Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Irgendetwas stimmt nicht ! (https://www.trojaner-board.de/104007-irgendetwas-stimmt.html)

jeannjeann78 09.10.2011 20:02
Hi ich habe das Gefühl das ich mir irgendetwas eingefangen habe, Malewarebytes hat nichs gefunden und soeben bekomme ich die meldung von antivir er habe 2 Viren gefunden, kann mir aber keine Details anzeigen lassen.
Ich habe mal ein logfile mit Hijackthis erstellt und hoffe mir kann jemand etwas dazu sagen.

NACHTRAG:

2 Viren konnten von Microsoft Security essentials bereinigt werden. Antivir meldet noch einen 3en.

1. TrojanDownloader:Win32/Karagany.A
Elemente:
file:C:\Users\xxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\2ec59b48-4d010153

2. Exploit:Java/CVE-2010-4452
Elemente:
file:C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20111009-204707-658A2FEE\AVSCAN-00000002
file:C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVSCAN-20111009-204707-658A2FEE\AVSCAN-00000003
file:C:\Users\xxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\3e060fc1-36f846b7
file:C:\Users\xxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\3e060fc1-3bab8adf


Danke im vorraus! :dankeschoen:



Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:44:06, on 09.10.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla\firefox.exe
C:\Program Files\Mozilla\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h++p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h++p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h++p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h++p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h++p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h++p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [DeskUpdateNotifier] "C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\JeannJeann\Desktop\PartyPoker.lnk
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\JeannJeann\Desktop\PartyPoker.lnk
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {B959F5AD-247B-4F3F-AEE6-8E9D6A2614E3} (Mcam100v2ClientAX Control) - h++p://www.hardcorestation.net/WebClientV21/Mcam100v2ClientAX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - h++p://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h++p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C5B53F4E-71E3-4948-9C22-2A9FA7DE4073}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 10974 bytes
--- --- ---


OTL LOGFILE

Code:
OTL logfile created on: 09.10.2011 23:22:02 - Run 1
OTL by OldTimer - Version 3.2.29.1    Folder = C:\Users\xxxxxx\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 57,05% Memory free
7,73 Gb Paging File | 5,95 Gb Available in Paging File | 77,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 75,00 Gb Total Space | 34,73 Gb Free Space | 46,31% Space Free | Partition Type: NTFS
Drive D: | 221,08 Gb Total Space | 153,51 Gb Free Space | 69,43% Space Free | Partition Type: NTFS
Drive F: | 1,86 Gb Total Space | 1,64 Gb Free Space | 87,78% Space Free | Partition Type: FAT
 
Computer Name: xxxxxx-PC | User Name: xxxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxxxxx\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (VFPRadioSupportService) -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe (CSR, plc)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (PowerSavingUtilityService) -- C:\Programme\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (WirelessSelectorService) -- C:\Programme\Fujitsu\WirelessSelector\WSUService.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TestHandler) -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bserd) -- C:\Windows\SysNative\drivers\ss_bserd.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\Windows\SysNative\drivers\vcsvad.sys (Avnex)
DRV:64bit: - (FUJ02E3) -- C:\Windows\SysNative\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV:64bit: - (FUJ02B1) -- C:\Windows\SysNative\drivers\fuj02b1.sys (FUJITSU LIMITED)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: SQLiteManager@mrinalkant.blogspot.com:0.6.8
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.17 12:17:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.09.14 11:26:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla\components [2011.10.04 21:50:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla\plugins [2011.09.14 11:26:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.17 12:17:01 | 000,000,000 | ---D | M]
 
[2011.04.21 23:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Extensions
[2011.10.06 13:05:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\tk577vqx.default\extensions
[2011.04.10 01:39:21 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\tk577vqx.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2011.09.08 11:05:19 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\tk577vqx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.09.14 11:26:10 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\xxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TK577VQX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\xxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TK577VQX.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
() (No name found) -- C:\USERS\xxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TK577VQX.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
 
O1 HOSTS File: ([2011.10.09 23:03:49 | 000,438,134 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    123fporn.info
O1 - Hosts: 15060 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\xxxxxx\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\xxxxxx\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {B959F5AD-247B-4F3F-AEE6-8E9D6A2614E3} hxxp://www.hardcorestation.net/WebClientV21/Mcam100v2ClientAX.cab (Mcam100v2ClientAX Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5B53F4E-71E3-4948-9C22-2A9FA7DE4073}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cplkicker.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\csrbippushinitiatorwizard.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\dplaunch.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\psusetdlg.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\qs.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\qtinit.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\cplkicker.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\csrbippushinitiatorwizard.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\dplaunch.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\psusetdlg.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\qs.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\qtinit.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe
O33 - MountPoints2\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\Shell\option1\command - "" = E:\deskupdate\DeskUpdate.exe
O33 - MountPoints2\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\Shell\support\command - "" = E:\deskupdate\support.bat
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.09 20:35:22 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.10.09 20:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.10.09 18:58:08 | 000,021,504 | ---- | C] (Avnex) -- C:\Windows\SysNative\drivers\vcsvad.sys
[2011.10.09 11:45:24 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Documents\Any Video Converter
[2011.10.09 11:45:22 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\AnvSoft
[2011.10.09 11:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2011.10.09 11:32:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2011.10.09 00:08:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eRightSoft
[2011.10.08 23:32:17 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\HPAppData
[2011.10.08 20:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Win7codecs
[2011.10.08 20:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter
[2011.10.08 18:53:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adapter
[2011.10.08 18:36:28 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2011.10.08 18:36:27 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2011.10.08 18:36:27 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2011.10.08 18:36:27 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2011.10.08 18:36:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2011.10.08 18:30:48 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2011.10.06 13:38:03 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Desktop\Hardstyle
[2011.10.06 13:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter
[2011.10.06 13:03:20 | 000,307,200 | ---- | C] (FLV.com) -- C:\Windows\SysWow64\TubeFinder.exe
[2011.10.06 13:03:16 | 000,119,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6FR.DLL
[2011.10.06 13:03:16 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6STKIT.DLL
[2011.10.06 13:03:16 | 000,084,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PICCLP32.OCX
[2011.10.06 13:03:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PCCLPFR.DLL
[2011.10.06 13:03:15 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2011.10.06 13:03:15 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCFR.DLL
[2011.10.06 13:03:15 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CMDLGFR.DLL
[2011.10.06 13:03:14 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\FreeFLVConverter
[2011.10.06 13:03:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free FLV Converter
[2011.10.06 12:57:37 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Nero
[2011.10.03 03:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus
[2011.10.03 03:04:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2011.09.29 11:34:06 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Desktop\Celine
[2011.09.28 09:26:51 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Desktop\PIX
[2011.09.22 12:27:02 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Desktop\TV-Browser
[2011.09.21 13:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2011.09.21 13:51:00 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011.09.21 13:49:39 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Programs
[2011.09.21 13:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Inspector File Recovery
[2011.09.21 13:48:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Inspector File Recovery
[2011.09.14 12:16:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2011.09.14 11:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2011.09.14 11:26:02 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2011.09.14 11:25:52 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2011.09.14 11:25:52 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2011.09.14 11:25:51 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011.09.14 11:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011.09.14 11:25:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011.09.14 11:25:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2011.09.14 11:25:41 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Real
[2011.09.14 10:55:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Flash Movie Extract Pilot
[2011.09.14 10:50:14 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\dwhelper
[2011.09.12 20:32:38 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Mozilla-Cache
[2011.09.12 20:32:20 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PartyPoker
[2011.09.12 20:31:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PartyGaming
[2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\xxxxxx\AppData\Local\CDRip.dll
[2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\xxxxxx\AppData\Local\No23 Recorder.exe
[2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\xxxxxx\AppData\Local\basscd.dll
[2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\xxxxxx\AppData\Local\bass.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.09 23:24:32 | 000,025,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.09 23:24:32 | 000,025,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.09 23:16:55 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.09 23:16:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.09 23:16:13 | 3111,567,360 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.09 23:03:49 | 000,438,134 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.10.09 22:37:53 | 000,438,134 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20111009-230349.backup
[2011.10.09 22:31:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.09 21:56:31 | 000,002,999 | ---- | M] () -- C:\Users\xxxxxx\Desktop\HiJackThis.lnk
[2011.10.09 21:35:16 | 001,606,434 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.09 21:35:16 | 000,702,708 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.09 21:35:16 | 000,657,380 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.09 21:35:16 | 000,150,372 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.09 21:35:16 | 000,123,152 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.09 21:35:06 | 001,606,434 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.09 19:39:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.09 11:32:40 | 000,001,236 | ---- | M] () -- C:\Users\xxxxxx\Desktop\Any Video Converter.lnk
[2011.10.06 13:06:27 | 000,001,117 | ---- | M] () -- C:\Users\xxxxxx\Desktop\Free FLV Converter.lnk
[2011.10.05 07:54:59 | 000,051,429 | ---- | M] () -- C:\Users\xxxxxx\Desktop\bookmarks-2011-10-05.json
[2011.10.04 21:50:34 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.10.04 17:26:25 | 005,027,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.09.30 14:28:56 | 000,000,090 | ---- | M] () -- C:\Users\xxxxxx\Desktop\dsl_stream.mp3.m3u
[2011.09.22 09:53:33 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.09.19 22:05:02 | 000,019,456 | ---- | M] () -- C:\Users\xxxxxx\AppData\Local\WebpageIcons.db
[2011.09.14 11:26:18 | 000,001,354 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011.09.14 11:26:02 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2011.09.14 11:25:52 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2011.09.14 11:25:52 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2011.09.14 11:25:51 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011.09.12 20:47:51 | 000,001,061 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2011.09.12 20:32:20 | 000,001,987 | ---- | M] () -- C:\Users\xxxxxx\Desktop\PartyPoker.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.09 20:35:22 | 000,002,999 | ---- | C] () -- C:\Users\xxxxxx\Desktop\HiJackThis.lnk
[2011.10.09 11:32:40 | 000,001,236 | ---- | C] () -- C:\Users\xxxxxx\Desktop\Any Video Converter.lnk
[2011.10.08 18:36:27 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.10.06 13:03:23 | 000,001,117 | ---- | C] () -- C:\Users\xxxxxx\Desktop\Free FLV Converter.lnk
[2011.10.06 13:03:16 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\PropertyGrid.ocx
[2011.10.06 13:03:16 | 000,208,500 | ---- | C] () -- C:\Windows\SysWow64\ReyXpBasics.tlb
[2011.10.06 13:03:15 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ControlSubX.ocx
[2011.10.05 07:54:58 | 000,051,429 | ---- | C] () -- C:\Users\xxxxxx\Desktop\bookmarks-2011-10-05.json
[2011.09.30 14:28:55 | 000,000,090 | ---- | C] () -- C:\Users\xxxxxx\Desktop\dsl_stream.mp3.m3u
[2011.09.23 12:56:13 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.09.21 13:48:15 | 000,006,200 | ---- | C] () -- C:\Windows\SysWow64\INT13EXT.VXD
[2011.09.14 11:26:18 | 000,001,354 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011.09.12 20:32:20 | 000,001,987 | ---- | C] () -- C:\Users\xxxxxx\Desktop\PartyPoker.lnk
[2011.07.24 19:12:06 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2011.07.12 16:56:50 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.06.17 06:17:28 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.05.23 10:25:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.20 19:56:25 | 000,000,000 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.02.20 16:34:56 | 000,001,471 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\RecConfig.xml
[2011.02.17 12:03:15 | 000,233,802 | ---- | C] () -- C:\Windows\hpoins43.dat
[2011.02.07 18:19:39 | 000,014,848 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.01.22 12:50:41 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.01.19 22:22:14 | 000,019,456 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\WebpageIcons.db
[2011.01.05 00:24:23 | 001,606,434 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.22 14:38:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.22 11:50:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.10.07 10:20:16 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.01.29 23:11:51 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\lame_enc.dll
[2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\vorbisenc.dll
[2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\vorbisfile.dll
[2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\vorbis.dll
[2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\ogg.dll
[2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\no23xwrapper.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\xxxxxx\Downloads:Shareaza.GUID
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:6DA3BBF2
 
