Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Smart Fortress 2012 auf Windows 7 Professional (32bit) (https://www.trojaner-board.de/114604-smart-fortress-2012-windows-7-professional-32bit.html)

beckejr 03.05.2012 14:27
Smart Fortress 2012 auf Windows 7 Professional (32bit)
 
Hallo zusammen,

ich habe mir soeben scheinbar einen "Smart Fortress 2012" Trojaner eingefangen. :balla:

Die Anweisungen zum entfernen hier habe ich erfolgreich durchführen können. Zur weitergehenden Prüfung möchte ich mich dennoch nochmal an euch wenden, um sicher zu gehen, dass tatsächlich alles entfernt wurde.

Hier die OTL-Logfiles nachdem ich das System bereinigt habe:

OTL.txtOTL Logfile:
Code:
OTL logfile created on: 03.05.2012 14:39:09 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\***\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 41,89% Memory free
4,00 Gb Paging File | 2,45 Gb Available in Paging File | 61,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,87 Gb Total Space | 75,67 Gb Free Space | 34,26% Space Free | Partition Type: NTFS
 
Computer Name: ***-NB | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe ()
PRC - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\Squeezebox\SqueezeTray.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (Logitech, Inc.)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\dvd43\DVD43_Tray.exe ()
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\OPHALDCS.EXE (Oki Data Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\bd5179a413bc0c4b82eedc22c6cab101\re.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\93e7e3d6030f426844228042348210cf\Service.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\eb138ef0e4282611dbf485a302784646\LibYAML.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\e56c61f7248672819579325af3387035\POSIX.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\f233f63b6654362865c7577442edb9e3\Win32.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll ()
MOD - C:\Users\***\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\4461f48e31bde5c56b31b973b773de09\List.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\c5cce8d16a1bd48692b421dcf46d3396\Util.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-***-3708\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\USERDA~1\NPAPIF~1\gcswf32.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.162\avutil-51.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.162\avformat-53.dll ()
MOD - C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.162\avcodec-53.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\95e261d2660c662aab4306168001f3e7\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2a1d0ebdb3810bb2926aea930567a3ef\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bf4d4ad3e86281bc3924d74f4e716322\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\876000568ee47aa4407f0931161adf59\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ab9feeb2817859457fc06c4c06f32fe1\System.Drawing.ni.dll ()
MOD - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\45f56e5749f43eeb24b2094fd761a9d3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b8f323bbcb35543dd68e9dbdd1abe69b\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a6529c9ffc0303d1eee4282d18c7d7f3\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\15e071596162d504ead0394ec971ad3b\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9bf91363906fc418ea34b30d7bf825b9\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\da0fc8ce9b2fb592b7d8065481ef5d42\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\26430b84dfd15f788b0e39dce71ef5d1\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fe6b346d83857a3f02bda63332e66642\mscorlib.ni.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wgui12.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wcore12.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\rscorewinapi47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wauff12.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wfvie12.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wreli12.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wsteu12.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\rsguiwinapi47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\rsodbc47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\rsdcom47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtCLuceners47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\phononrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtWebKitrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtTestrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtScriptrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\Qt3Supportrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtSqlrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtSvgrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtXmlrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtGuirs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtCorers47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtNetworkrs47.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Notepad++\NppShell_04.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
MOD - C:\PROGRA~2\PSPADE~1\PSPADS~1.DLL ()
MOD - C:\Program Files\dvd43\DVD43_Tray.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TeamViewer7) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech, Inc.)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (DCSLoader) -- C:\Windows\System32\spool\drivers\w32x86\3\OPHALDCS.EXE (Oki Data Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (iaNvStor) Intel(R) -- C:\Windows\System32\drivers\iaNvStor.sys (Intel Corporation)
DRV - (VirtualCam) -- C:\Windows\System32\drivers\VirtualCam.sys (MorningSound Co., Ltd.)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (Windows (R) Codename Longhorn DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 B9 1F BB 9B A7 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{23D7A326-06E9-404D-B48E-A8DB83B24E1E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.rwe.com:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@reiner-sct.com/OWOK,version=2.0.0.4: C:\Program Files\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.20 21:03:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.02.11 15:17:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.04.20 13:19:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.23 09:41:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.03 12:10:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.25 18:44:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.18 21:21:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.04.23 09:41:54 | 000,000,000 | ---D | M]
 
[2011.10.07 18:02:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.05.03 12:15:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4ussga7d.default\extensions
[2012.05.03 12:15:17 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4ussga7d.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012.05.03 12:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
() (No name found) -- C:\Users\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4USSGA7D.DEFAULT\EXTENSIONS\{68836A21-FC7D-4EA1-A065-7EFABD99D414}.XPI
() (No name found) -- C:\Users\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4USSGA7D.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI
() (No name found) -- C:\Users\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4USSGA7D.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\Users\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4USSGA7D.DEFAULT\EXTENSIONS\PIXELZOOMER@MATTHIASSCHUETZ.COM.XPI
[2012.05.03 12:10:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.04 16:05:51 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.01.23 12:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.26 21:00:06 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: OWOK (Enabled) = C:\Program Files\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Angry Birds = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Ping Pong = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkjehnmbocckbifckfegbkieblkipjmp\2.0_0\
CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: Paper Toss = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlifoiidlkcpdlchhngenehnhcadakpl\2.3_0\
 
O1 HOSTS File: ([2011.12.30 12:39:09 | 000,000,847 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    testshop.de
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\5.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe ()
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39D44890-344E-4005-8134-6C067B94A733}: DhcpNameServer = 10.153.194.236 10.153.70.100 10.153.72.236
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDA500EF-216D-4E40-B9F3-6C889750D649}: NameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2ee8cf70-71da-11e1-94aa-00030d87b953}\Shell - "" = AutoRun
O33 - MountPoints2\{2ee8cf70-71da-11e1-94aa-00030d87b953}\Shell\AutoRun\command - "" = E:\Autoplay.exe -auto
O33 - MountPoints2\{b5b40963-2ae7-11e1-af84-00030d87b953}\Shell - "" = AutoRun
O33 - MountPoints2\{b5b40963-2ae7-11e1-af84-00030d87b953}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\StartViewer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.03 12:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.03 12:51:43 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.03 12:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.03 12:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F170001619A000AE1ADB4EB238B
[2012.05.03 12:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.03 12:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.03 10:13:51 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\TV Welling
[2012.05.03 09:44:07 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.05.03 09:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.05.03 09:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012.04.29 12:02:59 | 000,000,000 | ---D | C] -- C:\Users\***\Photoshop
[2012.04.29 10:41:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nvu
[2012.04.29 10:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nvu
[2012.04.29 10:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Nvu
[2012.04.25 17:19:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenIndex
[2012.04.25 17:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenEstate
[2012.04.25 17:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\OpenEstate-ImmoTool
[2012.04.24 18:24:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Audacity
[2012.04.24 18:23:51 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2012.04.24 18:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2012.04.24 18:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\No23 Recorder
[2012.04.24 18:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\No23 Recorder
[2012.04.23 09:58:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\GHISLER
[2012.04.20 13:53:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.04.20 13:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.04.20 13:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012.04.20 13:29:11 | 000,000,000 | ---D | C] -- C:\Users\***\Adobe Flash Builder 4.5
[2012.04.20 13:24:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Artisteer
[2012.04.20 13:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2012.04.20 13:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artisteer 3
[2012.04.20 13:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Artisteer 3
[2012.04.20 13:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Web Premium CS5.5
[2012.04.20 10:25:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.04.20 10:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2012.04.13 08:35:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.04.13 08:34:56 | 000,000,000 | ---D | C] -- C:\Users\***\.thumbnails
[2012.04.12 10:02:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.04.12 10:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.11 09:04:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.11 09:04:52 | 001,799,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.04.11 09:04:52 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.11 09:04:51 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.11 09:04:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.11 09:04:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.11 08:59:16 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012.04.11 08:59:16 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012.04.10 17:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2012.04.10 17:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2012.04.10 17:40:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012.04.10 14:32:48 | 000,303,616 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2012.04.09 23:12:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2012.04.09 23:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2012.04.09 23:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain
[2012.04.08 21:57:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.04.08 21:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012.04.08 21:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2012.04.08 18:10:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Live
[2012.04.08 18:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2012.04.04 07:53:58 | 000,047,512 | ---- | C] (Adobe Systems Inc) -- C:\Windows\System32\AdobePDF.dll
[2012.04.04 07:53:56 | 000,022,936 | ---- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.03 14:38:11 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.03 14:38:11 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.03 14:35:04 | 000,690,938 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.03 14:35:04 | 000,645,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.03 14:35:04 | 000,139,904 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.03 14:35:04 | 000,114,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.03 14:29:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.03 14:29:38 | 1609,363,456 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.03 12:51:45 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.03 12:13:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.03 11:58:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2451510392-3483582798-355726404-1000UA.job
[2012.04.29 17:19:31 | 004,046,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.28 19:58:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2451510392-3483582798-355726404-1000Core.job
[2012.04.24 11:09:10 | 000,003,412 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2012.04.14 10:13:05 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.04.14 10:13:05 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.04 07:53:58 | 000,047,512 | ---- | M] (Adobe Systems Inc) -- C:\Windows\System32\AdobePDF.dll
[2012.04.04 07:53:56 | 000,022,936 | ---- | M] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.03 12:51:45 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.24 18:24:09 | 000,000,977 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.04.24 11:09:10 | 000,003,412 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.04.23 18:08:11 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.04.20 13:23:29 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012.04.20 13:23:29 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012.04.20 13:19:47 | 000,001,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012.04.20 13:15:46 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.04.20 10:25:04 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012.03.08 10:21:00 | 000,000,536 | ---- | C] () -- C:\Windows\wiso.ini
[2012.02.20 17:38:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012.01.30 18:18:52 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2011.11.04 12:13:07 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2011.10.27 17:24:46 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2011.10.15 17:30:02 | 000,000,175 | ---- | C] () -- C:\Windows\OPHA.INI
[2011.10.10 22:27:54 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.09 10:22:30 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.10.08 11:43:34 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.10.08 11:43:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.10.07 15:19:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.09.16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.09.16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.09.16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
 
========== LOP Check ==========
 
[2011.10.29 13:04:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AppClient
[2012.04.20 13:24:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Artisteer
[2012.04.26 21:26:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2012.03.08 10:10:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2012.03.27 09:59:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service GmbH
[2011.10.07 16:41:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2012.04.20 13:53:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.04.20 10:25:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.10.08 11:24:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.polythink.ups.wda.03EBA0C726630DF115D9764F9B83F5185396D811.1
[2012.03.27 11:15:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.Rhapsody.Napster5
[2012.03.19 18:03:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.05.03 14:34:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.11.26 13:36:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.11.26 13:36:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.11 15:11:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc
[2012.01.03 09:04:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2012.05.03 10:24:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.10.08 11:43:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF
[2012.03.21 20:49:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2012.04.13 12:19:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.03.21 17:10:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2012.03.16 14:17:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2012.04.08 21:57:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.03.27 11:03:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.01.07 13:39:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mp3DirectCut
[2012.03.16 13:45:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2011.10.30 13:24:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MySQL
[2011.10.22 17:11:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.04.29 10:41:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nvu
[2012.03.14 19:57:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenArena
[2012.04.25 17:19:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenIndex
[2012.01.04 12:22:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OPHA
[2012.02.20 18:33:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDFCreator
[2012.02.20 17:38:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2011.10.10 22:18:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.04.28 16:24:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify
[2012.02.11 17:36:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2011.12.22 10:17:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.04.17 10:14:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2011.10.07 18:02:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.04.10 11:53:09 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
--- --- ---



Extras.txtOTL Logfile:
Code:
OTL Extras logfile created on: 03.05.2012 14:39:09 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\***\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,84 Gb Available Physical Memory | 41,89% Memory free
4,00 Gb Paging File | 2,45 Gb Available in Paging File | 61,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,87 Gb Total Space | 75,67 Gb Free Space | 34,26% Space Free | Partition Type: NTFS
 
