x8AEF5B80, 0x380E2, 0xE0000060]
.reloc   C:\Windows\system32\drivers\acehlp09.sys                                                             section is executable [0x8AF34780, 0x28F7A, 0xE0000060]
.text    C:\Windows\system32\drivers\ACEDRV06.sys                                                             section is writeable [0x90925000, 0x319AA, 0xE8000020]
.pklstb  C:\Windows\system32\drivers\ACEDRV06.sys                                                             entry point in ".pklstb" section [0x90968000]
.relo2   C:\Windows\system32\drivers\ACEDRV06.sys                                                             unknown last section [0x90983000, 0x8E, 0x42000040]
.text    C:\Windows\system32\drivers\ACEDRV08.sys                                                             section is writeable [0x90985000, 0x328BA, 0xE8000020]
.pklstb  C:\Windows\system32\drivers\ACEDRV08.sys                                                             entry point in ".pklstb" section [0x909C9000]
.relo2   C:\Windows\system32\drivers\ACEDRV08.sys                                                             unknown last section [0x909E5000, 0x8E, 0x42000040]
.reloc   C:\Windows\system32\drivers\acedrv09.sys                                                             section is executable [0xA3D2A000, 0x4E05A, 0xE0000060]
.reloc   C:\Windows\system32\drivers\acedrv10.sys                                                             section is executable [0xA3D85000, 0x845FE, 0xE0000060]
.vmp2    C:\Windows\system32\drivers\acedrv11.sys                                                             entry point in ".vmp2" section [0xA3E3169D]
.text    C:\Windows\system32\DRIVERS\atksgt.sys                                                               section is writeable [0xA3E36300, 0x3AE88, 0xE8000020]
.text    C:\Windows\system32\DRIVERS\lirsgt.sys                                                               section is writeable [0xA3E79300, 0x1B7E, 0xE8000020]

---- User IAT/EAT - GMER 2.1 ----

IAT      C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [747B7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT      C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [747FB4F1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT      C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [747BBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT      C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [747AF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT      C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [747B75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT      C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [747AE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT      C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [747E73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT      C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [747BDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT      C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [747AFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT      C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [747AFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT      C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [747A71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT      C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [7483CB00] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT      C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [747DC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT      C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [747AD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT      C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [747A6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT      C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [747A687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll
IAT      C:\Windows\Explorer.EXE[3872] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [747B2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fcf40eec0                          
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fa0371                          
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fc199b                          
Reg      HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fcf40eec0 (not active ControlSet)      
Reg      HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1fa0371 (not active ControlSet)      
Reg      HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1fc199b (not active ControlSet)      

---- EOF - GMER 2.1 ----

Es scheinen also immer noch problematische Dateinen vorhanden zu sein.

Gruß
AlterHase