< End of report >

Code:
OTL Extras logfile created on: 09.10.2011 23:22:02 - Run 1
OTL by OldTimer - Version 3.2.29.1    Folder = C:\Users\xxxxxx\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 57,05% Memory free
7,73 Gb Paging File | 5,95 Gb Available in Paging File | 77,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 75,00 Gb Total Space | 34,73 Gb Free Space | 46,31% Space Free | Partition Type: NTFS
Drive D: | 221,08 Gb Total Space | 153,51 Gb Free Space | 69,43% Space Free | Partition Type: NTFS
Drive F: | 1,86 Gb Total Space | 1,64 Gb Free Space | 87,78% Space Free | Partition Type: FAT
 
Computer Name: xxxxxx-PC | User Name: xxxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46AE421C-BF1B-4B62-BE0E-62FE09C6D5B5}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51692C66-5505-41B8-92A7-548C69FB867C}" = Wireless Selector
"{5633497C-9D4F-847D-0CBC-120FE63AC71C}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8877487B-50A1-5629-093F-DD2FE43ECA3C}" = ATI Catalyst Install Manager
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2F4C332-2359-4ADE-AF0C-C631768BBB89}" = Bluetooth Feature Pack 5.0
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06C19FF4-1117-1C23-E513-68CD22C83340}" = CCC Help French
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A80329D-1B59-4F10-8D1D-924C59B2840B}" = ShufflePlusVLOI
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0f1c988e-b065-4dbb-a4fa-2cc028f56665}" = Nero 9 Essentials
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13DA4FDF-2714-9E95-C096-48ABEC308CD3}" = ccc-core-static
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{173B24B7-D682-DF0E-0BF7-7FFC41505D3B}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{220F7FC9-7E80-4920-9579-81D88A57FA6C}" = Catalyst Control Center - Branding
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3516C69A-024D-42A8-B948-FFAA7B9CC49A}" = Windows SideShow Managed Runtime 1.0
"{456C12A5-B6D6-342E-39BE-48B45A865A51}" = CCC Help Japanese
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46A28DBB-6784-A5F4-0107-1AE13EE75A0E}" = CCC Help Norwegian
"{47DD8D29-E32D-B1D3-464F-076F7C6A3AF1}" = CCC Help Russian
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = USB Vibration Joystick
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4D530901-0614-4537-B4CE-EA1000038301}" = Game Room
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B3523BD-FB03-1B42-88DC-0414EA6981A7}" = CCC Help Korean
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D41B0-07AA-6963-E82C-D003C2656E3F}" = CCC Help Greek
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76CF32EE-8EB7-9FEC-1CA9-9F95DBBB4AF5}" = CCC Help Italian
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{78DC5634-DB02-7AC4-A642-BE19342BAE80}" = CCC Help Thai
"{84C176F9-1DAE-803C-5993-CF8703AE5841}" = Adobe Download Assistant
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91F1C40C-04BE-22D1-9D20-A3073B6C39F0}" = CCC Help Dutch
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-007F-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5B7D0E-62FD-56EE-03C4-7E32C6151F1F}" = CCC Help Chinese Standard
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C12C8B9C-D80B-12DC-14A0-D4C969A25430}" = CCC Help Finnish
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52F48D1-E719-8F33-FB14-21312C24B445}" = Catalyst Control Center Localization All
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB3C31E5-7F13-F970-D5E6-D4C8DF7B3D01}" = CCC Help Swedish
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDC037BF-E428-E57D-0117-8AB97CED4BF6}" = CCC Help Turkish
"{CEE2613D-3B53-4447-BA2D-E88C08272581}" = LibreOffice 3.3
"{D0FF774C-0B91-67EF-0CC7-5196D00DFEFD}" = CCC Help English
"{D13347CD-B657-0824-5808-7E96984CD89D}" = Catalyst Control Center InstallProxy
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1A85247-63B6-4F20-910E-58377D1B7430}_is1" = Picture Resizer 2.0
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D65B333F-DE89-4DED-A710-6A6B9C198DD7}" = Pop Art Studio 5.3
"{D74BD8A8-6EBC-D5ED-242C-A06CB3E98500}" = CCC Help German
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD66089A-F868-B0F2-0390-C49606A474AF}" = Catalyst Control Center Graphics Previews Vista
"{DE515AE2-690C-5F39-707B-A180CF3F67FE}" = CCC Help Hungarian
"{DFC161B9-13DD-B0E0-A2FE-212736B4A2F0}" = CCC Help Polish
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EAA783DE-2EF3-A422-1CBA-5E0FA3C8111C}" = CCC Help Danish
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F204734A-5030-8B1A-8890-7AC0816606AF}" = CCC Help Spanish
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3C33609-31A4-52DA-6EB1-E24892EB5970}" = CCC Help Czech
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FBD8BABD-CBBF-4E1D-C3B2-6DBD2A08C0CD}" = CCC Help Chinese Traditional
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DeskUpdate_is1" = DeskUpdate 4.11
"Free FLV Converter_is1" = Free FLV Converter V 7.1.0
"InstallShield_{51692C66-5505-41B8-92A7-548C69FB867C}" = Wireless Selector
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 11.01.1190" = Opera 11.01
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.91
"SHOUTcast" = SHOUTcast DNAS Server v2
"Streamripper" = Streamripper (Remove only)
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.8.8
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

cosinus 10.10.2011 14:01
Zitat:
Malewarebytes hat nichs gefunden
Log bitte trotzdem posten.
Und bitte die Finger von Hijackthis erstmal lassen, die Logs davon haben viel zu wenig Infos.

jeannjeann78 10.10.2011 20:50
Hi,

habe den Laptop anhand eines Speicherabbildes wiederhergestellt, trotzdem muckt er noch...

Hier das Logfile von Malewarebytes

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7917

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10.10.2011 20:29:07
mbam-log-2011-10-10 (20-29-07).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 177648
Laufzeit: 31 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Und noch ein aktuelles Logfile von OTL:
Code:
OTL logfile created on: 10.10.2011 21:13:36 - Run 1
OTL by OldTimer - Version 3.2.29.1    Folder = C:\Users\xxxxxx\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 40,43% Memory free
7,73 Gb Paging File | 5,13 Gb Available in Paging File | 66,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 75,00 Gb Total Space | 36,41 Gb Free Space | 48,55% Space Free | Partition Type: NTFS
Drive D: | 221,08 Gb Total Space | 149,02 Gb Free Space | 67,41% Space Free | Partition Type: NTFS
Drive F: | 1,86 Gb Total Space | 1,63 Gb Free Space | 87,66% Space Free | Partition Type: FAT32
 
Computer Name: xxxxxx-PC | User Name: xxxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxxxxx\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Mozilla\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Mozilla\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (VFPRadioSupportService) -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe (CSR, plc)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (PowerSavingUtilityService) -- C:\Programme\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (WirelessSelectorService) -- C:\Programme\Fujitsu\WirelessSelector\WSUService.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TestHandler) -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bserd) -- C:\Windows\SysNative\drivers\ss_bserd.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (FUJ02E3) -- C:\Windows\SysNative\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV:64bit: - (FUJ02B1) -- C:\Windows\SysNative\drivers\fuj02b1.sys (FUJITSU LIMITED)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: SQLiteManager@mrinalkant.blogspot.com:0.6.8
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..keyword.URL: "hxxp://www.infoaxe.com/enhancedsearch_add.jsp?cx=partner-pub-6808396145675874:xl345tirlb7&cof=FORID:10&ie=ISO-8859-1&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.17 12:17:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.10 19:44:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla\components [2011.10.10 19:26:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla\plugins [2011.10.10 19:44:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.17 12:17:01 | 000,000,000 | ---D | M]
 
[2011.04.21 23:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Extensions
[2011.10.10 19:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\tk577vqx.default\extensions
[2011.01.12 11:14:06 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\tk577vqx.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2011.01.01 18:56:50 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\tk577vqx.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2011.04.10 01:39:21 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\tk577vqx.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2011.10.10 19:26:42 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\tk577vqx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.10.10 19:44:05 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\xxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TK577VQX.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\xxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TK577VQX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\xxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TK577VQX.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
() (No name found) -- C:\USERS\xxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TK577VQX.DEFAULT\EXTENSIONS\SQLITEMANAGER@MRINALKANT.BLOGSPOT.COM.XPI
() (No name found) -- C:\USERS\xxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TK577VQX.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
 