Computer Name: ***-NB | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.js [@ = jsfile] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Logitech Media Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Logitech Media Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Logitech Media Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Logitech Media Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Logitech Media Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Logitech Media Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Logitech Media Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Logitech Media Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Logitech Media Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Logitech Media Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Logitech Media Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Logitech Media Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Logitech Media Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Logitech Media Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Logitech Media Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Logitech Media Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Logitech Media Server 3483 tcp
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12D1E334-00A3-41C0-9110-E239641CC583}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{18D2CA0E-4229-4DBF-90B1-D5E50FC8AFB6}" = lport=137 | protocol=17 | dir=in | app=system |
"{2643F1ED-7DF3-43A7-A080-2B23B44C21F6}" = rport=445 | protocol=6 | dir=out | app=system |
"{2B07572A-873E-46C5-BDA7-36451EB73986}" = lport=445 | protocol=6 | dir=in | app=system |
"{2C9DD68D-D9BC-4919-A93D-80467F673C6F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2FBF2B16-0FA5-40CF-BCB0-F3FB2D290FB0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36C1495C-3EEC-4339-8E6F-04794CCAB879}" = rport=137 | protocol=17 | dir=out | app=system |
"{460A6032-07A9-4740-BA0D-C8CB95942D41}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{489B499F-3D3A-415B-A37D-D540471EF195}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{56D88E73-8824-4635-9F59-42CD96579F89}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59DC2DCE-116B-4C57-9A0D-5F5302619D31}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{67018766-41B0-4D7A-ACDC-4B64EAA1B243}" = lport=138 | protocol=17 | dir=in | app=system |
"{77679A05-3222-49B5-BFD5-8ECC5C5D2382}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7AC8762F-B1FA-4547-99DD-D97F1B3BD5BF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8C1563E5-163A-43F2-BDFF-D4ED8A9C0A14}" = rport=138 | protocol=17 | dir=out | app=system |
"{91344D0F-3ADC-449B-96CE-A3DA0207F674}" = rport=139 | protocol=6 | dir=out | app=system |
"{A1C03D04-35A3-4B42-97B5-22E4F658D9E0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{AFCDE220-424B-41C8-BF9D-A9250B6BCDCA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe |
"{BAEB47DF-0F72-42C7-9BB9-625ED2C27F5B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD351B04-2E0D-45D5-B83E-EBDC43A238A8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CE9F50B3-5A50-4623-924C-312946A7A7CB}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 |
"{D75055B3-BE09-40FC-8D08-2BDA8790DC2B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DB8C9CCD-4C5B-4D0F-BA0F-9430F3BE0F02}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DE0DB673-238E-4501-B1A8-C41A5E71ACC4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E43F9601-A27F-468D-8BA4-73D4CDF6FDB0}" = lport=139 | protocol=6 | dir=in | app=system |
"{EE9F278B-E58C-495B-83FA-381CD27CEAD9}" = rport=10243 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0277AFE0-E53D-4B40-9C66-08FA6FADFA79}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{15B8EB5D-BC6A-4326-A68D-753BF0EBADA0}" = protocol=6 | dir=out | app=system |
"{24E7BB5F-1504-4A10-8A38-FF3B2C0A472F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{2C746E7C-665F-431D-90B8-ADF3A0802E78}" = protocol=17 | dir=in | app=c:\Users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{3D159141-A9ED-4436-BFC0-17B686765301}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3DCAC0E4-3AEA-4DF2-A80B-9695BA94F8A8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{40F114A1-E791-4FB5-BA43-6452056FF176}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{41862E03-D9E6-4261-A291-E9C598E54BE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4752E560-3BFA-4809-854E-6DDC27F2AE9D}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{4CB659B8-7FED-4E68-A177-4791D9ED71FE}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{51FB169B-B21D-4696-B041-E7B1CE51708B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{55734C8A-5E2F-4783-A18B-BB8E4EAE4000}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61E69AF6-3997-4C68-9D3F-473A9A2ACF38}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{749FDCB5-315D-4F29-B057-9A77151B098D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7CD58ED2-56AA-4614-B991-A2038F82DED8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A7353B2-8B13-407F-A691-813E8F5D51FA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8E5EA689-17D5-4333-ADCA-74533D440BBA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8F7B56BE-84FF-49E1-AF32-E1D9924D4135}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{90CF2DA0-F362-4595-8C59-CF66BA173087}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{93043B53-3B93-4417-BC4E-5B2AE1A17BFB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A89A0DC2-524B-40C9-835A-7FA8C4C32CB2}" = protocol=6 | dir=in | app=c:\Users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{A89A5ED0-8D38-416F-8783-9C29299B8929}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AC3AA4AB-0167-49D7-B922-ED43A5CE4367}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{B5FA05C1-7510-45D7-BA8F-7CFFEFD685C6}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{B7334F0C-DEFB-496E-8725-5BC67DA2E934}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{BACFB37C-527C-4FE3-AC4D-999011C67C72}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{BB34011A-103C-492C-BBDA-A6CE046E12B0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBA75C41-4A1F-4FE7-B3F9-50C8133D43FF}" = dir=in | app=c:\program files\squeezebox\server\squeezesvr.exe |
"{BE4770BB-5D90-42EC-B95F-96D068EAD477}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C751ADD7-6BCF-4380-9734-FF469C4E9CC9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CEA94DEC-AF29-4A74-8554-2131D7D029C7}" = protocol=17 | dir=in | app=c:\Users\***\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D4B63564-F1A0-44B8-A9EF-0EE8E7E0A9CE}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{DA44DFBD-EA7C-423A-AB29-8B2C76FB86E2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DE52004C-82DC-47A4-914D-66A41ADDA4FA}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{E4637F05-0A8E-4195-A6E4-218307528B6A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{EFC98F46-77E4-4C48-A2BE-43515DD8A9BE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F1EB4043-80C3-49A3-A1FF-78133DC5E086}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F4412FD6-6A96-43A4-8017-71403DD27C2F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F4AFBA61-97B2-4026-B3BC-B856325E1D7F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F5E99228-B9A3-4A62-98CB-08633FC235CD}" = protocol=6 | dir=in | app=c:\Users\***\appdata\local\google\google talk plugin\googletalkplugin.exe |
"TCP Query User{0C547764-8A3A-44E5-9577-F836CA1AC6EF}C:\Users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\Users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{1F506D03-F687-4D0A-8317-96DDC7032233}C:\users\handball\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\handball\appdata\roaming\spotify\spotify.exe |
"TCP Query User{23D9A46A-424B-4E7E-9849-EB9A25A853C2}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{24694A8F-48A2-4A7C-87F7-C17C7F0DFF43}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{29B28870-BD61-4AB4-ABE2-B8D237E6E7E9}C:\Users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\Users\***\appdata\roaming\spotify\spotify.exe |
"TCP Query User{33622CB6-09EE-43DC-B3DC-2A079BE7E3B2}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{42EC8DB0-8413-4452-BE96-117858F532E4}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{68D3D9E3-6C51-47E2-A792-DDE41360F7F6}C:\Users\***\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\Users\***\appdata\roaming\spotify\spotify.exe |
"TCP Query User{7429A717-5610-43CE-A9F9-E42AA56BAAD3}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{7798802C-EEB8-4938-B2A8-B849E3541A90}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{867803E0-28ED-4513-8E56-CC0560FFC4CD}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{8ABE8C7C-E855-4B7A-94F6-FF4146AC0BCE}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{A64CC3C5-64C4-40A2-AC68-86935C6AF89D}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{A8E88279-4BCE-4507-8911-C689D71D2D52}C:\users\handball\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\handball\appdata\roaming\spotify\spotify.exe |
"TCP Query User{B7554DBE-F7A7-4A8A-9E40-DACE916AEAE6}C:\program files\openarena-0.8.8\openarena.exe" = protocol=6 | dir=in | app=c:\program files\openarena-0.8.8\openarena.exe |
"TCP Query User{DBEA43DA-5546-4977-A4EB-9338AA325D2C}C:\Users\***\desktop\openarena-0.8.8\openarena.exe" = protocol=6 | dir=in | app=c:\Users\***\desktop\openarena-0.8.8\openarena.exe |
"TCP Query User{E664AC10-2388-4123-9173-94E4B35555ED}C:\program files\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files\napster\napster.exe |
"TCP Query User{F77EA495-F64C-4995-8F3C-A128B8F194C2}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{0843CAD7-BE08-488D-945D-32C7DE340A66}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{121C019E-CF28-4497-BB39-BDE9152EE563}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{13F6A78A-1189-4BAB-BD52-098254BA3F9B}C:\Users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\Users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{195A0948-0CEA-4A61-B2AE-2494B7F4AFA7}C:\program files\openarena-0.8.8\openarena.exe" = protocol=17 | dir=in | app=c:\program files\openarena-0.8.8\openarena.exe |
"UDP Query User{26A1BCD0-82D3-4010-8BDE-FAA2320C20EC}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{3297708E-F599-49FA-9B19-86404C09E2AC}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{3AB2F504-FC0D-40E3-A616-184389875811}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{4F028160-AF8F-419D-ADD5-215277704398}C:\Users\***\desktop\openarena-0.8.8\openarena.exe" = protocol=17 | dir=in | app=c:\Users\***\desktop\openarena-0.8.8\openarena.exe |
"UDP Query User{65F25323-06B1-4DE0-B014-2601DEA7BCFD}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{6C5D760E-39D7-42F3-9CED-9C87738D35FF}C:\Users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\Users\***\appdata\roaming\spotify\spotify.exe |
"UDP Query User{78A3C9F6-3DC9-4D0F-91A5-27A2B2E49331}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{8F05C83A-230E-4B7C-BEF6-AB79F5ED7402}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{92291305-E39C-47E6-B260-23CED849AE94}C:\users\handball\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\handball\appdata\roaming\spotify\spotify.exe |
"UDP Query User{9EC817C9-2DEE-4827-8578-1F4F11FE7FA4}C:\program files\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files\napster\napster.exe |
"UDP Query User{AC23EC3C-F514-4AAF-9E27-475ADBBC0B3B}C:\Users\***\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\Users\***\appdata\roaming\spotify\spotify.exe |
"UDP Query User{C2978CE0-DCE0-4E7E-A576-6C06F28DF216}C:\users\handball\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\handball\appdata\roaming\spotify\spotify.exe |
"UDP Query User{EEF1F265-E58A-4163-B6DE-D8C8E27AA94C}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{F9CA384C-222F-41AC-9F72-FCE12548706B}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D0EB043-73A9-B71E-BA0B-1F6126BD2524}" = Napster 5.0 Beta
"{0E806605-5B82-4A4F-BC31-AA4FADA03C42}" = t@x 2012
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FD60254-35B7-4915-862B-26847C9FE8DE}" = Tunebite
"{11CF3ABC-DFB0-47DE-B31F-71CB995A12D7}_is1" = Mein Büro
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C52D6EB-EE7E-45C4-AFB8-1242164A4A44}" = C5150n - C5200n Series GDI Driver from OKI® Printing Solutions for Windows
"{31423F74-36B2-4d24-B10D-CD00BFB7C118}" = Intel® Turbo Memory
"{32A3A4F4-B792-11D6-A78A-00B0D0170010}" = Java(TM) SE Development Kit 7 Update 1
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3A6F4A31-8CFD-46B4-8385-E1F384DB121E}" = PDF-XChange Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5DBC79DA-87D2-376D-A65D-B14097C06C71}" = Google Talk Plugin
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{5E2ABE05-B7AD-4D77-8A19-BDA0E4302190}" = Google SketchUp 8
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{818FB39B-1A57-4F1B-A54D-391C33D6C596}" = Tropico
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86FA7865-F1BB-4BDA-B296-4120684A692C}" = WISO Mein Geld 2012 Standard
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager und Intel® Turbo Memory
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{944322AF-5D21-43F7-87DE-06BB30A1C369}" = MySQL Workbench 5.2 CE
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{971CD5D9-FF9E-474F-8364-704DF9B4FCA6}" = pdfforge Toolbar v5.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4749B38-C5BD-4A02-8E9F-C1EF7CCEA651}" = Adobe Creative Suite 5.5 Web Premium
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB5E57BD-2E5E-4EF4-A7AE-08CB03102E06}" = MAGIX Music Maker Silver
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C9D456FD-C25B-49DE-AA71-6B76D6550B23}" = Adobe Fireworks CS3
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" = Adobe Creative Suite 3 Master Collection
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFFDDCF5-CB32-4354-8823-1B9E68025953}" = Adobe Setup
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"2ADF4484850200A062B66ED19240994480D85943" = Windows-Treiberpaket - ITE Tech.Inc. (itecir) HIDClass (01/05/2007 5.0.0003.2)
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_67a7fb1e97aa14ee9ef0950eb6fd757" = Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen
"Android SDK Tools" = Android SDK Tools
"Artisteer 3" = Artisteer 3
"Audacity_is1" = Audacity 2.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"com.Rhapsody.Napster5" = Napster 5.0 Beta
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD43_is1" = DVD43 v4.6.0
"ElsterFormular 12.4.1.7699k" = ElsterFormular
"facemoods" = Facemoods Toolbar
"FileZilla Client" = FileZilla Client 3.5.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.04" = GPL Ghostscript
"HandBrake" = HandBrake 0.9.6
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.7.2
"IrfanView" = IrfanView (remove only)
"Jingle Palette" = Jingle Palette 4.4.5
"Logitech Media Server_is1" = Logitech Media Server 7.7.0
"MAGIX_{BB5E57BD-2E5E-4EF4-A7AE-08CB03102E06}" = MAGIX Music Maker Silver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49a
"No23 Recorder" = No23 Recorder
"Notepad++" = Notepad++
"Nvu_is1" = Nvu 1.0
"Office14.SingleImage" = Microsoft Office Professional 2010
"OWOK-NPAPI-20" = OWOK 2.0.0.4 NPAPI
"PSPad editor_is1" = PSPad editor
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RemoteControl for Winamp1.00" = RemoteControl for Winamp
"SopCast" = SopCast 3.4.8
"sp6" = Logitech SetPoint 6.32
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 2.0.1
"WBFS Manager 3.0" = WBFS Manager 3.0
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"WISO Mein Geld 2012 Standard" = WISO Mein Geld 2012 Standard
"xampp" = XAMPP 1.7.7
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.04.2012 10:50:40 | Computer Name = ***-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.04.2012 10:50:40 | Computer Name = ***-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1029
 
Error - 02.04.2012 10:50:40 | Computer Name = ***-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1029
 
Error - 02.04.2012 10:50:41 | Computer Name = ***-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.04.2012 10:50:41 | Computer Name = ***-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2028
 
Error - 02.04.2012 10:50:41 | Computer Name = ***-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2028
 
Error - 02.04.2012 10:50:42 | Computer Name = ***-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.04.2012 10:50:42 | Computer Name = ***-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3026
 
Error - 02.04.2012 10:50:42 | Computer Name = ***-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3026
 
Error - 02.04.2012 10:50:43 | Computer Name = ***-NB | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
[ Media Center Events ]
Error - 21.01.2012 15:58:11 | Computer Name = ***-NB | Source = MCUpdate | ID = 0
Description = 20:58:11 - Fehler beim Herstellen der Internetverbindung. 20:58:11
- Serververbindung konnte nicht hergestellt werden..
 
Error - 21.01.2012 15:58:19 | Computer Name = ***-NB | Source = MCUpdate | ID = 0
Description = 20:58:16 - Fehler beim Herstellen der Internetverbindung. 20:58:16
- Serververbindung konnte nicht hergestellt werden..
 
Error - 28.01.2012 12:54:06 | Computer Name = ***-NB | Source = MCUpdate | ID = 0
Description = 17:54:06 - Fehler beim Herstellen der Internetverbindung. 17:54:06
- Serververbindung konnte nicht hergestellt werden..
 
Error - 28.01.2012 12:54:14 | Computer Name = ***-NB | Source = MCUpdate | ID = 0
Description = 17:54:11 - Fehler beim Herstellen der Internetverbindung. 17:54:11
- Serververbindung konnte nicht hergestellt werden..
 
Error - 28.01.2012 13:54:18 | Computer Name = ***-NB | Source = MCUpdate | ID = 0
Description = 18:54:18 - Fehler beim Herstellen der Internetverbindung. 18:54:18
- Serververbindung konnte nicht hergestellt werden..
 
Error - 28.01.2012 13:54:23 | Computer Name = ***-NB | Source = MCUpdate | ID = 0
Description = 18:54:23 - Fehler beim Herstellen der Internetverbindung. 18:54:23
- Serververbindung konnte nicht hergestellt werden..
 
Error - 28.01.2012 14:54:58 | Computer Name = ***-NB | Source = MCUpdate | ID = 0
Description = 19:54:57 - Fehler beim Herstellen der Internetverbindung. 19:54:58
- Serververbindung konnte nicht hergestellt werden..
 
Error - 28.01.2012 14:55:27 | Computer Name = ***-NB | Source = MCUpdate | ID = 0
Description = 19:55:27 - Fehler beim Herstellen der Internetverbindung. 19:55:27
- Serververbindung konnte nicht hergestellt werden..
 
Error - 28.01.2012 15:56:02 | Computer Name = ***-NB | Source = MCUpdate | ID = 0
Description = 20:56:02 - Fehler beim Herstellen der Internetverbindung. 20:56:02
- Serververbindung konnte nicht hergestellt werden..
 
Error - 28.01.2012 15:56:31 | Computer Name = ***-NB | Source = MCUpdate | ID = 0
Description = 20:56:31 - Fehler beim Herstellen der Internetverbindung. 20:56:31
- Serververbindung konnte nicht hergestellt werden..
 
[ System Events ]
Error - 26.02.2012 03:30:42 | Computer Name = ***-NB | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?02.?2012 um 21:13:06 unerwartet heruntergefahren.
 
Error - 26.02.2012 05:57:41 | Computer Name = ***-NB | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 26.02.2012 05:57:41 | Computer Name = ***-NB | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 26.02.2012 08:50:51 | Computer Name = ***-NB | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 26.02.2012 08:50:51 | Computer Name = ***-NB | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 27.02.2012 06:30:40 | Computer Name = ***-NB | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 27.02.2012 06:30:40 | Computer Name = ***-NB | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 27.02.2012 06:41:10 | Computer Name = ***-NB | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 27.02.2012 07:31:04 | Computer Name = ***-NB | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 27.02.2012 07:31:04 | Computer Name = ***-NB | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
--- --- ---


Ist mein System jetzt wieder sauber?

cosinus 03.05.2012 18:21
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

beckejr 03.05.2012 19:24
Hallo cosinus,

vielen Dank für deine Antwort.

Hier schon mal die erste Malwarebyte Log:

Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.03.02

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
*** :: ***-NB [Administrator]

03.05.2012 12:52:52
mbam-log-2012-05-03 (12-52-52).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 642722
Laufzeit: 1 Stunde(n), 34 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Fortress 2012 (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|F4D55F170001619A000AE1ADB4EB238B (Trojan.LameShield) -> Daten: C:\ProgramData\F4D55F170001619A000AE1ADB4EB238B\F4D55F170001619A000AE1ADB4EB238B.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\ProgramData\F4D55F170001619A000AE1ADB4EB238B\F4D55F170001619A000AE1ADB4EB238B.exe (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\$Recycle.Bin\S-1-5-21-2451510392-3483582798-355726404-1000\$RTN2P0N.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\1439b173-36d3be7a (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Der ESET Scan läuft z.Zt. noch.

Hallo cosinus,

hier der Vollscan durch Malwarebyte, nachdem das System im abgesicherten Modus bereinigt wurde:

Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.03.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-NB [Administrator]

Schutz: Aktiviert

03.05.2012 23:38:39
mbam-log-2012-05-03 (23-38-39).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 519628
Laufzeit: 2 Stunde(n), 32 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Und hier der der ESET Scan:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=316d870ca0d6fd4c92264c854057fb30
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-03 11:30:48
# local_time=2012-05-04 01:30:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 18072907 18072907 0 0
# compatibility_mode=5893 16776573 100 94 1953 87700343 0 0
# compatibility_mode=8192 67108863 100 0 1351 1351 0 0
# scanned=326430
# found=1
# cleaned=0
# scan_time=18696
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
Danke nochmal für deine Hilfe.

cosinus 04.05.2012 09:01
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

beckejr 04.05.2012 09:05
Zu 1.: Der normale Modus läuft uneingeschränkt.

Zu 2.: Das Startmenü sieht auf den ersten Blick eigentlich normal aus. Dort war nur der Smart Fortress Ordner samt Verknüpfung. Den habe ich aber manuell gelöscht. Die Desktopverknüpfung habe ich auch gelöscht.

cosinus 04.05.2012 09:23
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

beckejr 04.05.2012 10:20
Hier die Log-Datei:

Code:
OTL logfile created on: 04.05.2012 10:40:58 - Run 2
OTL by OldTimer - Version 3.2.42.2    Folder = C:\Users\***\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 48,27% Memory free
4,00 Gb Paging File | 2,68 Gb Available in Paging File | 67,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,87 Gb Total Space | 92,11 Gb Free Space | 41,70% Space Free | Partition Type: NTFS
 
Computer Name: ***-NB | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe ()
PRC - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Squeezebox\SqueezeTray.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE (Logitech, Inc.)
PRC - C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\OPHALDCS.EXE (Oki Data Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\93e7e3d6030f426844228042348210cf\Service.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\bd5179a413bc0c4b82eedc22c6cab101\re.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\eb138ef0e4282611dbf485a302784646\LibYAML.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\e56c61f7248672819579325af3387035\POSIX.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\f233f63b6654362865c7577442edb9e3\Win32.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\4461f48e31bde5c56b31b973b773de09\List.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll ()
MOD - C:\Users\***\AppData\Local\Temp\pdk-Frank-2444\c5cce8d16a1bd48692b421dcf46d3396\Util.dll ()
MOD - C:\Users\***\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\95e261d2660c662aab4306168001f3e7\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\2a1d0ebdb3810bb2926aea930567a3ef\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\bf4d4ad3e86281bc3924d74f4e716322\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\876000568ee47aa4407f0931161adf59\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ab9feeb2817859457fc06c4c06f32fe1\System.Drawing.ni.dll ()
MOD - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\locale\de_de\acrotray.deu ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\45f56e5749f43eeb24b2094fd761a9d3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\b8f323bbcb35543dd68e9dbdd1abe69b\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a6529c9ffc0303d1eee4282d18c7d7f3\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\15e071596162d504ead0394ec971ad3b\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\9bf91363906fc418ea34b30d7bf825b9\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\da0fc8ce9b2fb592b7d8065481ef5d42\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\26430b84dfd15f788b0e39dce71ef5d1\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\fe6b346d83857a3f02bda63332e66642\mscorlib.ni.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wgui12.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wcore12.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\rscorewinapi47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wauff12.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wfvie12.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wreli12.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\wsteu12.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\rsguiwinapi47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\taxaktuell.exe ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\rsodbc47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\rsdcom47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtCLuceners47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\phononrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtWebKitrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtTestrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtScriptrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\Qt3Supportrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtSqlrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtSvgrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtXmlrs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtGuirs47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtCorers47.dll ()
MOD - C:\Program Files\Buhl finance\tax Steuersoftware 2012\QtNetworkrs47.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TeamViewer7) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech, Inc.)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (DCSLoader) -- C:\Windows\System32\spool\drivers\w32x86\3\OPHALDCS.EXE (Oki Data Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) -- C:\Windows\System32\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (iaNvStor) Intel(R) -- C:\Windows\System32\drivers\iaNvStor.sys (Intel Corporation)
DRV - (VirtualCam) -- C:\Windows\System32\drivers\VirtualCam.sys (MorningSound Co., Ltd.)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (Windows (R) Codename Longhorn DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 B9 1F BB 9B A7 CC 01  [binary data]
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\..\SearchScopes\{23D7A326-06E9-404D-B48E-A8DB83B24E1E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.rwe.com:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@reiner-sct.com/OWOK,version=2.0.0.4: C:\Program Files\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll (REINER Kartengeräte GmbH und Co. KG.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.20 21:03:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012.02.11 15:17:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012.04.20 13:19:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.04.23 09:41:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.03 12:10:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.03 22:52:06 | 000,000,000 | ---D | M]
 