O1 HOSTS File: ([2011.04.26 21:21:13 | 000,433,049 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        123fporn.info
O1 - Hosts: 14894 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-H7QTG.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\xxxxxx\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\xxxxxx\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {B959F5AD-247B-4F3F-AEE6-8E9D6A2614E3} hxxp://www.hardcorestation.net/WebClientV21/Mcam100v2ClientAX.cab (Mcam100v2ClientAX Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5B53F4E-71E3-4948-9C22-2A9FA7DE4073}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O27:64bit: - HKLM IFEO\cplkicker.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\csrbippushinitiatorwizard.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\dplaunch.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\psusetdlg.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\qs.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\qtinit.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\cplkicker.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\csrbippushinitiatorwizard.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\dplaunch.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\psusetdlg.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\qs.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\qtinit.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe
O33 - MountPoints2\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\Shell\option1\command - "" = E:\deskupdate\DeskUpdate.exe
O33 - MountPoints2\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\Shell\support\command - "" = E:\deskupdate\support.bat
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.10 19:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2011.10.10 19:43:47 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2011.10.10 19:43:21 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2011.10.10 19:43:21 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2011.10.10 19:43:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011.10.10 19:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011.10.10 19:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011.10.10 19:43:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2011.10.10 19:43:05 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Real
[2011.10.10 19:40:33 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Mozilla-Cache
[2011.10.10 19:40:00 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\HPAppData
[2011.10.10 19:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker
[2011.10.10 19:38:35 | 000,000,000 | ---D | C] -- C:\Programs
[2011.10.10 19:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2011.10.10 19:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2011.10.10 17:02:22 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Avira
[2011.10.10 17:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.10 17:01:52 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.10 17:01:52 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.10 17:01:52 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.10.10 17:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.10 17:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.04.19 11:36:25 | 000,459,058 | ---- | C] (Europress Software) -- C:\Program Files\Mario.exe
[2011.04.19 11:36:25 | 000,172,544 | ---- | C] (Europress Software) -- C:\Program Files\CNCS32.DLL
[2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\xxxxxx\AppData\Local\CDRip.dll
[2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\xxxxxx\AppData\Local\No23 Recorder.exe
[2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\xxxxxx\AppData\Local\basscd.dll
[2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\xxxxxx\AppData\Local\bass.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.10 21:28:02 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.10 20:15:57 | 001,535,134 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.10 20:15:57 | 000,659,830 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.10 20:15:57 | 000,621,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.10 20:15:57 | 000,132,070 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.10 20:15:57 | 000,108,286 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.10 20:07:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.10.10 20:05:16 | 001,535,548 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.10 19:49:23 | 000,709,968 | ---- | M] () -- C:\Windows\is-H7QTG.exe
[2011.10.10 19:49:23 | 000,012,782 | ---- | M] () -- C:\Windows\is-H7QTG.msg
[2011.10.10 19:49:23 | 000,000,393 | ---- | M] () -- C:\Windows\is-H7QTG.lst
[2011.10.10 19:49:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.10 19:44:21 | 000,001,354 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011.10.10 19:43:47 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2011.10.10 19:43:21 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2011.10.10 19:43:21 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2011.10.10 19:43:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011.10.10 19:39:57 | 000,001,695 | ---- | M] () -- C:\Users\xxxxxx\Desktop\PartyPoker.lnk
[2011.10.10 19:38:09 | 000,001,236 | ---- | M] () -- C:\Users\xxxxxx\Desktop\Any Video Converter.lnk
[2011.10.10 19:26:10 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.10.10 19:14:11 | 000,025,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.10 19:14:11 | 000,025,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.10 19:06:28 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.10 19:06:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.10 19:06:07 | 000,461,584 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.10 19:05:48 | 3111,567,360 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.10 17:02:08 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.09.18 08:39:27 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.09.15 23:55:03 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.09.15 23:55:03 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.10 19:49:23 | 000,012,782 | ---- | C] () -- C:\Windows\is-H7QTG.msg
[2011.10.10 19:49:23 | 000,000,393 | ---- | C] () -- C:\Windows\is-H7QTG.lst
[2011.10.10 19:49:22 | 000,709,968 | ---- | C] () -- C:\Windows\is-H7QTG.exe
[2011.10.10 19:44:21 | 000,001,354 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011.10.10 19:39:57 | 000,001,695 | ---- | C] () -- C:\Users\xxxxxx\Desktop\PartyPoker.lnk
[2011.10.10 19:38:09 | 000,001,236 | ---- | C] () -- C:\Users\xxxxxx\Desktop\Any Video Converter.lnk
[2011.10.10 17:02:08 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.10 16:51:06 | 3111,567,360 | -HS- | C] () -- C:\hiberfil.sys
[2011.05.23 10:25:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.20 19:56:25 | 000,000,000 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011.04.19 11:36:26 | 000,001,428 | ---- | C] () -- C:\Program Files\MarioXP.cfg
[2011.04.19 11:36:26 | 000,000,010 | ---- | C] () -- C:\Program Files\MarioXP.sav
[2011.04.19 11:36:25 | 013,256,765 | ---- | C] () -- C:\Program Files\Mario.cca
[2011.04.19 11:36:25 | 000,000,200 | ---- | C] () -- C:\Program Files\JoyToKey.ini
[2011.04.19 11:36:25 | 000,000,087 | ---- | C] () -- C:\Program Files\config.ini
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.02.20 16:34:56 | 000,001,471 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\RecConfig.xml
[2011.02.17 12:03:15 | 000,233,772 | ---- | C] () -- C:\Windows\hpoins43.dat
[2011.02.07 18:19:39 | 000,014,848 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.01.22 12:50:41 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.01.19 22:22:14 | 000,019,456 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\WebpageIcons.db
[2011.01.05 00:24:23 | 001,535,548 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.22 14:38:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.22 11:50:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.10.07 10:20:16 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.01.29 23:11:51 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2009.10.06 09:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\lame_enc.dll
[2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\vorbisenc.dll
[2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\vorbisfile.dll
[2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\vorbis.dll
[2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\ogg.dll
[2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\no23xwrapper.dll
 
========== LOP Check ==========
 
[2011.01.24 09:41:51 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\AveDesk
[2010.12.25 16:26:34 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\DAEMON Tools Lite
[2011.03.11 16:13:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\GetRightToGo
[2011.05.17 12:35:14 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\gtk-2.0
[2011.06.28 15:29:52 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Gutscheinmieze
[2011.05.17 12:20:15 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\ICQ
[2010.12.22 21:59:55 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\ICQ-Tools.de
[2011.07.06 18:09:41 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\JonDo
[2011.04.15 10:33:55 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\LibreOffice
[2011.01.01 17:26:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Local
[2010.12.22 18:19:21 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Opera
[2011.02.07 18:15:16 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Samsung
[2011.04.12 21:56:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\streamripper
[2010.12.23 02:09:25 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Tific
[2010.12.22 20:04:29 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\TuneUp Software
[2011.05.12 19:01:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\xxxxxx\Downloads:Shareaza.GUID
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:6DA3BBF2

< End of report >

Code:
OTL Extras logfile created on: 10.10.2011 21:13:37 - Run 1
OTL by OldTimer - Version 3.2.29.1    Folder = C:\Users\xxxxxx\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 40,43% Memory free
7,73 Gb Paging File | 5,13 Gb Available in Paging File | 66,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 75,00 Gb Total Space | 36,41 Gb Free Space | 48,55% Space Free | Partition Type: NTFS
Drive D: | 221,08 Gb Total Space | 149,02 Gb Free Space | 67,41% Space Free | Partition Type: NTFS
Drive F: | 1,86 Gb Total Space | 1,63 Gb Free Space | 87,66% Space Free | Partition Type: FAT32
 