[2011.10.07 18:02:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.05.04 08:36:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4ussga7d.default\extensions
[2012.05.03 21:03:28 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4ussga7d.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012.05.03 12:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
() (No name found) -- C:\Users\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4USSGA7D.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\Users\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4USSGA7D.DEFAULT\EXTENSIONS\PIXELZOOMER@MATTHIASSCHUETZ.COM.XPI
[2012.05.03 12:10:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.23 12:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.26 21:00:06 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: OWOK (Enabled) = C:\Program Files\REINER SCT\OWOK\NPAPI-20\nprsct_owok_npapi-2004.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Angry Birds = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Ping Pong = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkjehnmbocckbifckfegbkieblkipjmp\2.0_0\
CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: Paper Toss = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlifoiidlkcpdlchhngenehnhcadakpl\2.3_0\
 
O1 HOSTS File: ([2012.03.30 15:22:58 | 000,601,715 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1  localhost
O1 - Hosts: ::1  localhost #[IPv6]
O1 - Hosts: 127.0.0.1  fr.a2dfp.net
O1 - Hosts: 127.0.0.1  m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1  ad.a8.net
O1 - Hosts: 127.0.0.1  asy.a8ww.net
O1 - Hosts: 127.0.0.1  abcstats.com
O1 - Hosts: 127.0.0.1  a.abv.bg
O1 - Hosts: 127.0.0.1  adserver.abv.bg
O1 - Hosts: 127.0.0.1  adv.abv.bg
O1 - Hosts: 127.0.0.1  bimg.abv.bg
O1 - Hosts: 127.0.0.1  ca.abv.bg
O1 - Hosts: 127.0.0.1  www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1  track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1  accuserveadsystem.com
O1 - Hosts: 127.0.0.1  www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1  achmedia.com
O1 - Hosts: 127.0.0.1  aconti.net
O1 - Hosts: 127.0.0.1  secure.aconti.net
O1 - Hosts: 127.0.0.1  www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1  am1.activemeter.com
O1 - Hosts: 127.0.0.1  www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  ads.activepower.net
O1 - Hosts: 127.0.0.1  stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1  cms.ad2click.nl
O1 - Hosts: 16118 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKU\S-1-5-21-2451510392-3483582798-355726404-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2451510392-3483582798-355726404-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-2451510392-3483582798-355726404-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LWI.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39D44890-344E-4005-8134-6C067B94A733}: DhcpNameServer = 10.153.194.236 10.153.70.100 10.153.72.236
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDA500EF-216D-4E40-B9F3-6C889750D649}: NameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2ee8cf70-71da-11e1-94aa-00030d87b953}\Shell - "" = AutoRun
O33 - MountPoints2\{2ee8cf70-71da-11e1-94aa-00030d87b953}\Shell\AutoRun\command - "" = E:\Autoplay.exe -auto
O33 - MountPoints2\{b5b40963-2ae7-11e1-af84-00030d87b953}\Shell - "" = AutoRun
O33 - MountPoints2\{b5b40963-2ae7-11e1-af84-00030d87b953}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\StartViewer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {37984A42-08A5-501D-D7E3-8E393C247201} - Microsoft Windows Media Player 12.0
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.03 23:09:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MySQL
[2012.05.03 23:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MySQL
[2012.05.03 22:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.05.03 22:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.05.03 21:56:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Secunia PSI
[2012.05.03 21:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012.05.03 12:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.03 12:51:43 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.03 12:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.03 12:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F170001619A000AE1ADB4EB238B
[2012.05.03 12:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.03 12:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.03 10:13:51 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\TV Welling
[2012.04.29 12:02:59 | 000,000,000 | ---D | C] -- C:\Users\***\Photoshop
[2012.04.29 10:41:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Nvu
[2012.04.29 10:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nvu
[2012.04.29 10:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Nvu
[2012.04.25 17:19:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenIndex
[2012.04.25 17:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenEstate
[2012.04.25 17:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\OpenEstate-ImmoTool
[2012.04.24 18:24:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Audacity
[2012.04.24 18:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2012.04.23 09:58:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\GHISLER
[2012.04.20 13:53:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.04.20 13:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.04.20 13:41:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2012.04.20 13:29:11 | 000,000,000 | ---D | C] -- C:\Users\***\Adobe Flash Builder 4.5
[2012.04.20 13:24:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Artisteer
[2012.04.20 13:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2012.04.20 13:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Web Premium CS5.5
[2012.04.20 10:25:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.04.20 10:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2012.04.13 08:35:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.04.13 08:34:56 | 000,000,000 | ---D | C] -- C:\Users\***\.thumbnails
[2012.04.12 10:02:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.04.12 10:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.10 17:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2012.04.10 17:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Rockstar Games
[2012.04.09 23:12:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2012.04.09 23:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
[2012.04.09 23:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain
[2012.04.08 21:57:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.04.08 21:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012.04.08 21:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2012.04.08 18:10:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Live
[2012.04.08 18:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.04 10:35:56 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.04 10:35:56 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.04 10:33:17 | 000,690,938 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.04 10:33:17 | 000,645,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.04 10:33:17 | 000,139,904 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.04 10:33:17 | 000,114,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.04 10:27:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.04 10:27:15 | 1609,363,456 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.04 10:13:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.04 09:58:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2451510392-3483582798-355726404-1000UA.job
[2012.05.03 21:56:01 | 000,001,064 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.05.03 19:58:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2451510392-3483582798-355726404-1000Core.job
[2012.04.29 17:19:31 | 004,046,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.04.24 11:09:10 | 000,003,412 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.03 21:56:01 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.05.03 21:56:00 | 000,001,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.04.24 11:09:10 | 000,003,412 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2012.04.23 18:08:11 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.04.20 13:23:29 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012.04.20 13:23:29 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012.04.20 13:19:47 | 000,001,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012.04.20 13:15:46 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.04.20 10:25:04 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012.03.08 10:21:00 | 000,000,536 | ---- | C] () -- C:\Windows\wiso.ini
[2012.02.20 17:38:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012.01.30 18:18:52 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2011.11.04 12:13:07 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2011.10.27 17:24:46 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2011.10.15 17:30:02 | 000,000,175 | ---- | C] () -- C:\Windows\OPHA.INI
[2011.10.10 22:27:54 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.09 10:22:30 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.10.08 11:43:34 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.10.08 11:43:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.10.07 15:19:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.09.16 11:54:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.09.16 11:54:44 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.09.16 11:54:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.09.16 11:54:44 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.09.16 11:54:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
 
========== LOP Check ==========
 
[2011.10.29 13:04:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AppClient
[2012.04.20 13:24:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Artisteer
[2012.04.26 21:26:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2012.03.08 10:10:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2012.03.27 09:59:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service GmbH
[2011.10.07 16:41:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2012.04.20 13:53:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.04.20 10:25:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.10.08 11:24:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.polythink.ups.wda.03EBA0C726630DF115D9764F9B83F5185396D811.1
[2012.03.27 11:15:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.Rhapsody.Napster5
[2012.03.19 18:03:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.05.04 10:38:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2011.11.26 13:36:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.11.26 13:36:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.11 15:11:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc
[2012.01.03 09:04:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2012.05.03 10:24:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.10.08 11:43:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF
[2012.03.21 20:49:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2012.04.13 12:19:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.03.21 17:10:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2012.03.16 14:17:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2012.04.08 21:57:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.03.27 11:03:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.01.07 13:39:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mp3DirectCut
[2012.03.16 13:45:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2011.10.30 13:24:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MySQL
[2011.10.22 17:11:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.04.29 10:41:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nvu
[2012.03.14 19:57:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenArena
[2012.04.25 17:19:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenIndex
[2012.01.04 12:22:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OPHA
[2012.02.20 18:33:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDFCreator
[2012.02.20 17:38:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2011.10.10 22:18:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.04.28 16:24:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify
[2012.02.11 17:36:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2011.12.22 10:17:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.04.17 10:14:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2011.10.07 18:02:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.04.29 09:44:56 | 000,000,000 | ---D | M] -- C:\Users\yyy\AppData\Roaming\Spotify
[2012.01.01 14:11:18 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Buhl Data Service
[2012.01.09 17:24:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Buhl Data Service GmbH
[2012.03.30 10:27:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\com.Rhapsody.Napster5
[2012.01.01 14:08:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Leadertech
[2012.01.04 12:26:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OPHA
[2011.10.25 08:10:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Samsung
[2012.04.10 11:53:09 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.05.03 23:06:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2011.10.29 13:04:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AppClient
[2012.04.20 13:24:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2012.04.20 13:24:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Artisteer
[2012.04.26 21:26:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2011.10.07 16:04:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2012.03.08 10:10:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service
[2012.03.27 09:59:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service GmbH
[2011.10.07 16:41:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2012.04.20 13:53:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.04.20 10:25:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.10.08 11:24:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.polythink.ups.wda.03EBA0C726630DF115D9764F9B83F5185396D811.1
[2012.03.27 11:15:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.Rhapsody.Napster5
[2012.03.19 18:03:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.12.26 12:04:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2012.05.04 10:38:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.03.21 19:00:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2011.11.26 13:36:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.11.26 13:36:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.11 15:11:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\e-academy Inc
[2012.01.03 09:04:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2012.05.03 10:24:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.10.08 11:43:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF
[2012.03.21 20:49:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2012.03.06 11:35:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google
[2012.04.13 12:19:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.03.21 17:10:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2011.10.07 14:26:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2012.03.16 14:17:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2011.10.07 14:36:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2012.04.08 21:57:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2011.10.07 15:58:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logishrd
[2011.10.07 16:01:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logitech
[2011.10.27 17:59:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.03.27 11:03:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.04.12 10:02:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.01.10 19:58:55 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.04.07 20:59:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.01.07 13:39:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mp3DirectCut
[2012.03.16 13:45:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2011.10.30 13:24:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MySQL
[2011.10.22 17:11:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2012.04.29 10:41:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nvu
[2012.03.14 19:57:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenArena
[2012.04.25 17:19:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenIndex
[2012.01.04 12:22:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OPHA
[2012.02.20 18:33:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PDFCreator
[2012.02.20 17:38:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2012.04.16 10:18:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PSpad
[2012.02.11 12:40:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real
[2011.10.12 18:26:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Roxio
[2011.10.10 22:18:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.05.03 22:30:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2012.04.28 16:24:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spotify
[2012.02.11 17:36:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Swiss Academic Software
[2011.12.22 10:17:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.04.17 10:14:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2011.10.07 18:02:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.12.20 21:26:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\U3
[2012.04.14 12:36:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2011.12.17 15:38:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.10.29 13:04:43 | 002,834,432 | ---- | M] (DOSBox Team) -- C:\Users\***\AppData\Roaming\AppClient\Dosbox\dosbox.exe
[2011.10.29 13:04:44 | 000,102,730 | ---- | M] () -- C:\Users\***\AppData\Roaming\AppClient\Packages\Commander-Keen-4\keen4e.exe
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.03.08 10:38:10 | 005,199,808 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\install_dfv12.exe
[2012.03.08 10:33:07 | 009,812,368 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\install_est11.exe
[2012.03.08 10:33:57 | 006,232,560 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\install_eur11.exe
[2012.03.08 10:35:46 | 005,933,208 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gst11.exe
[2012.03.08 10:34:55 | 005,861,416 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gstz11.exe
[2012.03.08 10:38:57 | 005,268,208 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lsta12.exe
[2012.03.08 10:39:45 | 005,430,712 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lstb12.exe
[2012.03.08 10:36:36 | 005,836,248 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\install_par34a11.exe
[2012.03.08 10:37:22 | 005,368,176 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ust11.exe
[2012.03.08 10:40:35 | 005,276,616 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ustva12.exe
[2012.03.08 10:41:27 | 004,794,552 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_10_7699_8479.exe
[2012.03.08 10:42:17 | 004,797,064 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_11_7699_8479.exe
[2012.03.08 10:43:06 | 008,537,560 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_09_7699_8479.exe
[2012.03.08 10:43:53 | 007,467,704 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_10_7699_8479.exe
[2012.03.08 10:44:36 | 004,889,840 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_09_7699_8479.exe
[2012.03.08 10:45:20 | 004,898,024 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_10_7699_8479.exe
[2012.03.08 10:47:16 | 004,819,920 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_09_7699_8479.exe
[2012.03.08 10:47:55 | 004,821,816 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_10_7699_8479.exe
[2012.03.08 10:45:58 | 004,823,864 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_09_7699_8479.exe
[2012.03.08 10:46:36 | 004,824,472 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_10_7699_8479.exe
[2012.03.08 10:48:35 | 004,811,760 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_10_7699_8479.exe
[2012.03.08 10:49:14 | 004,807,744 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_11_7699_8479.exe
[2012.03.08 10:49:56 | 004,877,040 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_10_7699_8479.exe
[2012.03.08 10:50:36 | 004,887,696 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_11_7699_8479.exe
[2012.03.08 10:51:17 | 005,218,808 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_09_7699_8479.exe
[2012.03.08 10:51:57 | 005,219,736 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_10_7699_8479.exe
[2012.03.08 10:31:56 | 012,356,048 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_7699_8479.exe
[2012.03.08 10:53:57 | 004,824,984 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_10_7699_8479.exe
[2012.03.08 10:54:40 | 004,837,160 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_11_7699_8479.exe
[2012.03.08 10:52:37 | 004,837,800 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_09_7699_8479.exe
[2012.03.08 10:53:17 | 004,855,136 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\***\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_10_7699_8479.exe
[2012.04.05 16:47:01 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.10.08 11:23:34 | 015,154,600 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
[2012.04.01 12:23:57 | 000,106,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe
[2012.04.01 12:23:57 | 000,101,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe
[2012.04.01 12:23:57 | 000,021,416 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe
[2012.02.22 07:57:00 | 000,943,504 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2012.02.22 07:57:04 | 000,278,928 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2012.02.01 10:17:02 | 000,308,224 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe
[2012.02.22 07:57:02 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2012.01.31 11:16:12 | 000,290,816 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2012.01.31 11:16:12 | 000,693,248 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2012.02.22 07:57:06 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2012.04.01 12:23:57 | 000,106,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2012.04.01 12:23:57 | 000,101,288 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2012.02.22 07:57:10 | 000,131,984 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.04.01 12:23:57 | 000,021,416 | ---- | M] () -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2012.02.22 07:57:12 | 003,570,312 | ---- | M] (Freeware) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2012.01.31 11:15:38 | 024,123,656 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012.02.22 07:57:14 | 000,371,088 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.04.04 07:05:32 | 000,371,088 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
[2012.03.27 15:26:41 | 004,011,184 | ---- | M] (Spotify Ltd) -- C:\Users\***\AppData\Roaming\Spotify\spotify.exe
[2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Users\***\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 11:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\***\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 00:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\Temp\IIF2\Winall\Driver64\IaStor.sys
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.06.04 18:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\Temp\IIF2\Winall\Driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

cosinus 04.05.2012 10:33
Zitat:
ProxyServer" = proxy.rwe.com:80
Ein RWE-Proxy? Das lässt vermuten, dass dieser Rechner ein Bürorechner vom RWE-Konzern ist :pfeiff:

beckejr 04.05.2012 10:36
Nein, nicht wirklich.
Ist ein Privatrechner, der durchaus mal im RWE-Lan gewesen sein könnte. :heilig:

cosinus 04.05.2012 10:36
Zitat:
Ist ein Privatrechner, der durchaus mal im RWE-Lan gewesen sein könnte.
Was macht ein privater Rechner im RWE-LAN? Notebook, das mal da dran war, im Gastzugang?

beckejr 04.05.2012 10:41
Ja, er war mal als Gastzugang im Netz.

cosinus 04.05.2012 10:45
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\..\SearchScopes\{23D7A326-06E9-404D-B48E-A8DB83B24E1E}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2451510392-3483582798-355726404-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.rwe.com:80
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - user.js - File not found
[2011.11.26 21:00:06 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2ee8cf70-71da-11e1-94aa-00030d87b953}\Shell - "" = AutoRun
O33 - MountPoints2\{2ee8cf70-71da-11e1-94aa-00030d87b953}\Shell\AutoRun\command - "" = E:\Autoplay.exe -auto
O33 - MountPoints2\{b5b40963-2ae7-11e1-af84-00030d87b953}\Shell - "" = AutoRun
O33 - MountPoints2\{b5b40963-2ae7-11e1-af84-00030d87b953}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\StartViewer.exe
[2012.05.03 12:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F170001619A000AE1ADB4EB238B
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

beckejr 04.05.2012 10:58
Hier die Log-Datei:

Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2451510392-3483582798-355726404-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2451510392-3483582798-355726404-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2451510392-3483582798-355726404-1000\Software\Microsoft\Internet Explorer\SearchScopes\{23D7A326-06E9-404D-B48E-A8DB83B24E1E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23D7A326-06E9-404D-B48E-A8DB83B24E1E}\ not found.
HKU\S-1-5-21-2451510392-3483582798-355726404-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "chr-greentree_ff&type=827316&ilc=12" removed from browser.search.param.yahoo-fr
C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ee8cf70-71da-11e1-94aa-00030d87b953}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ee8cf70-71da-11e1-94aa-00030d87b953}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ee8cf70-71da-11e1-94aa-00030d87b953}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ee8cf70-71da-11e1-94aa-00030d87b953}\ not found.
File E:\Autoplay.exe -auto not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5b40963-2ae7-11e1-af84-00030d87b953}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5b40963-2ae7-11e1-af84-00030d87b953}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5b40963-2ae7-11e1-af84-00030d87b953}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5b40963-2ae7-11e1-af84-00030d87b953}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\StartViewer.exe not found.
Folder C:\ProgramData\F4D55F170001619A000AE1ADB4EB238B\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
 
User: xxx
->Temp folder emptied: 311794747 bytes
->Temporary Internet Files folder emptied: 140215794 bytes
->Java cache emptied: 7749409 bytes
->FireFox cache emptied: 55139456 bytes
->Google Chrome cache emptied: 13221714 bytes
->Flash cache emptied: 15215559 bytes
 
User: zzz
->Temp folder emptied: 1562155 bytes
->Temporary Internet Files folder emptied: 100016798 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 58476 bytes
 
User: yyy
->Temp folder emptied: 49798663 bytes
->Temporary Internet Files folder emptied: 405669265 bytes
->Java cache emptied: 115578 bytes
->FireFox cache emptied: 122311166 bytes
->Flash cache emptied: 126166 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5262748 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2294056873 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3.359,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: DefaultAppPool
->Flash cache emptied: 0 bytes
 
User: xxx
->Flash cache emptied: 0 bytes
 
User: zzz
->Flash cache emptied: 0 bytes
 
User: yyy
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.2 log created on 05042012_114723

Files\Folders moved on Reboot...
File\Folder C:\Users\yyy\AppData\Local\Temp\OICE_827E6CEB-1362-467E-9208-BAD005D77AF9.0\25A58E5. not found!

Registry entries deleted on Reboot...

cosinus 04.05.2012 11:55
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

beckejr 04.05.2012 12:04
Hier die Log-Datei:

Code:
12:57:31.0836 2764        TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
12:57:32.0148 2764        ============================================================
12:57:32.0148 2764        Current date / time: 2012/05/04 12:57:32.0148
12:57:32.0148 2764        SystemInfo:
12:57:32.0148 2764       
12:57:32.0148 2764        OS Version: 6.1.7601 ServicePack: 1.0
12:57:32.0148 2764        Product type: Workstation
12:57:32.0148 2764        ComputerName: ***-NB
12:57:32.0148 2764        UserName: ***
12:57:32.0148 2764        Windows directory: C:\Windows
12:57:32.0148 2764        System windows directory: C:\Windows
12:57:32.0148 2764        Processor architecture: Intel x86
12:57:32.0148 2764        Number of processors: 2
12:57:32.0148 2764        Page size: 0x1000
12:57:32.0148 2764        Boot type: Normal boot
12:57:32.0148 2764        ============================================================
12:57:33.0506 2764        Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:57:33.0537 2764        ============================================================
12:57:33.0537 2764        \Device\Harddisk1\DR1:
12:57:33.0537 2764        MBR partitions:
12:57:33.0537 2764        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x1B9BE761
12:57:33.0537 2764        ============================================================
12:57:33.0537 2764        C: <-> \Device\Harddisk1\DR1\Partition0
12:57:33.0568 2764        ============================================================
12:57:33.0568 2764        Initialize success
12:57:33.0568 2764        ============================================================
12:57:42.0273 2876        ============================================================
12:57:42.0273 2876        Scan started
12:57:42.0273 2876        Mode: Manual; SigCheck; TDLFS;
12:57:42.0273 2876        ============================================================
12:57:43.0068 2876        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
12:57:43.0256 2876        1394ohci - ok
12:57:43.0271 2876        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
12:57:43.0287 2876        ACPI - ok
12:57:43.0318 2876        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
12:57:43.0380 2876        AcpiPmi - ok
12:57:43.0380 2876        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:57:43.0396 2876        AdobeARMservice - ok
12:57:43.0724 2876        AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:57:43.0755 2876        AdobeFlashPlayerUpdateSvc - ok
12:57:43.0833 2876        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:57:43.0911 2876        adp94xx - ok
12:57:43.0942 2876        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:57:43.0973 2876        adpahci - ok
12:57:44.0004 2876        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:57:44.0036 2876        adpu320 - ok
12:57:44.0067 2876        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
12:57:44.0114 2876        AeLookupSvc - ok
12:57:44.0145 2876        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
12:57:44.0270 2876        AFD - ok
12:57:44.0394 2876        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
12:57:44.0426 2876        agp440 - ok
12:57:44.0457 2876        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:57:44.0519 2876        aic78xx - ok
12:57:44.0535 2876        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
12:57:44.0597 2876        ALG - ok
12:57:44.0660 2876        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
12:57:44.0722 2876        aliide - ok
12:57:44.0800 2876        AMD External Events Utility (b19505648f033393e907e2e419fde8b3) C:\Windows\system32\atiesrxx.exe
12:57:44.0909 2876        AMD External Events Utility - ok
12:57:44.0972 2876        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
12:57:45.0018 2876        amdagp - ok
12:57:45.0050 2876        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
12:57:45.0065 2876        amdide - ok
12:57:45.0128 2876        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:57:45.0206 2876        AmdK8 - ok
12:57:45.0237 2876        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:57:45.0299 2876        AmdPPM - ok
12:57:45.0346 2876        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
12:57:45.0393 2876        amdsata - ok
12:57:45.0424 2876        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:57:45.0471 2876        amdsbs - ok
12:57:45.0486 2876        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
12:57:45.0502 2876        amdxata - ok
12:57:45.0518 2876        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
12:57:45.0533 2876        AntiVirSchedulerService - ok
12:57:45.0533 2876        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
12:57:45.0549 2876        AntiVirService - ok
12:57:45.0596 2876        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
12:57:45.0752 2876        AppID - ok
12:57:45.0767 2876        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
12:57:45.0814 2876        AppIDSvc - ok
12:57:45.0830 2876        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
12:57:45.0861 2876        Appinfo - ok
12:57:45.0876 2876        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:57:45.0892 2876        Apple Mobile Device - ok
12:57:45.0939 2876        AppMgmt        (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
12:57:45.0986 2876        AppMgmt - ok
12:57:46.0032 2876        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:57:46.0048 2876        arc - ok
12:57:46.0064 2876        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:57:46.0079 2876        arcsas - ok
12:57:46.0110 2876        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:57:46.0251 2876        AsyncMac - ok
12:57:46.0251 2876        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
12:57:46.0266 2876        atapi - ok
12:57:46.0578 2876        atikmdag        (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
12:57:46.0875 2876        atikmdag - ok
12:57:46.0968 2876        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:57:47.0015 2876        AudioEndpointBuilder - ok
12:57:47.0015 2876        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:57:47.0046 2876        Audiosrv - ok
12:57:47.0062 2876        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
12:57:47.0093 2876        avgntflt - ok
12:57:47.0109 2876        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
12:57:47.0124 2876        avipbb - ok
12:57:47.0140 2876        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
12:57:47.0156 2876        avkmgr - ok
12:57:47.0202 2876        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
12:57:47.0312 2876        AxInstSV - ok
12:57:47.0390 2876        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:57:47.0514 2876        b06bdrv - ok
12:57:47.0577 2876        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:57:47.0670 2876        b57nd60x - ok
12:57:47.0686 2876        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
12:57:47.0764 2876        BDESVC - ok
12:57:47.0764 2876        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:57:47.0842 2876        Beep - ok
12:57:47.0904 2876        BFE            (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
12:57:48.0029 2876        BFE - ok
12:57:48.0170 2876        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
12:57:48.0263 2876        BITS - ok
12:57:48.0279 2876        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:57:48.0326 2876        blbdrive - ok
12:57:48.0341 2876        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
12:57:48.0372 2876        Bonjour Service - ok
12:57:48.0388 2876        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
12:57:48.0435 2876        bowser - ok
12:57:48.0482 2876        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:57:48.0575 2876        BrFiltLo - ok
12:57:48.0591 2876        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:57:48.0622 2876        BrFiltUp - ok
12:57:48.0622 2876        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
12:57:48.0716 2876        Browser - ok
12:57:48.0762 2876        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:57:48.0872 2876        Brserid - ok
12:57:48.0887 2876        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:57:48.0934 2876        BrSerWdm - ok
12:57:48.0965 2876        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:57:48.0996 2876        BrUsbMdm - ok
12:57:49.0012 2876        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:57:49.0043 2876        BrUsbSer - ok
12:57:49.0074 2876        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:57:49.0121 2876        BTHMODEM - ok
12:57:49.0152 2876        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
12:57:49.0199 2876        bthserv - ok
12:57:49.0215 2876        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:57:49.0262 2876        cdfs - ok
12:57:49.0340 2876        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
12:57:49.0386 2876        cdrom - ok
12:57:49.0402 2876        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:57:49.0449 2876        CertPropSvc - ok
12:57:49.0449 2876        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:57:49.0480 2876        circlass - ok
12:57:49.0496 2876        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:57:49.0511 2876        CLFS - ok
12:57:49.0636 2876        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:57:49.0652 2876        clr_optimization_v2.0.50727_32 - ok
12:57:49.0745 2876        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:57:49.0761 2876        clr_optimization_v4.0.30319_32 - ok
12:57:49.0776 2876        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:57:49.0792 2876        CmBatt - ok
12:57:49.0839 2876        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
12:57:49.0854 2876        cmdide - ok
12:57:49.0870 2876        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
12:57:49.0932 2876        CNG - ok
12:57:49.0932 2876        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:57:49.0964 2876        Compbatt - ok
12:57:49.0964 2876        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
12:57:50.0026 2876        CompositeBus - ok
12:57:50.0042 2876        COMSysApp - ok
12:57:50.0057 2876        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:57:50.0073 2876        crcdisk - ok
12:57:50.0104 2876        CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
12:57:50.0151 2876        CryptSvc - ok
12:57:50.0166 2876        CSC            (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
12:57:50.0261 2876        CSC - ok
12:57:50.0323 2876        CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
12:57:50.0386 2876        CscService - ok
12:57:50.0417 2876        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:57:50.0495 2876        DcomLaunch - ok
12:57:50.0511 2876        DCSLoader      (62f26d0d970fa21a9d965d04453c1def) C:\Windows\system32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE
12:57:50.0589 2876        DCSLoader - ok
12:57:50.0635 2876        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
12:57:50.0682 2876        defragsvc - ok
12:57:50.0698 2876        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
12:57:50.0729 2876        DfsC - ok
12:57:50.0791 2876        dg_ssudbus      (919f338fd36f47d860775368d0748780) C:\Windows\system32\DRIVERS\ssudbus.sys
12:57:50.0823 2876        dg_ssudbus - ok
12:57:50.0854 2876        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
12:57:50.0916 2876        Dhcp - ok
12:57:50.0916 2876        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:57:51.0010 2876        discache - ok
12:57:51.0010 2876        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:57:51.0057 2876        Disk - ok
12:57:51.0057 2876        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
12:57:51.0119 2876        Dnscache - ok
12:57:51.0166 2876        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
12:57:51.0213 2876        dot3svc - ok
12:57:51.0228 2876        dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
12:57:51.0306 2876        dot4 - ok
12:57:51.0353 2876        Dot4Print      (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:57:51.0415 2876        Dot4Print - ok
12:57:51.0462 2876        Dot4Scan        (9f7de667c505ce6500becdd8e11644d7) C:\Windows\system32\DRIVERS\Dot4Scan.sys
12:57:51.0540 2876        Dot4Scan - ok
12:57:51.0571 2876        dot4usb        (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
12:57:51.0618 2876        dot4usb - ok
12:57:51.0634 2876        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
12:57:51.0681 2876        DPS - ok
12:57:51.0727 2876        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:57:51.0821 2876        drmkaud - ok
12:57:51.0852 2876        dtsoftbus01    (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
12:57:51.0868 2876        dtsoftbus01 - ok
12:57:51.0899 2876        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
12:57:51.0961 2876        DXGKrnl - ok
12:57:51.0961 2876        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
12:57:52.0008 2876        EapHost - ok
12:57:52.0445 2876        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:57:52.0648 2876        ebdrv - ok
12:57:52.0679 2876        EFS            (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
12:57:52.0726 2876        EFS - ok
12:57:52.0804 2876        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
12:57:52.0929 2876        ehRecvr - ok
12:57:52.0960 2876        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
12:57:53.0022 2876        ehSched - ok
12:57:53.0116 2876        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:57:53.0256 2876        elxstor - ok
12:57:53.0272 2876        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
12:57:53.0319 2876        ErrDev - ok
12:57:53.0365 2876        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
12:57:53.0412 2876        EventSystem - ok
12:57:53.0459 2876        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:57:53.0553 2876        exfat - ok
12:57:53.0584 2876        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:57:53.0631 2876        fastfat - ok
12:57:53.0709 2876        Fax            (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
12:57:53.0771 2876        Fax - ok
12:57:53.0787 2876        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:57:53.0833 2876        fdc - ok
12:57:53.0849 2876        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
12:57:53.0927 2876        fdPHost - ok
12:57:53.0958 2876        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
12:57:54.0036 2876        FDResPub - ok
12:57:54.0052 2876        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:57:54.0067 2876        FileInfo - ok
12:57:54.0083 2876        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:57:54.0145 2876        Filetrace - ok
12:57:54.0177 2876        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:57:54.0255 2876        flpydisk - ok
12:57:54.0270 2876        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:57:54.0301 2876        FltMgr - ok
12:57:54.0411 2876        FontCache      (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
12:57:54.0473 2876        FontCache - ok
12:57:54.0567 2876        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:57:54.0598 2876        FontCache3.0.0.0 - ok
12:57:54.0613 2876        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:57:54.0660 2876        FsDepends - ok
12:57:54.0660 2876        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
12:57:54.0691 2876        Fs_Rec - ok
12:57:54.0707 2876        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
12:57:54.0723 2876        fvevol - ok
12:57:54.0785 2876        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:57:54.0816 2876        gagp30kx - ok
12:57:54.0847 2876        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:57:54.0863 2876        GEARAspiWDM - ok
12:57:54.0925 2876        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
12:57:55.0019 2876        gpsvc - ok
12:57:55.0035 2876        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:57:55.0097 2876        hcw85cir - ok
12:57:55.0113 2876        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
12:57:55.0159 2876        HdAudAddService - ok
12:57:55.0175 2876        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
12:57:55.0206 2876        HDAudBus - ok
12:57:55.0237 2876        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:57:55.0269 2876        HidBatt - ok
12:57:55.0300 2876        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:57:55.0362 2876        HidBth - ok
12:57:55.0378 2876        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:57:55.0409 2876        HidIr - ok
12:57:55.0425 2876        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
12:57:55.0456 2876        hidserv - ok
12:57:55.0471 2876        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
12:57:55.0503 2876        HidUsb - ok
12:57:55.0534 2876        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
12:57:55.0612 2876        hkmsvc - ok
12:57:55.0643 2876        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
12:57:55.0799 2876        HomeGroupListener - ok
12:57:55.0830 2876        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
12:57:55.0877 2876        HomeGroupProvider - ok
12:57:55.0893 2876        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
12:57:55.0908 2876        HpSAMD - ok
12:57:55.0939 2876        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
12:57:56.0002 2876        HTTP - ok
12:57:56.0002 2876        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
12:57:56.0017 2876        hwpolicy - ok
12:57:56.0017 2876        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
12:57:56.0049 2876        i8042prt - ok
12:57:56.0095 2876        IAANTMON        (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:57:56.0127 2876        IAANTMON - ok
12:57:56.0142 2876        iaNvStor        (3db9f6f69b8bb99d241b15c7b52e3a3d) C:\Windows\system32\DRIVERS\iaNvStor.sys
12:57:56.0158 2876        iaNvStor - ok
12:57:56.0173 2876        iaStor          (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