Computer Name: xxxxxx-PC | User Name: xxxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{46AE421C-BF1B-4B62-BE0E-62FE09C6D5B5}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51692C66-5505-41B8-92A7-548C69FB867C}" = Wireless Selector
"{5633497C-9D4F-847D-0CBC-120FE63AC71C}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8877487B-50A1-5629-093F-DD2FE43ECA3C}" = ATI Catalyst Install Manager
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2F4C332-2359-4ADE-AF0C-C631768BBB89}" = Bluetooth Feature Pack 5.0
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06C19FF4-1117-1C23-E513-68CD22C83340}" = CCC Help French
"{0A80329D-1B59-4F10-8D1D-924C59B2840B}" = ShufflePlusVLOI
"{0f1c988e-b065-4dbb-a4fa-2cc028f56665}" = Nero 9 Essentials
"{13DA4FDF-2714-9E95-C096-48ABEC308CD3}" = ccc-core-static
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{173B24B7-D682-DF0E-0BF7-7FFC41505D3B}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{220F7FC9-7E80-4920-9579-81D88A57FA6C}" = Catalyst Control Center - Branding
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{456C12A5-B6D6-342E-39BE-48B45A865A51}" = CCC Help Japanese
"{46A28DBB-6784-A5F4-0107-1AE13EE75A0E}" = CCC Help Norwegian
"{47DD8D29-E32D-B1D3-464F-076F7C6A3AF1}" = CCC Help Russian
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = USB Vibration Joystick
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4D530901-0614-4537-B4CE-EA1000038301}" = Game Room
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker
"{5B3523BD-FB03-1B42-88DC-0414EA6981A7}" = CCC Help Korean
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D41B0-07AA-6963-E82C-D003C2656E3F}" = CCC Help Greek
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76CF32EE-8EB7-9FEC-1CA9-9F95DBBB4AF5}" = CCC Help Italian
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{78DC5634-DB02-7AC4-A642-BE19342BAE80}" = CCC Help Thai
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91F1C40C-04BE-22D1-9D20-A3073B6C39F0}" = CCC Help Dutch
"{95140000-007F-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5B7D0E-62FD-56EE-03C4-7E32C6151F1F}" = CCC Help Chinese Standard
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C12C8B9C-D80B-12DC-14A0-D4C969A25430}" = CCC Help Finnish
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52F48D1-E719-8F33-FB14-21312C24B445}" = Catalyst Control Center Localization All
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB3C31E5-7F13-F970-D5E6-D4C8DF7B3D01}" = CCC Help Swedish
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CDC037BF-E428-E57D-0117-8AB97CED4BF6}" = CCC Help Turkish
"{CEE2613D-3B53-4447-BA2D-E88C08272581}" = LibreOffice 3.3
"{D0FF774C-0B91-67EF-0CC7-5196D00DFEFD}" = CCC Help English
"{D13347CD-B657-0824-5808-7E96984CD89D}" = Catalyst Control Center InstallProxy
"{D1A85247-63B6-4F20-910E-58377D1B7430}_is1" = Picture Resizer 2.0
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D65B333F-DE89-4DED-A710-6A6B9C198DD7}" = Pop Art Studio 5.3
"{D74BD8A8-6EBC-D5ED-242C-A06CB3E98500}" = CCC Help German
"{DD66089A-F868-B0F2-0390-C49606A474AF}" = Catalyst Control Center Graphics Previews Vista
"{DE515AE2-690C-5F39-707B-A180CF3F67FE}" = CCC Help Hungarian
"{DFC161B9-13DD-B0E0-A2FE-212736B4A2F0}" = CCC Help Polish
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EAA783DE-2EF3-A422-1CBA-5E0FA3C8111C}" = CCC Help Danish
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F204734A-5030-8B1A-8890-7AC0816606AF}" = CCC Help Spanish
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3C33609-31A4-52DA-6EB1-E24892EB5970}" = CCC Help Czech
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FBD8BABD-CBBF-4E1D-C3B2-6DBD2A08C0CD}" = CCC Help Chinese Traditional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 3.2.7
"Avira AntiVir Desktop" = Avira Free Antivirus
"DeskUpdate_is1" = DeskUpdate 4.11
"GFWL_{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker
"InstallShield_{51692C66-5505-41B8-92A7-548C69FB867C}" = Wireless Selector
"InstallShield_{6226477E-444F-4DFE-BA19-9F4F7D4565BC}" = LifeBook Application Panel
"InstallShield_{7254349B-460B-488F-B4DB-A96100C5C48B}" = Power Saving Utility
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{BA0CC975-682B-4678-A35C-05E607F36387}" = Fujitsu Hotkey Utility
"InstallShield_{E8A5B78F-4456-4511-AB3D-E7BFFB974A7A}" = Fujitsu System Extension Utility
"InstallShield_{EC314CDF-3521-482B-A21C-65AC95664814}" = Fujitsu MobilityCenter Extension Utility
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.91
"SHOUTcast" = SHOUTcast DNAS Server v2
"Streamripper" = Streamripper (Remove only)
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 5.8.8
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

cosinus 11.10.2011 09:51
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

jeannjeann78 11.10.2011 11:22
Hallo,

habe alle im Ordner verzeichneten LOGS hochgeladen, durch die Systemwiederherstellung sind jedoch nur noch ältere LOGS vorhanden.

LG jeannjeann78

cosinus 11.10.2011 13:58
Das waren ja allesamt nur Quick- oder Flashscans.

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


jeannjeann78 11.10.2011 18:44
Hi,

hier schonmal der LOG von Malewarebytes, Eset läuft schon seit 4std. und ist gerade mal bei 50%, das wird wohl noch ne Weile dauern.

Bis dahin

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7922

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11.10.2011 18:29:48
mbam-log-2011-10-11 (18-29-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 352359
Laufzeit: 1 Stunde(n), 5 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

jeannjeann78 11.10.2011 21:27
Eset Log
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=ea21ddc88cea3443a235e5818c4f2787
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-11 01:43:44
# local_time=2011-10-11 03:43:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 72625 72625 0 0
# compatibility_mode=5893 16776574 100 94 19874299 69961384 0 0
# compatibility_mode=8192 67108863 100 0 99 99 0 0
# scanned=83790
# found=1
# cleaned=1
# scan_time=9089
C:\Users\xxxxxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\88743cf-44c42a33        Java/TrojanDownloader.Agent.ME trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=ea21ddc88cea3443a235e5818c4f2787
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-11 07:39:44
# local_time=2011-10-11 09:39:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 81833 81833 0 0
# compatibility_mode=5893 16776574 100 94 19883507 69970592 0 0
# compatibility_mode=8192 67108863 100 0 9307 9307 0 0
# scanned=187235
# found=4
# cleaned=0
# scan_time=21242
D:\Installationsdateien\Msn, ICQ\MsgPlusLive-490.exe        a variant of Win32/MessengerPlus application (unable to clean)        00000000000000000000000000000000        I
D:\xxxxxx-PC\Backup Set 2011-07-22 190002\Backup Files 2011-07-22 190002\Backup files 4.zip        Java/TrojanDownloader.Agent.ME trojan (unable to clean)        00000000000000000000000000000000        I
D:\xxxxxx-PC\Backup Set 2011-10-10 191627\Backup Files 2011-10-10 191627\Backup files 4.zip        Java/TrojanDownloader.Agent.ME trojan (unable to clean)        00000000000000000000000000000000        I
D:\SD Card\MSN\MsgPlusLive-490.exe        a variant of Win32/MessengerPlus application (unable to clean)        00000000000000000000000000000000        I

cosinus 12.10.2011 16:15
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

jeannjeann78 12.10.2011 18:35
Auftrag ausgeführt, hier der OTL LOG

Hast du denn in den letzten LOGS noch Anzeichen für eine Infizierung gefunden?

LG

OTL Logfile:
Code:
OTL logfile created on: 12.10.2011 17:36:40 - Run 2
OTL by OldTimer - Version 3.2.29.1    Folder = C:\Users\xxxxxx\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 52,71% Memory free
7,73 Gb Paging File | 5,88 Gb Available in Paging File | 76,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 75,00 Gb Total Space | 36,58 Gb Free Space | 48,77% Space Free | Partition Type: NTFS
Drive D: | 221,08 Gb Total Space | 152,66 Gb Free Space | 69,05% Space Free | Partition Type: NTFS
 
Computer Name: xxxxxx-PC | User Name: xxxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxxxxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (VFPRadioSupportService) -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe (CSR, plc)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (PowerSavingUtilityService) -- C:\Programme\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (WirelessSelectorService) -- C:\Programme\Fujitsu\WirelessSelector\WSUService.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (TestHandler) -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (ss_bmdm) -- C:\Windows\SysNative\drivers\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bserd) -- C:\Windows\SysNative\drivers\ss_bserd.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\SysNative\drivers\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\SysNative\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (FUJ02E3) -- C:\Windows\SysNative\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV:64bit: - (FUJ02B1) -- C:\Windows\SysNative\drivers\fuj02b1.sys (FUJITSU LIMITED)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.9.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: SQLiteManager@mrinalkant.blogspot.com:0.6.8
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..keyword.URL: "hxxp://www.infoaxe.com/enhancedsearch_add.jsp?cx=partner-pub-6808396145675874:xl345tirlb7&cof=FORID:10&ie=ISO-8859-1&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.17 12:17:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.10 19:44:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla\components [2011.10.10 19:26:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla\plugins [2011.10.10 19:44:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.17 12:17:01 | 000,000,000 | ---D | M]
 
[2011.04.21 23:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Extensions
[2011.10.11 19:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\tk577vqx.default\extensions
[2011.01.12 11:14:06 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\tk577vqx.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2011.01.01 18:56:50 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\tk577vqx.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
[2011.04.10 01:39:21 | 000,000,000 | ---D | M] (Modify Headers) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\tk577vqx.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2011.10.11 19:40:03 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\tk577vqx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.10.10 19:44:05 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\xxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TK577VQX.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\xxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TK577VQX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\xxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TK577VQX.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
() (No name found) -- C:\USERS\xxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TK577VQX.DEFAULT\EXTENSIONS\SQLITEMANAGER@MRINALKANT.BLOGSPOT.COM.XPI
() (No name found) -- C:\USERS\xxxxxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TK577VQX.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
 
O1 HOSTS File: ([2011.04.26 21:21:13 | 000,433,049 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        123fporn.info
O1 - Hosts: 14894 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives =  [binary data]
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\xxxxxx\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\xxxxxx\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {B959F5AD-247B-4F3F-AEE6-8E9D6A2614E3} hxxp://www.hardcorestation.net/WebClientV21/Mcam100v2ClientAX.cab (Mcam100v2ClientAX Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5B53F4E-71E3-4948-9C22-2A9FA7DE4073}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\cplkicker.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\csrbippushinitiatorwizard.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\psusetdlg.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\qtinit.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\cplkicker.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\csrbippushinitiatorwizard.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\hpwucli.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\itunes.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\psusetdlg.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\qtinit.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe
O33 - MountPoints2\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\Shell\option1\command - "" = E:\deskupdate\DeskUpdate.exe
O33 - MountPoints2\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\Shell\support\command - "" = E:\deskupdate\support.bat
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig:64bit - StartUpFolder: C:^Users^xxxxxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft SharePoint Workspace.lnk -  - File not found
MsConfig:64bit - StartUpReg: AusweisApp - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: DeskUpdateNotifier - hkey= - key= - C:\Program Files (x86)\Fujitsu\DeskUpdate\DeskUpdateNotifier.exe (Fujitsu Technology Solutions)
MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: IndicatorUtility - hkey= - key= - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
MsConfig:64bit - StartUpReg: KiesHelper - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
MsConfig:64bit - StartUpReg: KiesPDLR - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: OfficeSyncProcess - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
MsConfig:64bit - StartUpReg: PlusService - hkey= - key= - C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - StartUpReg: WinBooter - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.12 17:32:01 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\xxxxxx\Desktop\OTL.exe
[2011.10.12 15:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011.10.12 15:26:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2011.10.12 15:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2011.10.12 02:25:46 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Documents\Messenger Plus
[2011.10.12 02:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yuna Software
[2011.10.12 01:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
[2011.10.12 01:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.NET
[2011.10.12 01:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
[2011.10.11 13:10:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.10.11 12:18:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.10.11 12:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2011.10.10 19:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2011.10.10 19:43:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011.10.10 19:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011.10.10 19:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011.10.10 19:43:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2011.10.10 19:43:05 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Real
[2011.10.10 19:40:33 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Mozilla-Cache
[2011.10.10 19:40:00 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\HPAppData
[2011.10.10 19:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker
[2011.10.10 19:38:35 | 000,000,000 | ---D | C] -- C:\Programs
[2011.10.10 19:38:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
[2011.10.10 19:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnvSoft
[2011.10.10 17:02:22 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Avira
[2011.10.10 17:02:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.10 17:01:52 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.10 17:01:52 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.10 17:01:52 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.10.10 17:01:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.10 17:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.04.19 11:36:25 | 000,172,544 | ---- | C] (Europress Software) -- C:\Program Files\CNCS32.DLL
[2007.08.13 18:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\xxxxxx\AppData\Local\CDRip.dll
[2007.01.18 22:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\xxxxxx\AppData\Local\No23 Recorder.exe
[2006.12.11 20:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\xxxxxx\AppData\Local\basscd.dll
[2006.12.11 20:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\xxxxxx\AppData\Local\bass.dll
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.12 17:32:05 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxxx\Desktop\OTL.exe
[2011.10.12 17:28:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.12 17:28:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.12 16:20:10 | 000,007,626 | ---- | M] () -- C:\Users\xxxxxx\AppData\Local\Resmon.ResmonCfg
[2011.10.12 13:35:50 | 086,223,204 | ---- | M] () -- C:\Users\xxxxxx\Desktop\[c] hardandstyle.mp3
[2011.10.12 12:42:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.12 12:05:22 | 000,025,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.12 12:05:22 | 000,025,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.12 11:57:14 | 000,452,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.12 11:56:34 | 3111,567,360 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.12 11:47:35 | 001,535,862 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.12 11:47:35 | 000,660,010 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.12 11:47:35 | 000,621,246 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.12 11:47:35 | 000,132,250 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.12 11:47:35 | 000,108,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.12 01:47:12 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2011.10.12 01:42:24 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2011.10.11 15:36:51 | 000,233,802 | ---- | M] () -- C:\Windows\hpoins43.dat
[2011.10.10 22:02:39 | 000,000,020 | ---- | M] () -- C:\Users\xxxxxx\defogger_reenable
[2011.10.10 20:07:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.10.10 20:05:16 | 001,535,548 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.10 19:49:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.10 19:44:21 | 000,001,354 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011.10.10 19:43:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2011.10.10 19:39:57 | 000,001,695 | ---- | M] () -- C:\Users\xxxxxx\Desktop\PartyPoker.lnk
[2011.10.10 19:38:09 | 000,001,236 | ---- | M] () -- C:\Users\xxxxxx\Desktop\Any Video Converter.lnk
[2011.10.10 19:26:10 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.10.10 17:02:08 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.09.18 08:39:27 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.09.15 23:55:03 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.09.15 23:55:03 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.12 16:20:10 | 000,007,626 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\Resmon.ResmonCfg
[2011.10.12 13:34:37 | 086,223,204 | ---- | C] () -- C:\Users\xxxxxx\Desktop\[c] hardandstyle.mp3
[2011.10.12 01:45:17 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2011.10.12 01:42:24 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2011.10.11 15:30:15 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2011.10.10 22:02:39 | 000,000,020 | ---- | C] () -- C:\Users\xxxxxx\defogger_reenable
[2011.10.10 19:44:21 | 000,001,354 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011.10.10 19:39:57 | 000,001,695 | ---- | C] () -- C:\Users\xxxxxx\Desktop\PartyPoker.lnk
[2011.10.10 19:38:09 | 000,001,236 | ---- | C] () -- C:\Users\xxxxxx\Desktop\Any Video Converter.lnk
[2011.10.10 17:02:08 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.10.10 16:51:06 | 3111,567,360 | -HS- | C] () -- C:\hiberfil.sys
[2011.05.23 10:25:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.04.20 19:56:25 | 000,000,000 | ---- | C] () -- C:\Windows\popcinfo.dat
[2011.04.19 11:36:25 | 000,000,087 | ---- | C] () -- C:\Program Files\config.ini
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.02.20 16:34:56 | 000,001,471 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\RecConfig.xml
[2011.02.17 12:03:15 | 000,233,802 | ---- | C] () -- C:\Windows\hpoins43.dat
[2011.02.07 18:19:39 | 000,014,848 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.29 18:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.01.29 18:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.01.29 18:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.01.29 18:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.01.29 18:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.01.22 12:50:41 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2011.01.19 22:22:14 | 000,019,456 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\WebpageIcons.db
[2011.01.05 00:24:23 | 001,535,548 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.22 14:38:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.22 11:50:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.10.07 10:20:16 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.01.29 23:11:51 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2009.10.06 09:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2007.08.13 18:46:00 | 000,155,136 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\lame_enc.dll
[2006.10.26 02:06:48 | 000,064,000 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\vorbisenc.dll
[2006.10.26 02:06:48 | 000,019,456 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\vorbisfile.dll
[2006.10.26 02:06:46 | 000,143,872 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\vorbis.dll
[2006.10.26 02:06:36 | 000,015,872 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\ogg.dll
[2005.08.23 23:34:06 | 000,029,184 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\no23xwrapper.dll
 
========== LOP Check ==========
 
[2011.01.24 09:41:51 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\AveDesk
[2010.12.25 16:26:34 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\DAEMON Tools Lite
[2011.03.11 16:13:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\GetRightToGo
[2011.05.17 12:35:14 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\gtk-2.0
[2011.06.28 15:29:52 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Gutscheinmieze
[2011.10.11 21:17:53 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\ICQ
[2010.12.22 21:59:55 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\ICQ-Tools.de
[2011.07.06 18:09:41 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\JonDo
[2011.04.15 10:33:55 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\LibreOffice
[2011.01.01 17:26:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Local
[2010.12.22 18:19:21 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Opera
[2011.02.07 18:15:16 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Samsung
[2011.04.12 21:56:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\streamripper
[2010.12.23 02:09:25 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Tific
[2010.12.22 20:04:29 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\TuneUp Software
[2011.05.12 19:01:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.01.03 01:42:42 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Adobe
[2011.02.08 16:31:29 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Apple Computer
[2010.12.22 12:34:43 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\ATI
[2011.01.24 09:41:51 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\AveDesk
[2011.10.10 17:02:22 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Avira
[2011.05.17 13:33:57 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Corel
[2010.12.25 16:26:34 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\DAEMON Tools Lite
[2011.01.01 17:19:51 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\DivX
[2011.03.11 16:13:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\GetRightToGo
[2011.05.17 12:35:14 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\gtk-2.0
[2011.06.28 15:29:52 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Gutscheinmieze
[2011.02.17 13:26:41 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\HP
[2011.10.10 19:40:00 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\HPAppData
[2011.05.16 10:05:08 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\HpUpdate
[2011.10.11 21:17:53 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\ICQ
[2010.12.22 21:59:55 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\ICQ-Tools.de
[2010.12.22 11:57:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Identities
[2011.07.06 18:09:41 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\JonDo
[2011.04.15 10:33:55 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\LibreOffice
[2011.01.01 17:26:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Local
[2010.12.22 14:46:11 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Macromedia
[2011.04.26 20:49:45 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Media Center Programs
[2011.06.27 14:46:58 | 000,000,000 | --SD | M] -- C:\Users\xxxxxx\AppData\Roaming\Microsoft
[2011.06.09 17:45:28 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Mozilla
[2011.10.10 19:41:23 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Mozilla-Cache
[2010.12.22 18:19:21 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Opera
[2011.10.10 19:44:49 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Real
[2011.02.07 18:15:16 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Samsung
[2011.07.04 12:57:07 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Skype
[2011.07.04 12:56:24 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\skypePM
[2011.04.12 21:56:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\streamripper
[2010.12.23 02:09:25 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Tific
[2010.12.22 20:04:29 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\TuneUp Software
[2011.06.27 14:45:59 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\vlc
[2011.07.11 17:12:26 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Winamp
[2010.12.22 13:34:40 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\WinRAR
[2011.02.17 12:17:39 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2011.04.11 12:03:04 | 000,010,134 | R--- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Installer\{0A80329D-1B59-4F10-8D1D-924C59B2840B}\ARPPRODUCTICON.exe
[2011.02.20 15:36:08 | 000,003,262 | R--- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\controlPanelIcon.exe
[2011.02.20 15:36:08 | 000,010,134 | R--- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\SystemFolder_msiexec.exe
[2011.02.26 16:11:40 | 000,013,094 | R--- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Installer\{D65B333F-DE89-4DED-A710-6A6B9C198DD7}\_129941FAE31D503703A57D.exe
[2011.02.26 16:11:40 | 000,013,094 | R--- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Installer\{D65B333F-DE89-4DED-A710-6A6B9C198DD7}\_4BFCBC08E78DC53D9B2457.exe
[2011.02.26 16:11:40 | 000,013,094 | R--- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Installer\{D65B333F-DE89-4DED-A710-6A6B9C198DD7}\_6FEFF9B68218417F98F549.exe
[2010.12.25 15:59:10 | 000,010,134 | R--- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.05.16 08:42:28 | 000,188,152 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\tk577vqx.default\FlashGot.exe
[2011.06.24 08:54:50 | 000,358,800 | ---- | M] (ml) -- C:\Users\xxxxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\temp\Kies.Update.exe
[2011.06.24 08:54:50 | 000,358,800 | ---- | M] (ml) -- C:\Users\xxxxxx\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2009.01.27 17:22:08 | 000,185,360 | ---- | M] (Advanced Micro Devices, Inc) MD5=7DD8BAD13BEE750AFC67331797A57F70 -- C:\DeskUpdate.tmp\1051519\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2010.10.07 10:20:18 | 000,185,360 | ---- | M] (Advanced Micro Devices, Inc) MD5=7DD8BAD13BEE750AFC67331797A57F70 -- C:\ProgramData\Fujitsu\DeskUpdate\1053772\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2010.10.07 10:20:18 | 000,185,360 | ---- | M] (Advanced Micro Devices, Inc) MD5=7DD8BAD13BEE750AFC67331797A57F70 -- C:\Users\All Users\Fujitsu\DeskUpdate\1053772\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.11.20 01:00:00 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.11.20 01:00:00 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_53f33454d751d4bd\iaStor.sys
[2009.11.20 01:00:00 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_59158fde2592da5a\iaStor.sys
[2010.06.08 11:33:14 | 000,540,696 | ---- | M] (Intel Corporation) MD5=2064090C9FAAD92C090D77E50E735B2E -- C:\ProgramData\Fujitsu\DeskUpdate\1052308\iaStor.sys
[2010.06.08 11:33:14 | 000,540,696 | ---- | M] (Intel Corporation) MD5=2064090C9FAAD92C090D77E50E735B2E -- C:\Users\All Users\Fujitsu\DeskUpdate\1052308\iaStor.sys
[2010.06.08 11:33:14 | 000,540,696 | ---- | M] (Intel Corporation) MD5=2064090C9FAAD92C090D77E50E735B2E -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_b2da0d5f1235b4d6\iaStor.sys
[2010.04.22 14:12:38 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\DeskUpdate.tmp\1048246\iaStor.sys
[2010.04.22 14:12:38 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 06:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 06:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 06:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 06:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 05:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 05:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 06:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 06:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 05:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 05:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 06:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 06:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 05:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 05:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 06:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 06:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 05:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 06:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 06:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\xxxxxx\Downloads:Shareaza.GUID
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:6DA3BBF2