12:57:56.0189 2876        iaStor - ok
12:57:56.0298 2876        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
12:57:56.0361 2876        iaStorV - ok
12:57:56.0610 2876        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:57:56.0673 2876        idsvc - ok
12:57:56.0751 2876        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:57:56.0782 2876        iirsp - ok
12:57:56.0860 2876        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
12:57:56.0953 2876        IKEEXT - ok
12:57:56.0969 2876        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
12:57:56.0985 2876        intelide - ok
12:57:57.0000 2876        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:57:57.0031 2876        intelppm - ok
12:57:57.0094 2876        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
12:57:57.0172 2876        IPBusEnum - ok
12:57:57.0187 2876        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:57:57.0234 2876        IpFilterDriver - ok
12:57:57.0297 2876        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
12:57:57.0406 2876        iphlpsvc - ok
12:57:57.0421 2876        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
12:57:57.0562 2876        IPMIDRV - ok
12:57:57.0609 2876        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:57:57.0687 2876        IPNAT - ok
12:57:57.0733 2876        iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
12:57:57.0780 2876        iPod Service - ok
12:57:57.0811 2876        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:57:57.0843 2876        IRENUM - ok
12:57:57.0874 2876        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
12:57:57.0889 2876        isapnp - ok
12:57:57.0967 2876        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
12:57:58.0045 2876        iScsiPrt - ok
12:57:58.0061 2876        itecir          (e4b04a0d8b237ecf026d849439f1bcce) C:\Windows\system32\DRIVERS\itecir.sys
12:57:58.0139 2876        itecir - ok
12:57:58.0139 2876        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
12:57:58.0170 2876        kbdclass - ok
12:57:58.0170 2876        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
12:57:58.0201 2876        kbdhid - ok
12:57:58.0201 2876        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:57:58.0217 2876        KeyIso - ok
12:57:58.0217 2876        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
12:57:58.0248 2876        KSecDD - ok
12:57:58.0248 2876        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
12:57:58.0279 2876        KSecPkg - ok
12:57:58.0357 2876        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
12:57:58.0420 2876        KtmRm - ok
12:57:58.0435 2876        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
12:57:58.0498 2876        LanmanServer - ok
12:57:58.0498 2876        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
12:57:58.0545 2876        LanmanWorkstation - ok
12:57:58.0888 2876        LBTServ        (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:57:58.0950 2876        LBTServ - ok
12:57:59.0013 2876        LHidFilt        (01cc7fb6e790ef044b411377f3a1ff41) C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:57:59.0044 2876        LHidFilt - ok
12:57:59.0059 2876        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:57:59.0106 2876        lltdio - ok
12:57:59.0137 2876        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
12:57:59.0200 2876        lltdsvc - ok
12:57:59.0215 2876        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
12:57:59.0247 2876        lmhosts - ok
12:57:59.0262 2876        LMouFilt        (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:57:59.0278 2876        LMouFilt - ok
12:57:59.0325 2876        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:57:59.0403 2876        LSI_FC - ok
12:57:59.0449 2876        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:57:59.0481 2876        LSI_SAS - ok
12:57:59.0481 2876        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:57:59.0512 2876        LSI_SAS2 - ok
12:57:59.0527 2876        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:57:59.0543 2876        LSI_SCSI - ok
12:57:59.0559 2876        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:57:59.0590 2876        luafv - ok
12:57:59.0637 2876        MBAMProtector  (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
12:57:59.0683 2876        MBAMProtector - ok
12:57:59.0824 2876        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:57:59.0839 2876        MBAMService - ok
12:57:59.0917 2876        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
12:57:59.0949 2876        Mcx2Svc - ok
12:57:59.0995 2876        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:58:00.0042 2876        megasas - ok
12:58:00.0073 2876        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:58:00.0183 2876        MegaSR - ok
12:58:00.0198 2876        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:58:00.0245 2876        MMCSS - ok
12:58:00.0245 2876        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:58:00.0276 2876        Modem - ok
12:58:00.0276 2876        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:58:00.0292 2876        monitor - ok
12:58:00.0307 2876        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
12:58:00.0323 2876        mouclass - ok
12:58:00.0323 2876        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:58:00.0354 2876        mouhid - ok
12:58:00.0370 2876        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
12:58:00.0385 2876        mountmgr - ok
12:58:00.0448 2876        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:58:00.0479 2876        MozillaMaintenance - ok
12:58:00.0526 2876        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
12:58:00.0541 2876        mpio - ok
12:58:00.0557 2876        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:58:00.0666 2876        mpsdrv - ok
12:58:00.0775 2876        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
12:58:00.0900 2876        MpsSvc - ok
12:58:00.0947 2876        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
12:58:00.0978 2876        MRxDAV - ok
12:58:00.0994 2876        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:58:01.0041 2876        mrxsmb - ok
12:58:01.0056 2876        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:58:01.0087 2876        mrxsmb10 - ok
12:58:01.0103 2876        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:58:01.0134 2876        mrxsmb20 - ok
12:58:01.0150 2876        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
12:58:01.0181 2876        msahci - ok
12:58:01.0275 2876        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
12:58:01.0368 2876        msdsm - ok
12:58:01.0431 2876        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
12:58:01.0493 2876        MSDTC - ok
12:58:01.0524 2876        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:58:01.0555 2876        Msfs - ok
12:58:01.0571 2876        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:58:01.0602 2876        mshidkmdf - ok
12:58:01.0602 2876        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
12:58:01.0618 2876        msisadrv - ok
12:58:01.0665 2876        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
12:58:01.0743 2876        MSiSCSI - ok
12:58:01.0758 2876        msiserver - ok
12:58:01.0805 2876        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:58:01.0883 2876        MSKSSRV - ok
12:58:01.0899 2876        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:58:01.0945 2876        MSPCLOCK - ok
12:58:01.0961 2876        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:58:02.0008 2876        MSPQM - ok
12:58:02.0023 2876        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:58:02.0039 2876        MsRPC - ok
12:58:02.0055 2876        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
12:58:02.0055 2876        mssmbios - ok
12:58:02.0086 2876        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:58:02.0101 2876        MSTEE - ok
12:58:02.0133 2876        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:58:02.0148 2876        MTConfig - ok
12:58:02.0148 2876        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:58:02.0195 2876        Mup - ok
12:58:02.0226 2876        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
12:58:02.0273 2876        napagent - ok
12:58:02.0289 2876        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:58:02.0320 2876        NativeWifiP - ok
12:58:02.0367 2876        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
12:58:02.0398 2876        NDIS - ok
12:58:02.0429 2876        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:58:02.0460 2876        NdisCap - ok
12:58:02.0476 2876        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:58:02.0523 2876        NdisTapi - ok
12:58:02.0538 2876        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
12:58:02.0569 2876        Ndisuio - ok
12:58:02.0569 2876        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
12:58:02.0616 2876        NdisWan - ok
12:58:02.0616 2876        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
12:58:02.0663 2876        NDProxy - ok
12:58:02.0663 2876        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:58:02.0757 2876        NetBIOS - ok
12:58:02.0772 2876        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
12:58:02.0835 2876        NetBT - ok
12:58:02.0835 2876        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:58:02.0850 2876        Netlogon - ok
12:58:02.0897 2876        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
12:58:02.0991 2876        Netman - ok
12:58:03.0100 2876        NetMsmqActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:58:03.0147 2876        NetMsmqActivator - ok
12:58:03.0147 2876        NetPipeActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:58:03.0147 2876        NetPipeActivator - ok
12:58:03.0178 2876        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
12:58:03.0225 2876        netprofm - ok
12:58:03.0225 2876        NetTcpActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:58:03.0240 2876        NetTcpActivator - ok
12:58:03.0240 2876        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:58:03.0256 2876        NetTcpPortSharing - ok
12:58:03.0521 2876        netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
12:58:03.0771 2876        netw5v32 - ok
12:58:03.0849 2876        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:58:03.0895 2876        nfrd960 - ok
12:58:03.0911 2876        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
12:58:03.0958 2876        NlaSvc - ok
12:58:03.0973 2876        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:58:04.0036 2876        Npfs - ok
12:58:04.0051 2876        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
12:58:04.0067 2876        nsi - ok
12:58:04.0083 2876        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:58:04.0129 2876        nsiproxy - ok
12:58:04.0207 2876        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
12:58:04.0379 2876        Ntfs - ok
12:58:04.0379 2876        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:58:04.0426 2876        Null - ok
12:58:04.0457 2876        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
12:58:04.0473 2876        nvraid - ok
12:58:04.0535 2876        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
12:58:04.0613 2876        nvstor - ok
12:58:04.0660 2876        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
12:58:04.0722 2876        nv_agp - ok
12:58:05.0065 2876        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
12:58:05.0112 2876        ohci1394 - ok
12:58:05.0206 2876        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:58:05.0299 2876        ose - ok
12:58:06.0298 2876        osppsvc        (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:58:06.0688 2876        osppsvc - ok
12:58:06.0922 2876        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:58:07.0015 2876        p2pimsvc - ok
12:58:07.0047 2876        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
12:58:07.0156 2876        p2psvc - ok
12:58:07.0171 2876        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:58:07.0203 2876        Parport - ok
12:58:07.0203 2876        partmgr        (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
12:58:07.0234 2876        partmgr - ok
12:58:07.0249 2876        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:58:07.0281 2876        Parvdm - ok
12:58:07.0296 2876        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
12:58:07.0374 2876        PcaSvc - ok
12:58:07.0390 2876        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
12:58:07.0405 2876        pci - ok
12:58:07.0452 2876        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
12:58:07.0468 2876        pciide - ok
12:58:07.0499 2876        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:58:07.0561 2876        pcmcia - ok
12:58:07.0577 2876        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:58:07.0593 2876        pcw - ok
12:58:07.0624 2876        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:58:07.0686 2876        PEAUTH - ok
12:58:07.0811 2876        PeerDistSvc    (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
12:58:07.0905 2876        PeerDistSvc - ok
12:58:08.0092 2876        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
12:58:08.0185 2876        pla - ok
12:58:08.0232 2876        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
12:58:08.0295 2876        PlugPlay - ok
12:58:08.0326 2876        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
12:58:08.0388 2876        PNRPAutoReg - ok
12:58:08.0435 2876        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:58:08.0451 2876        PNRPsvc - ok
12:58:08.0513 2876        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
12:58:08.0653 2876        PolicyAgent - ok
12:58:08.0669 2876        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
12:58:08.0700 2876        Power - ok
12:58:08.0716 2876        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:58:08.0794 2876        PptpMiniport - ok
12:58:08.0825 2876        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:58:08.0887 2876        Processor - ok
12:58:08.0919 2876        ProfSvc        (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
12:58:08.0965 2876        ProfSvc - ok
12:58:08.0965 2876        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:58:08.0981 2876        ProtectedStorage - ok
12:58:08.0997 2876        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:58:09.0028 2876        Psched - ok
12:58:09.0059 2876        PSI            (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
12:58:09.0075 2876        PSI - ok
12:58:09.0075 2876        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
12:58:09.0090 2876        PxHelp20 - ok
12:58:09.0355 2876        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:58:09.0449 2876        ql2300 - ok
12:58:09.0511 2876        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:58:09.0527 2876        ql40xx - ok
12:58:09.0589 2876        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
12:58:09.0683 2876        QWAVE - ok
12:58:09.0699 2876        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:58:09.0745 2876        QWAVEdrv - ok
12:58:09.0761 2876        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:58:09.0792 2876        RasAcd - ok
12:58:09.0808 2876        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:58:09.0855 2876        RasAgileVpn - ok
12:58:09.0886 2876        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
12:58:09.0917 2876        RasAuto - ok
12:58:09.0933 2876        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:58:09.0979 2876        Rasl2tp - ok
12:58:10.0026 2876        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
12:58:10.0104 2876        RasMan - ok
12:58:10.0104 2876        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:58:10.0198 2876        RasPppoe - ok
12:58:10.0213 2876        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:58:10.0245 2876        RasSstp - ok
12:58:10.0260 2876        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
12:58:10.0338 2876        rdbss - ok
12:58:10.0354 2876        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:58:10.0369 2876        rdpbus - ok
12:58:10.0385 2876        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:58:10.0432 2876        RDPCDD - ok
12:58:10.0447 2876        RDPDR          (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
12:58:10.0479 2876        RDPDR - ok
12:58:10.0494 2876        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:58:10.0525 2876        RDPENCDD - ok
12:58:10.0541 2876        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:58:10.0557 2876        RDPREFMP - ok
12:58:10.0572 2876        RDPWD          (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
12:58:10.0666 2876        RDPWD - ok
12:58:10.0681 2876        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
12:58:10.0713 2876        rdyboost - ok
12:58:10.0744 2876        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
12:58:10.0791 2876        RemoteAccess - ok
12:58:10.0837 2876        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
12:58:10.0931 2876        RemoteRegistry - ok
12:58:10.0931 2876        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
12:58:10.0962 2876        RpcEptMapper - ok
12:58:11.0025 2876        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
12:58:11.0056 2876        RpcLocator - ok
12:58:11.0103 2876        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:58:11.0134 2876        RpcSs - ok
12:58:11.0134 2876        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:58:11.0181 2876        rspndr - ok
12:58:11.0181 2876        RTL8167        (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
12:58:11.0212 2876        RTL8167 - ok
12:58:11.0274 2876        s3cap          (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
12:58:11.0368 2876        s3cap - ok
12:58:11.0383 2876        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:58:11.0399 2876        SamSs - ok
12:58:11.0461 2876        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