< End of report >
--- --- ---

cosinus 12.10.2011 18:55
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe
O33 - MountPoints2\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\Shell\option1\command - "" = E:\deskupdate\DeskUpdate.exe
O33 - MountPoints2\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\Shell\support\command - "" = E:\deskupdate\support.bat
[2011.10.11 15:30:15 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
@Alternate Data Stream - 16 bytes -> C:\Users\xxxxxx\Downloads:Shareaza.GUID
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:6DA3BBF2
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

jeannjeann78 12.10.2011 18:59
Ach ja eine Frage was soll das hier eigentlich bedeuten

Code:
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\xxxxxx\Downloads:Shareaza.GUID
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:6DA3BBF2
Habe Shareaza nicht auf meinem PC und die Tempdatei existiert auch nicht. :wtf:

cosinus 12.10.2011 19:01
Bitte führ doch einfach den Fix aus wie o.a. - ich weiß schon was ich da renkopiert habe

jeannjeann78 12.10.2011 19:14
So erledigt dein Post hatte sich wohl mit meinem überschnitten, wollte dir da in nichts rein reden :lach:

Hier der LOG

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\ not found.
File E:\start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\ not found.
File E:\deskupdate\DeskUpdate.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8df89ab2-0db0-11e0-809a-806e6f6e6963}\ not found.
File E:\deskupdate\support.bat not found.
C:\Windows\hpomdl43.dat.temp moved successfully.
Unable to delete ADS C:\Users\jeannjeann\Downloads:Shareaza.GUID .
ADS C:\ProgramData\TEMP:6DA3BBF2 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: JeannJeann
->Temp folder emptied: 59174924 bytes
->Temporary Internet Files folder emptied: 6597433 bytes
->Java cache emptied: 3797970 bytes
->FireFox cache emptied: 57138059 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 5090 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 576951164 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43409283 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 17733 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 713,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.29.1 log created on 10122011_200423

Files\Folders moved on Reboot...
C:\Users\JeannJeann\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus 12.10.2011 19:16
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

jeannjeann78 12.10.2011 19:25
Kaspersky Log

Code:
20:20:04.0473 3604        TDSS rootkit removing tool 2.6.8.0 Oct 12 2011 07:30:54
20:20:04.0774 3604        ============================================================
20:20:04.0774 3604        Current date / time: 2011/10/12 20:20:04.0773
20:20:04.0774 3604        SystemInfo:
20:20:04.0774 3604       
20:20:04.0774 3604        OS Version: 6.1.7601 ServicePack: 1.0
20:20:04.0774 3604        Product type: Workstation
20:20:04.0774 3604        ComputerName: JEANNJEANN-PC
20:20:04.0774 3604        UserName: JeannJeann
20:20:04.0774 3604        Windows directory: C:\Windows
20:20:04.0774 3604        System windows directory: C:\Windows
20:20:04.0774 3604        Running under WOW64
20:20:04.0775 3604        Processor architecture: Intel x64
20:20:04.0775 3604        Number of processors: 2
20:20:04.0775 3604        Page size: 0x1000
20:20:04.0775 3604        Boot type: Normal boot
20:20:04.0775 3604        ============================================================
20:20:05.0487 3604        Initialize success
20:21:53.0550 1760        ============================================================
20:21:53.0550 1760        Scan started
20:21:53.0550 1760        Mode: Manual; SigCheck; TDLFS;
20:21:53.0550 1760        ============================================================
20:21:53.0893 1760        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:21:53.0971 1760        1394ohci - ok
20:21:54.0003 1760        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:21:54.0018 1760        ACPI - ok
20:21:54.0049 1760        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:21:54.0096 1760        AcpiPmi - ok
20:21:54.0190 1760        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:21:54.0205 1760        adp94xx - ok
20:21:54.0299 1760        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:21:54.0315 1760        adpahci - ok
20:21:54.0346 1760        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:21:54.0361 1760        adpu320 - ok
20:21:54.0424 1760        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:21:54.0455 1760        AFD - ok
20:21:54.0549 1760        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:21:54.0549 1760        agp440 - ok
20:21:54.0580 1760        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:21:54.0595 1760        aliide - ok
20:21:54.0642 1760        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:21:54.0642 1760        amdide - ok
20:21:54.0673 1760        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:21:54.0720 1760        AmdK8 - ok
20:21:54.0985 1760        amdkmdag        (21d749e3c8140b16c40a8273fd747899) C:\Windows\system32\DRIVERS\atikmdag.sys
20:21:55.0375 1760        amdkmdag - ok
20:21:55.0485 1760        amdkmdap        (1aa6f50a8e7f8413377c979cef5218a5) C:\Windows\system32\DRIVERS\atikmpag.sys
20:21:55.0531 1760        amdkmdap - ok
20:21:55.0563 1760        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:21:55.0594 1760        AmdPPM - ok
20:21:55.0672 1760        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:21:55.0687 1760        amdsata - ok
20:21:55.0719 1760        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:21:55.0734 1760        amdsbs - ok
20:21:55.0765 1760        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:21:55.0781 1760        amdxata - ok
20:21:55.0906 1760        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:21:55.0968 1760        AppID - ok
20:21:56.0093 1760        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:21:56.0093 1760        arc - ok
20:21:56.0124 1760        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:21:56.0124 1760        arcsas - ok
20:21:56.0155 1760        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:21:56.0233 1760        AsyncMac - ok
20:21:56.0311 1760        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:21:56.0327 1760        atapi - ok
20:21:56.0389 1760        athr            (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys
20:21:56.0452 1760        athr - ok
20:21:56.0545 1760        AtiHDAudioService (fda1e117a7e880bff5540d180c06ea87) C:\Windows\system32\drivers\AtihdW76.sys
20:21:56.0577 1760        AtiHDAudioService - ok
20:21:56.0608 1760        AtiHdmiService  (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
20:21:56.0623 1760        AtiHdmiService - ok
20:21:56.0811 1760        atikmdag        (21d749e3c8140b16c40a8273fd747899) C:\Windows\system32\DRIVERS\atikmdag.sys
20:21:56.0920 1760        atikmdag - ok
20:21:57.0091 1760        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
20:21:57.0107 1760        avgntflt - ok
20:21:57.0169 1760        avipbb          (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
20:21:57.0185 1760        avipbb - ok
20:21:57.0279 1760        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:21:57.0279 1760        avkmgr - ok
20:21:57.0325 1760        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:21:57.0372 1760        b06bdrv - ok
20:21:57.0450 1760        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:21:57.0497 1760        b57nd60a - ok
20:21:57.0528 1760        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:21:57.0622 1760        Beep - ok
20:21:57.0715 1760        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:21:57.0747 1760        blbdrive - ok
20:21:57.0793 1760        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:21:57.0809 1760        bowser - ok
20:21:57.0887 1760        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:21:57.0934 1760        BrFiltLo - ok
20:21:57.0949 1760        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:21:57.0965 1760        BrFiltUp - ok
20:21:57.0996 1760        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:21:58.0027 1760        Brserid - ok
20:21:58.0121 1760        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:21:58.0152 1760        BrSerWdm - ok
20:21:58.0152 1760        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:21:58.0199 1760        BrUsbMdm - ok
20:21:58.0199 1760        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:21:58.0230 1760        BrUsbSer - ok
20:21:58.0339 1760        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
20:21:58.0371 1760        BthEnum - ok
20:21:58.0402 1760        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:21:58.0417 1760        BTHMODEM - ok
20:21:58.0511 1760        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:21:58.0542 1760        BthPan - ok
20:21:58.0605 1760        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
20:21:58.0636 1760        BTHPORT - ok
20:21:58.0745 1760        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
20:21:58.0776 1760        BTHUSB - ok
20:21:58.0807 1760        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:21:58.0870 1760        cdfs - ok
20:21:58.0948 1760        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:21:58.0995 1760        cdrom - ok
20:21:59.0026 1760        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:21:59.0057 1760        circlass - ok
20:21:59.0166 1760        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:21:59.0182 1760        CLFS - ok
20:21:59.0229 1760        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:21:59.0244 1760        CmBatt - ok
20:21:59.0322 1760        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:21:59.0338 1760        cmdide - ok
20:21:59.0369 1760        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
20:21:59.0400 1760        CNG - ok
20:21:59.0463 1760        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:21:59.0478 1760        Compbatt - ok
20:21:59.0509 1760        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:21:59.0541 1760        CompositeBus - ok
20:21:59.0572 1760        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:21:59.0572 1760        crcdisk - ok
20:21:59.0681 1760        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
20:21:59.0728 1760        CSC - ok
20:21:59.0837 1760        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:21:59.0884 1760        DfsC - ok
20:21:59.0993 1760        dgderdrv - ok
20:22:00.0040 1760        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:22:00.0102 1760        discache - ok
20:22:00.0180 1760        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:22:00.0196 1760        Disk - ok
20:22:00.0243 1760        Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
20:22:00.0274 1760        Dot4 - ok
20:22:00.0352 1760        Dot4Print      (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:22:00.0383 1760        Dot4Print - ok
20:22:00.0414 1760        dot4usb        (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
20:22:00.0461 1760        dot4usb - ok
20:22:00.0555 1760        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:22:00.0586 1760        drmkaud - ok
20:22:00.0648 1760        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:22:00.0679 1760        DXGKrnl - ok
20:22:00.0835 1760        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:22:00.0960 1760        ebdrv - ok
20:22:01.0069 1760        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:22:01.0101 1760        elxstor - ok
20:22:01.0179 1760        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:22:01.0225 1760        ErrDev - ok
20:22:01.0272 1760        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:22:01.0350 1760        exfat - ok
20:22:01.0428 1760        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:22:01.0491 1760        fastfat - ok
20:22:01.0522 1760        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:22:01.0553 1760        fdc - ok
20:22:01.0647 1760        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:22:01.0662 1760        FileInfo - ok
20:22:01.0678 1760        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:22:01.0740 1760        Filetrace - ok
20:22:01.0771 1760        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:22:01.0787 1760        flpydisk - ok
20:22:01.0881 1760        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:22:01.0896 1760        FltMgr - ok
20:22:01.0943 1760        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:22:01.0959 1760        FsDepends - ok
20:22:02.0037 1760        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:22:02.0037 1760        Fs_Rec - ok
20:22:02.0068 1760        FUJ02B1        (ba0c1ffda496d8bcbcac63f8d98d20e3) C:\Windows\system32\DRIVERS\FUJ02B1.sys
20:22:02.0083 1760        FUJ02B1 - ok
20:22:02.0099 1760        FUJ02E3        (7135030cbf87d724b6037bb023923730) C:\Windows\system32\DRIVERS\FUJ02E3.sys
20:22:02.0130 1760        FUJ02E3 - ok
20:22:02.0224 1760        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:22:02.0239 1760        fvevol - ok
20:22:02.0271 1760        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:22:02.0286 1760        gagp30kx - ok
20:22:02.0317 1760        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:22:02.0317 1760        GEARAspiWDM - ok
20:22:02.0458 1760        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:22:02.0489 1760        hcw85cir - ok
20:22:02.0536 1760        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:22:02.0567 1760        HdAudAddService - ok
20:22:02.0645 1760        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:22:02.0692 1760        HDAudBus - ok
20:22:02.0723 1760        HECIx64        (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
20:22:02.0723 1760        HECIx64 - ok
20:22:02.0754 1760        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:22:02.0785 1760        HidBatt - ok
20:22:02.0879 1760        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:22:02.0941 1760        HidBth - ok
20:22:02.0941 1760        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:22:03.0004 1760        HidIr - ok
20:22:03.0066 1760        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:22:03.0097 1760        HidUsb - ok
20:22:03.0207 1760        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:22:03.0222 1760        HpSAMD - ok
20:22:03.0269 1760        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:22:03.0347 1760        HTTP - ok
20:22:03.0441 1760        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:22:03.0456 1760        hwpolicy - ok
20:22:03.0487 1760        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:22:03.0503 1760        i8042prt - ok
20:22:03.0550 1760        iaStor          (073a606333b6f7bbf20aa856df7f0997) C:\Windows\system32\DRIVERS\iaStor.sys
20:22:03.0565 1760        iaStor - ok
20:22:03.0659 1760        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:22:03.0675 1760        iaStorV - ok
20:22:03.0721 1760        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:22:03.0721 1760        iirsp - ok
20:22:03.0815 1760        IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys
20:22:03.0862 1760        IntcAzAudAddService - ok
20:22:03.0955 1760        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:22:03.0971 1760        intelide - ok
20:22:04.0002 1760        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:22:04.0033 1760        intelppm - ok
20:22:04.0143 1760        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:22:04.0189 1760        IpFilterDriver - ok
20:22:04.0252 1760        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:22:04.0283 1760        IPMIDRV - ok
20:22:04.0345 1760        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:22:04.0423 1760        IPNAT - ok
20:22:04.0455 1760        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:22:04.0486 1760        IRENUM - ok
20:22:04.0579 1760        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:22:04.0579 1760        isapnp - ok
20:22:04.0611 1760        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:22:04.0626 1760        iScsiPrt - ok
20:22:04.0657 1760        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:22:04.0657 1760        kbdclass - ok
20:22:04.0689 1760        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:22:04.0720 1760        kbdhid - ok
20:22:04.0829 1760        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
20:22:04.0845 1760        KSecDD - ok
20:22:04.0860 1760        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
20:22:04.0876 1760        KSecPkg - ok
20:22:04.0907 1760        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:22:04.0969 1760        ksthunk - ok
20:22:05.0079 1760        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:22:05.0141 1760        lltdio - ok
20:22:05.0188 1760        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:22:05.0203 1760        LSI_FC - ok
20:22:05.0219 1760        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:22:05.0235 1760        LSI_SAS - ok
20:22:05.0313 1760        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:22:05.0328 1760        LSI_SAS2 - ok
20:22:05.0359 1760        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:22:05.0375 1760        LSI_SCSI - ok
20:22:05.0406 1760        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:22:05.0453 1760        luafv - ok
20:22:05.0562 1760        MBAMProtector  (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
20:22:05.0578 1760        MBAMProtector - ok
20:22:05.0625 1760        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:22:05.0640 1760        megasas - ok
20:22:05.0671 1760        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:22:05.0687 1760        MegaSR - ok
20:22:05.0812 1760        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:22:05.0874 1760        Modem - ok
20:22:05.0905 1760        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:22:05.0937 1760        monitor - ok
20:22:06.0046 1760        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:22:06.0046 1760        mouclass - ok
20:22:06.0077 1760        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:22:06.0108 1760        mouhid - ok
20:22:06.0186 1760        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:22:06.0202 1760        mountmgr - ok
20:22:06.0249 1760        MpFilter        (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
20:22:06.0264 1760        MpFilter - ok
20:22:06.0342 1760        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:22:06.0358 1760        mpio - ok
20:22:06.0389 1760        MpNWMon        (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
20:22:06.0405 1760        MpNWMon - ok
20:22:06.0420 1760        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:22:06.0483 1760        mpsdrv - ok
20:22:06.0576 1760        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:22:06.0623 1760        MRxDAV - ok
20:22:06.0654 1760        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:22:06.0685 1760        mrxsmb - ok
20:22:06.0779 1760        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:22:06.0810 1760        mrxsmb10 - ok
20:22:06.0857 1760        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:22:06.0873 1760        mrxsmb20 - ok
20:22:06.0966 1760        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:22:06.0966 1760        msahci - ok
20:22:07.0013 1760        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:22:07.0013 1760        msdsm - ok
20:22:07.0060 1760        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:22:07.0107 1760        Msfs - ok
20:22:07.0169 1760        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:22:07.0216 1760        mshidkmdf - ok
20:22:07.0263 1760        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:22:07.0263 1760        msisadrv - ok