12:58:11.0508 2876        sbp2port - ok
12:58:11.0524 2876        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
12:58:11.0555 2876        SCardSvr - ok
12:58:11.0571 2876        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
12:58:11.0633 2876        scfilter - ok
12:58:11.0695 2876        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
12:58:11.0805 2876        Schedule - ok
12:58:11.0805 2876        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:58:11.0836 2876        SCPolicySvc - ok
12:58:11.0867 2876        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
12:58:11.0976 2876        SDRSVC - ok
12:58:11.0992 2876        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:58:12.0023 2876        secdrv - ok
12:58:12.0054 2876        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
12:58:12.0117 2876        seclogon - ok
12:58:12.0319 2876        Secunia PSI Agent (fc4842cecaf2a938be13a6c534034088) C:\Program Files\Secunia\PSI\PSIA.exe
12:58:12.0413 2876        Secunia PSI Agent - ok
12:58:12.0491 2876        Secunia Update Agent (401c960e9c95d35cffb17ca57c4406fb) C:\Program Files\Secunia\PSI\sua.exe
12:58:12.0553 2876        Secunia Update Agent - ok
12:58:12.0600 2876        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
12:58:12.0647 2876        SENS - ok
12:58:12.0663 2876        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
12:58:12.0725 2876        SensrSvc - ok
12:58:12.0741 2876        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:58:12.0756 2876        Serenum - ok
12:58:12.0819 2876        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:58:12.0912 2876        Serial - ok
12:58:12.0990 2876        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:58:13.0068 2876        sermouse - ok
12:58:13.0084 2876        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
12:58:13.0146 2876        SessionEnv - ok
12:58:13.0193 2876        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
12:58:13.0255 2876        sffdisk - ok
12:58:13.0271 2876        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
12:58:13.0318 2876        sffp_mmc - ok
12:58:13.0349 2876        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
12:58:13.0380 2876        sffp_sd - ok
12:58:13.0396 2876        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:58:13.0411 2876        sfloppy - ok
12:58:13.0489 2876        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
12:58:13.0630 2876        SharedAccess - ok
12:58:13.0692 2876        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
12:58:13.0723 2876        ShellHWDetection - ok
12:58:13.0770 2876        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
12:58:13.0786 2876        sisagp - ok
12:58:13.0833 2876        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:58:13.0895 2876        SiSRaid2 - ok
12:58:13.0942 2876        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:58:13.0973 2876        SiSRaid4 - ok
12:58:14.0004 2876        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:58:14.0035 2876        Smb - ok
12:58:14.0113 2876        smserial        (19301c27f3425dc39f6c599f527e507d) C:\Windows\system32\DRIVERS\smserial.sys
12:58:14.0254 2876        smserial - ok
12:58:14.0316 2876        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
12:58:14.0363 2876        SNMPTRAP - ok
12:58:14.0363 2876        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:58:14.0394 2876        spldr - ok
12:58:14.0410 2876        Spooler        (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
12:58:14.0457 2876        Spooler - ok
12:58:14.0800 2876        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
12:58:14.0909 2876        sppsvc - ok
12:58:14.0987 2876        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
12:58:15.0081 2876        sppuinotify - ok
12:58:15.0096 2876        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
12:58:15.0159 2876        srv - ok
12:58:15.0174 2876        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
12:58:15.0221 2876        srv2 - ok
12:58:15.0221 2876        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
12:58:15.0252 2876        srvnet - ok
12:58:15.0283 2876        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
12:58:15.0330 2876        SSDPSRV - ok
12:58:15.0330 2876        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
12:58:15.0346 2876        ssmdrv - ok
12:58:15.0377 2876        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
12:58:15.0408 2876        SstpSvc - ok
12:58:15.0455 2876        ssudmdm        (8f299012ef58246f1c98de7b7e48dbf0) C:\Windows\system32\DRIVERS\ssudmdm.sys
12:58:15.0486 2876        ssudmdm - ok
12:58:15.0502 2876        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:58:15.0517 2876        stexstor - ok
12:58:15.0595 2876        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
12:58:15.0673 2876        StiSvc - ok
12:58:15.0673 2876        storflt        (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
12:58:15.0705 2876        storflt - ok
12:58:15.0720 2876        StorSvc        (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
12:58:15.0751 2876        StorSvc - ok
12:58:15.0798 2876        storvsc        (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
12:58:15.0845 2876        storvsc - ok
12:58:15.0845 2876        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
12:58:15.0861 2876        swenum - ok
12:58:15.0892 2876        SwitchBoard    (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:58:15.0939 2876        SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
12:58:15.0939 2876        SwitchBoard - detected UnsignedFile.Multi.Generic (1)
12:58:16.0001 2876        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
12:58:16.0063 2876        swprv - ok
12:58:16.0173 2876        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
12:58:16.0235 2876        SysMain - ok
12:58:16.0235 2876        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
12:58:16.0297 2876        TabletInputService - ok
12:58:16.0329 2876        TapiSrv        (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
12:58:16.0407 2876        TapiSrv - ok
12:58:16.0422 2876        tbhsd          (77bd6143c6dce0a1bf7b5571bed860dc) C:\Windows\system32\drivers\tbhsd.sys
12:58:16.0438 2876        tbhsd - ok
12:58:16.0469 2876        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
12:58:16.0500 2876        TBS - ok
12:58:16.0594 2876        Tcpip          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
12:58:16.0656 2876        Tcpip - ok
12:58:16.0672 2876        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
12:58:16.0703 2876        TCPIP6 - ok
12:58:16.0719 2876        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
12:58:16.0750 2876        tcpipreg - ok
12:58:16.0812 2876        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
12:58:16.0890 2876        TDPIPE - ok
12:58:16.0906 2876        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
12:58:16.0921 2876        TDTCP - ok
12:58:16.0937 2876        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
12:58:16.0984 2876        tdx - ok
12:58:17.0202 2876        TeamViewer7    (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
12:58:17.0343 2876        TeamViewer7 - ok
12:58:17.0389 2876        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
12:58:17.0405 2876        TermDD - ok
12:58:17.0483 2876        TermService    (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
12:58:17.0577 2876        TermService - ok
12:58:17.0592 2876        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
12:58:17.0623 2876        Themes - ok
12:58:17.0623 2876        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:58:17.0655 2876        THREADORDER - ok
12:58:17.0655 2876        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
12:58:17.0717 2876        TrkWks - ok
12:58:17.0748 2876        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
12:58:17.0811 2876        TrustedInstaller - ok
12:58:17.0826 2876        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:58:17.0857 2876        tssecsrv - ok
12:58:17.0889 2876        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
12:58:17.0951 2876        TsUsbFlt - ok
12:58:17.0951 2876        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
12:58:17.0982 2876        tunnel - ok
12:58:18.0045 2876        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:58:18.0123 2876        uagp35 - ok
12:58:18.0169 2876        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
12:58:18.0247 2876        udfs - ok
12:58:18.0279 2876        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
12:58:18.0325 2876        UI0Detect - ok
12:58:18.0388 2876        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
12:58:18.0419 2876        uliagpkx - ok
12:58:18.0435 2876        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
12:58:18.0450 2876        umbus - ok
12:58:18.0466 2876        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:58:18.0513 2876        UmPass - ok
12:58:18.0528 2876        UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
12:58:18.0544 2876        UmRdpService - ok
12:58:18.0637 2876        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
12:58:18.0715 2876        upnphost - ok
12:58:18.0762 2876        USBAAPL        (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
12:58:18.0825 2876        USBAAPL ( UnsignedFile.Multi.Generic ) - warning
12:58:18.0825 2876        USBAAPL - detected UnsignedFile.Multi.Generic (1)
12:58:18.0871 2876        usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
12:58:18.0965 2876        usbaudio - ok
12:58:18.0981 2876        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
12:58:19.0043 2876        usbccgp - ok
12:58:19.0090 2876        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
12:58:19.0199 2876        usbcir - ok
12:58:19.0199 2876        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
12:58:19.0246 2876        usbehci - ok
12:58:19.0261 2876        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
12:58:19.0293 2876        usbhub - ok
12:58:19.0308 2876        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
12:58:19.0371 2876        usbohci - ok
12:58:19.0402 2876        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:58:19.0417 2876        usbprint - ok
12:58:19.0480 2876        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:58:19.0527 2876        USBSTOR - ok
12:58:19.0542 2876        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:58:19.0558 2876        usbuhci - ok
12:58:19.0605 2876        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
12:58:19.0698 2876        usbvideo - ok
12:58:19.0698 2876        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
12:58:19.0745 2876        UxSms - ok
12:58:19.0745 2876        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:58:19.0761 2876        VaultSvc - ok
12:58:19.0761 2876        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
12:58:19.0823 2876        vdrvroot - ok
12:58:19.0870 2876        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
12:58:19.0979 2876        vds - ok
12:58:20.0010 2876        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:58:20.0041 2876        vga - ok
12:58:20.0041 2876        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:58:20.0073 2876        VgaSave - ok
12:58:20.0104 2876        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
12:58:20.0182 2876        vhdmp - ok
12:58:20.0244 2876        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
12:58:20.0291 2876        viaagp - ok
12:58:20.0322 2876        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:58:20.0353 2876        ViaC7 - ok
12:58:20.0385 2876        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
12:58:20.0400 2876        viaide - ok
12:58:20.0463 2876        vmbus          (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
12:58:20.0478 2876        vmbus - ok
12:58:20.0525 2876        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
12:58:20.0541 2876        VMBusHID - ok
12:58:20.0556 2876        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
12:58:20.0572 2876        volmgr - ok
12:58:20.0587 2876        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:58:20.0619 2876        volmgrx - ok
12:58:20.0665 2876        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
12:58:20.0681 2876        volsnap - ok
12:58:20.0728 2876        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:58:20.0743 2876        vsmraid - ok
12:58:20.0884 2876        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
12:58:20.0993 2876        VSS - ok
12:58:21.0009 2876        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
12:58:21.0040 2876        vwifibus - ok
12:58:21.0087 2876        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
12:58:21.0149 2876        W32Time - ok
12:58:21.0211 2876        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:58:21.0258 2876        WacomPen - ok
12:58:21.0274 2876        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:58:21.0321 2876        WANARP - ok
12:58:21.0321 2876        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:58:21.0352 2876        Wanarpv6 - ok
12:58:21.0789 2876        WatAdminSvc    (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
12:58:21.0945 2876        WatAdminSvc - ok
12:58:22.0506 2876        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
12:58:22.0693 2876        wbengine - ok
12:58:22.0725 2876        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
12:58:22.0771 2876        WbioSrvc - ok
12:58:22.0818 2876        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
12:58:22.0912 2876        wcncsvc - ok
12:58:22.0943 2876        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
12:58:23.0005 2876        WcsPlugInService - ok
12:58:23.0021 2876        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:58:23.0037 2876        Wd - ok
12:58:23.0052 2876        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:58:23.0099 2876        Wdf01000 - ok
12:58:23.0115 2876        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:58:23.0224 2876        WdiServiceHost - ok
12:58:23.0224 2876        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:58:23.0239 2876        WdiSystemHost - ok
12:58:23.0286 2876        WebClient      (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
12:58:23.0349 2876        WebClient - ok
12:58:23.0380 2876        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
12:58:23.0427 2876        Wecsvc - ok
12:58:23.0442 2876        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
12:58:23.0473 2876        wercplsupport - ok
12:58:23.0489 2876        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
12:58:23.0520 2876        WerSvc - ok
12:58:23.0520 2876        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:58:23.0551 2876        WfpLwf - ok
12:58:23.0567 2876        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:58:23.0583 2876        WIMMount - ok
12:58:23.0801 2876        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
12:58:23.0879 2876        WinDefend - ok
12:58:23.0879 2876        WinHttpAutoProxySvc - ok
12:58:24.0113 2876        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
12:58:24.0191 2876        Winmgmt - ok
12:58:24.0487 2876        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
12:58:24.0628 2876        WinRM - ok
12:58:24.0690 2876        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
12:58:24.0753 2876        WinUsb - ok
12:58:24.0799 2876        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
12:58:24.0877 2876        Wlansvc - ok
12:58:24.0893 2876        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
12:58:24.0909 2876        WmiAcpi - ok
12:58:24.0955 2876        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
12:58:25.0018 2876        wmiApSrv - ok
12:58:25.0205 2876        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:58:25.0314 2876        WMPNetworkSvc - ok
12:58:25.0751 2876        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
12:58:25.0860 2876        WPCSvc - ok
12:58:25.0876 2876        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
12:58:25.0938 2876        WPDBusEnum - ok
12:58:25.0969 2876        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:58:26.0047 2876        ws2ifsl - ok
12:58:26.0313 2876        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
12:58:26.0406 2876        wscsvc - ok
12:58:26.0422 2876        WSearch - ok
12:58:27.0108 2876        wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
12:58:27.0217 2876        wuauserv - ok
12:58:27.0249 2876        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
12:58:27.0280 2876        WudfPf - ok
12:58:27.0342 2876        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:58:27.0405 2876        WUDFRd - ok
12:58:27.0420 2876        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
12:58:27.0467 2876        wudfsvc - ok
12:58:27.0498 2876        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
12:58:27.0529 2876        WwanSvc - ok
12:58:27.0561 2876        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
12:58:27.0607 2876        \Device\Harddisk1\DR1 - ok
12:58:27.0607 2876        Boot (0x1200)  (783bad39f81ecc8c0008ad248c7b2803) \Device\Harddisk1\DR1\Partition0
12:58:27.0623 2876        \Device\Harddisk1\DR1\Partition0 - ok
12:58:27.0623 2876        ============================================================
12:58:27.0623 2876        Scan finished
12:58:27.0623 2876        ============================================================
12:58:27.0654 2788        Detected object count: 2
12:58:27.0654 2788        Actual detected object count: 2
13:00:07.0361 2788        SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
13:00:07.0361 2788        SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:00:07.0361 2788        USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
13:00:07.0361 2788        USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:00:11.0697 3208        Deinitialize success


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:28 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131