20:22:07.0325 1760        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:22:07.0372 1760        MSKSSRV - ok
20:22:07.0481 1760        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:22:07.0543 1760        MSPCLOCK - ok
20:22:07.0575 1760        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:22:07.0621 1760        MSPQM - ok
20:22:07.0653 1760        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:22:07.0668 1760        MsRPC - ok
20:22:07.0777 1760        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:22:07.0777 1760        mssmbios - ok
20:22:07.0824 1760        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:22:07.0887 1760        MSTEE - ok
20:22:07.0918 1760        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:22:07.0933 1760        MTConfig - ok
20:22:08.0027 1760        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:22:08.0043 1760        Mup - ok
20:22:08.0074 1760        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:22:08.0105 1760        NativeWifiP - ok
20:22:08.0152 1760        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:22:08.0183 1760        NDIS - ok
20:22:08.0277 1760        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:22:08.0339 1760        NdisCap - ok
20:22:08.0355 1760        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:22:08.0401 1760        NdisTapi - ok
20:22:08.0448 1760        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:22:08.0495 1760        Ndisuio - ok
20:22:08.0589 1760        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:22:08.0651 1760        NdisWan - ok
20:22:08.0698 1760        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:22:08.0760 1760        NDProxy - ok
20:22:08.0869 1760        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:22:08.0932 1760        NetBIOS - ok
20:22:08.0979 1760        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:22:09.0041 1760        NetBT - ok
20:22:09.0150 1760        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:22:09.0166 1760        nfrd960 - ok
20:22:09.0228 1760        NisDrv          (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:22:09.0228 1760        NisDrv - ok
20:22:09.0322 1760        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:22:09.0384 1760        Npfs - ok
20:22:09.0415 1760        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:22:09.0478 1760        nsiproxy - ok
20:22:09.0603 1760        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:22:09.0649 1760        Ntfs - ok
20:22:09.0727 1760        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:22:09.0774 1760        Null - ok
20:22:09.0821 1760        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:22:09.0837 1760        nvraid - ok
20:22:09.0899 1760        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:22:09.0915 1760        nvstor - ok
20:22:09.0961 1760        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:22:09.0977 1760        nv_agp - ok
20:22:10.0024 1760        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:22:10.0055 1760        ohci1394 - ok
20:22:10.0164 1760        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:22:10.0180 1760        Parport - ok
20:22:10.0227 1760        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:22:10.0242 1760        partmgr - ok
20:22:10.0273 1760        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:22:10.0289 1760        pci - ok
20:22:10.0351 1760        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:22:10.0367 1760        pciide - ok
20:22:10.0398 1760        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:22:10.0414 1760        pcmcia - ok
20:22:10.0445 1760        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:22:10.0445 1760        pcw - ok
20:22:10.0476 1760        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:22:10.0554 1760        PEAUTH - ok
20:22:10.0710 1760        Point64        (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
20:22:10.0726 1760        Point64 - ok
20:22:10.0819 1760        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:22:10.0882 1760        PptpMiniport - ok
20:22:10.0960 1760        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:22:10.0991 1760        Processor - ok
20:22:11.0069 1760        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:22:11.0131 1760        Psched - ok
20:22:11.0194 1760        PxHlpa64 - ok
20:22:11.0256 1760        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:22:11.0303 1760        ql2300 - ok
20:22:11.0397 1760        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:22:11.0412 1760        ql40xx - ok
20:22:11.0443 1760        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:22:11.0475 1760        QWAVEdrv - ok
20:22:11.0553 1760        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:22:11.0615 1760        RasAcd - ok
20:22:11.0646 1760        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:22:11.0693 1760        RasAgileVpn - ok
20:22:11.0802 1760        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:22:11.0865 1760        Rasl2tp - ok
20:22:11.0896 1760        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:22:11.0943 1760        RasPppoe - ok
20:22:11.0958 1760        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:22:12.0021 1760        RasSstp - ok
20:22:12.0130 1760        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:22:12.0192 1760        rdbss - ok
20:22:12.0223 1760        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:22:12.0255 1760        rdpbus - ok
20:22:12.0333 1760        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:22:12.0395 1760        RDPCDD - ok
20:22:12.0442 1760        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
20:22:12.0473 1760        RDPDR - ok
20:22:12.0567 1760        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:22:12.0613 1760        RDPENCDD - ok
20:22:12.0645 1760        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:22:12.0691 1760        RDPREFMP - ok
20:22:12.0801 1760        RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
20:22:12.0816 1760        RdpVideoMiniport - ok
20:22:12.0863 1760        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:22:12.0910 1760        RDPWD - ok
20:22:12.0941 1760        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:22:12.0957 1760        rdyboost - ok
20:22:13.0066 1760        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:22:13.0097 1760        RFCOMM - ok
20:22:13.0159 1760        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:22:13.0191 1760        rspndr - ok
20:22:13.0284 1760        RSUSBSTOR      (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
20:22:13.0315 1760        RSUSBSTOR - ok
20:22:13.0362 1760        RTL8167        (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:22:13.0378 1760        RTL8167 - ok
20:22:13.0425 1760        RtsUIR - ok
20:22:13.0471 1760        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:22:13.0487 1760        sbp2port - ok
20:22:13.0534 1760        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:22:13.0596 1760        scfilter - ok
20:22:13.0705 1760        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:22:13.0783 1760        secdrv - ok
20:22:13.0830 1760        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:22:13.0846 1760        Serenum - ok
20:22:13.0955 1760        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:22:13.0986 1760        Serial - ok
20:22:14.0017 1760        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:22:14.0033 1760        sermouse - ok
20:22:14.0095 1760        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:22:14.0127 1760        sffdisk - ok
20:22:14.0205 1760        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:22:14.0251 1760        sffp_mmc - ok
20:22:14.0283 1760        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:22:14.0329 1760        sffp_sd - ok
20:22:14.0423 1760        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:22:14.0439 1760        sfloppy - ok
20:22:14.0501 1760        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:22:14.0501 1760        SiSRaid2 - ok
20:22:14.0532 1760        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:22:14.0548 1760        SiSRaid4 - ok
20:22:14.0641 1760        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:22:14.0719 1760        Smb - ok
20:22:14.0766 1760        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:22:14.0766 1760        spldr - ok
20:22:14.0844 1760        sptd            (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
20:22:14.0875 1760        sptd - ok
20:22:14.0969 1760        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:22:15.0016 1760        srv - ok
20:22:15.0125 1760        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:22:15.0156 1760        srv2 - ok
20:22:15.0203 1760        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:22:15.0234 1760        srvnet - ok
20:22:15.0343 1760        ss_bbus        (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys
20:22:15.0359 1760        ss_bbus - ok
20:22:15.0390 1760        ss_bmdfl        (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
20:22:15.0406 1760        ss_bmdfl - ok
20:22:15.0453 1760        ss_bmdm        (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys
20:22:15.0468 1760        ss_bmdm - ok
20:22:15.0562 1760        ss_bserd        (677cdc98f8363accaae783fde1599c2a) C:\Windows\system32\DRIVERS\ss_bserd.sys
20:22:15.0577 1760        ss_bserd - ok
20:22:15.0609 1760        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:22:15.0624 1760        stexstor - ok
20:22:15.0655 1760        StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
20:22:15.0718 1760        StillCam - ok
20:22:15.0811 1760        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:22:15.0827 1760        swenum - ok
20:22:15.0874 1760        Synth3dVsc - ok
20:22:15.0921 1760        SynTP          (2f827bb08cc7f1a17df2ead7b424d731) C:\Windows\system32\DRIVERS\SynTP.sys
20:22:15.0936 1760        SynTP - ok
20:22:16.0108 1760        Tcpip          (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
20:22:16.0170 1760        Tcpip - ok
20:22:16.0326 1760        TCPIP6          (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
20:22:16.0357 1760        TCPIP6 - ok
20:22:16.0467 1760        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:22:16.0576 1760        tcpipreg - ok
20:22:16.0623 1760        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:22:16.0669 1760        TDPIPE - ok
20:22:16.0763 1760        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:22:16.0857 1760        TDTCP - ok
20:22:16.0888 1760        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:22:16.0935 1760        tdx - ok
20:22:17.0028 1760        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:22:17.0044 1760        TermDD - ok
20:22:17.0091 1760        TFsExDisk      (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
20:22:17.0106 1760        TFsExDisk - ok
20:22:17.0169 1760        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:22:17.0231 1760        tssecsrv - ok
20:22:17.0309 1760        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:22:17.0340 1760        TsUsbFlt - ok
20:22:17.0371 1760        tsusbhub - ok
20:22:17.0481 1760        TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
20:22:17.0496 1760        TuneUpUtilitiesDrv - ok
20:22:17.0574 1760        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:22:17.0637 1760        tunnel - ok
20:22:17.0668 1760        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:22:17.0683 1760        uagp35 - ok
20:22:17.0715 1760        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:22:17.0777 1760        udfs - ok
20:22:17.0871 1760        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:22:17.0886 1760        uliagpkx - ok
20:22:17.0933 1760        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:22:17.0964 1760        umbus - ok
20:22:18.0011 1760        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:22:18.0042 1760        UmPass - ok
20:22:18.0151 1760        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:22:18.0183 1760        usbccgp - ok
20:22:18.0214 1760        USBCCID - ok
20:22:18.0261 1760        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:22:18.0292 1760        usbcir - ok
20:22:18.0385 1760        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:22:18.0417 1760        usbehci - ok
20:22:18.0463 1760        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:22:18.0510 1760        usbhub - ok
20:22:18.0573 1760        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:22:18.0604 1760        usbohci - ok
20:22:18.0666 1760        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:22:18.0697 1760        usbprint - ok
20:22:18.0791 1760        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:22:18.0838 1760        usbscan - ok
20:22:18.0900 1760        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:22:18.0916 1760        USBSTOR - ok
20:22:18.0994 1760        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:22:19.0041 1760        usbuhci - ok
20:22:19.0103 1760        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:22:19.0134 1760        usbvideo - ok
20:22:19.0228 1760        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:22:19.0243 1760        vdrvroot - ok
20:22:19.0306 1760        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:22:19.0321 1760        vga - ok
20:22:19.0337 1760        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:22:19.0399 1760        VgaSave - ok
20:22:19.0462 1760        VGPU - ok
20:22:19.0540 1760        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:22:19.0571 1760        vhdmp - ok
20:22:19.0602 1760        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:22:19.0618 1760        viaide - ok
20:22:19.0696 1760        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:22:19.0711 1760        volmgr - ok
20:22:19.0743 1760        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:22:19.0774 1760        volmgrx - ok
20:22:19.0805 1760        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:22:19.0821 1760        volsnap - ok
20:22:19.0867 1760        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:22:19.0883 1760        vsmraid - ok
20:22:19.0961 1760        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:22:20.0008 1760        vwifibus - ok
20:22:20.0055 1760        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:22:20.0086 1760        vwififlt - ok
20:22:20.0164 1760        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:22:20.0211 1760        vwifimp - ok
20:22:20.0257 1760        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:22:20.0289 1760        WacomPen - ok
20:22:20.0367 1760        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:22:20.0445 1760        WANARP - ok
20:22:20.0460 1760        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:22:20.0507 1760        Wanarpv6 - ok
20:22:20.0585 1760        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:22:20.0585 1760        Wd - ok
20:22:20.0632 1760        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:22:20.0679 1760        Wdf01000 - ok
20:22:20.0741 1760        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:22:20.0788 1760        WfpLwf - ok
20:22:20.0835 1760        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:22:20.0850 1760        WIMMount - ok
20:22:20.0991 1760        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:22:21.0037 1760        WinUsb - ok
20:22:21.0178 1760        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:22:21.0225 1760        WmiAcpi - ok
20:22:21.0303 1760        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:22:21.0349 1760        ws2ifsl - ok
20:22:21.0443 1760        WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
20:22:21.0490 1760        WSDPrintDevice - ok
20:22:21.0568 1760        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:22:21.0630 1760        WudfPf - ok
20:22:21.0724 1760        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:22:21.0786 1760        WUDFRd - ok
20:22:21.0849 1760        xusb21          (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
20:22:21.0880 1760        xusb21 - ok
20:22:21.0942 1760        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:22:22.0020 1760        \Device\Harddisk0\DR0 - ok
20:22:22.0051 1760        Boot (0x1200)  (b488528d5d1117839c134540363ba147) \Device\Harddisk0\DR0\Partition0
20:22:22.0051 1760        \Device\Harddisk0\DR0\Partition0 - ok
20:22:22.0067 1760        Boot (0x1200)  (9354e5a19e9acec8a9528c0b25d48aae) \Device\Harddisk0\DR0\Partition1
20:22:22.0067 1760        \Device\Harddisk0\DR0\Partition1 - ok
20:22:22.0067 1760        ============================================================
20:22:22.0067 1760        Scan finished
20:22:22.0067 1760        ============================================================
20:22:22.0098 0692        Detected object count: 0
20:22:22.0098 0692        Actual detected object count: 0

jeannjeann78 12.10.2011 19:27
Jetzt gibt mir nur noch eine Datei zu denken

C:\Windows\System32\l3codeca.acm

oder ist das nix wildes?

cosinus 13.10.2011 23:39
Zitat:
Jetzt gibt mir nur noch eine Datei zu denken
C:\Windows\System32\l3codeca.acm
oder ist das nix wildes?
Ist das so schwierig eine Googlesuche nach Dateinamen zu machen?

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:57 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131