Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Verschiedene RKIT/Agent in BAcroIeHelpe 180.dll (https://www.trojaner-board.de/121298-verschiedene-rkit-agent-bacroiehelpe-180-dll.html)

Dennis91 05.08.2012 12:36
Verschiedene RKIT/Agent in BAcroIeHelpe 180.dll
 
Hallo,
Antivir hat in den letzten Tagen in
C:\Users\***\AppData\Roaming\BAcroIEHelpe175.dll
die folgenden Viren gefunden

RKIT/Agent.devb am 29.Juli
RKIT/Agent.devt.1 am 31.Juli
RKIT/Agent.dewf am 1.August
RKIT/Agent.dewl am 4.August

bei denen jeweils nach dem Klick auf "Entfernen" die Meldung nocheinmal erschien. Nach 2-3 Mal entfernen gab es dann keine Meldung mehr, nur 1-2 Tage später wiederholte sich das ganze bei den anderen Viren (siehe Liste).

Nur bei dem RKIT/Agent.dewl erscheint seit gestern Abend jedes mal eine neue Meldung sobald ich auf entfernen klicke.

Mein Betriebssystem ist Windows Vista 32 bit Home Premium.

Ich hoffe mir kann jemand weiterhelfen.

Gruß
Dennis

Hier sind die Logs

OTL Logfile:
Code:
OTL logfile created on: 05.08.2012 15:18:05 - Run 1
OTL by OldTimer - Version 3.2.56.0    Folder = C:\Users\Dennis\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,51% Memory free
6,19 Gb Paging File | 4,99 Gb Available in Paging File | 80,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,84 Gb Total Space | 62,27 Gb Free Space | 20,49% Space Free | Partition Type: NTFS
Drive D: | 149,92 Gb Total Space | 12,44 Gb Free Space | 8,30% Space Free | Partition Type: NTFS
Drive E: | 5,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 672,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.05 13:50:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
PRC - [2012.07.03 03:21:38 | 026,868,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.06.11 19:19:36 | 000,468,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.06.11 19:19:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.05.28 12:56:15 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012.05.15 11:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.05.15 11:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.05.08 11:05:34 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 11:05:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 11:05:34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 11:05:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.03.29 03:57:56 | 000,016,448 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Silverlight\4.1.10329.0\agcp.exe
PRC - [2012.02.24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.12.06 08:48:15 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.11.03 00:49:23 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.10.01 11:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006.11.02 21:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.01 22:48:10 | 000,006,400 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\BAcroIEHelpe180.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2009.04.07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2012.08.03 11:23:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.19 10:56:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.07 18:35:58 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.06.11 19:19:02 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.05.15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.08 11:05:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 11:05:34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.11.03 00:49:23 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2006.11.02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Windows\system32\D846.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.06.11 20:58:44 | 008,733,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.06.11 18:25:48 | 000,295,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.05.15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.05.08 11:05:34 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 11:05:34 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.02.23 14:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.02.11 23:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=10
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={2B7F8034-8896-419E-B617-1D6B9DCE4C63}&mid=7743bdcb501947d19bc9d15067ae688a-9ec377898ad09ba0776e436fc3ac9e28ac1a7bcf&lang=en&ds=ins13&pr=sa&d=2012-02-23 11:43:40&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000&q="
FF - prefs.js..network.proxy.http: "95.65.124.199"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.28 12:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 10:56:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.28 12:57:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Dennis\AppData\Roaming\14001.008 [2012.07.31 22:36:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 10:56:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.28 12:57:10 | 000,000,000 | ---D | M]
 
[2010.12.05 16:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions
[2012.07.26 14:33:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\91bwina0.default\extensions
[2010.12.08 18:17:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\91bwina0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.31 11:42:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\91bwina0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.12 18:37:40 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\91bwina0.default\extensions\personas@christopher.beard
[2011.12.19 14:26:36 | 000,005,508 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\91bwina0.default\searchplugins\webde-suche.xml
[2012.06.11 14:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.07.31 22:36:07 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\DENNIS\APPDATA\ROAMING\14001.008
[2012.02.23 12:43:19 | 000,164,722 | ---- | M] () (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\91BWINA0.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
[2012.07.26 14:33:28 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\91BWINA0.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.07.19 10:56:06 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.20 13:59:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.05.28 12:56:28 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.12 19:40:16 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Codecv Class) - {63F52C44-BE4E-420C-A48E-54630AAA04ED} - C:\ProgramData\Codecv\bhoclass.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Userinit] C:\Users\Dennis\AppData\Roaming\appconf32.exe ()
O4 - Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AF80116-5608-4163-8B68-09FB0734EBA7}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.02.03 08:11:25 | 000,055,136 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2011.11.14 17:40:17 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008.10.24 01:56:12 | 000,000,000 | R--D | M] - F:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2008.10.24 01:58:06 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.24 01:58:07 | 000,662,592 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2008.10.24 01:57:48 | 000,000,166 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{b81f32b3-0073-11e0-aa8d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b81f32b3-0073-11e0-aa8d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2012.02.03 08:11:25 | 000,055,136 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{b81f32b4-0073-11e0-aa8d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b81f32b4-0073-11e0-aa8d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.24 01:58:06 | 000,703,552 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.05 13:56:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2012.08.05 13:38:58 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\UAs
[2012.08.05 12:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.08.05 12:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012.08.05 11:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.08.05 11:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.08.05 11:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.07.31 22:36:07 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\14001.008
[2012.07.30 16:18:23 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\14001.007
[2012.07.28 23:03:39 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\14001.006
[2012.07.28 23:03:08 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\xmldm
[2012.07.28 23:03:07 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\kock
[2012.07.24 12:44:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.24 12:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2012.07.24 12:41:20 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Origin
[2012.07.24 12:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012.07.24 12:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Origin
[2012.07.23 13:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2012.07.20 21:52:55 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software
[2012.07.20 21:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.07.20 21:52:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.07.20 21:52:13 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\OpenCandy
[2012.07.20 21:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
[2012.07.18 18:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012.07.18 18:24:45 | 000,000,000 | ---D | C] -- C:\Users\Dennis\SystemRequirementsLab
[2012.07.17 18:09:19 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\et
[2012.07.15 14:33:12 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\Layer
[2012.07.11 22:33:50 | 000,000,000 | R--D | C] -- C:\Users\Dennis\Dropbox
[2012.07.11 22:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012.07.11 22:30:44 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.07.11 22:29:46 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Dropbox
[2012.07.10 16:09:19 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\dt
[2012.07.10 16:05:40 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\xvi32
[2012.07.10 12:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.07.10 12:47:39 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Origin
[2012.07.10 12:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.07.09 14:21:12 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\4kdownload.com
[2012.07.09 13:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2012.07.09 13:50:29 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\Freemake
[2012.07.09 13:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2012.07.09 13:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2012.07.08 14:24:02 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\RawTherapee4.0
[2012.07.08 14:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raw Therapee
[2012.07.08 14:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\RawTherapeeV40
[2012.07.08 11:02:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012.07.08 10:30:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TriDef 3D
[2012.07.08 10:30:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DDD
[2012.07.08 10:30:11 | 000,000,000 | ---D | C] -- C:\Program Files\TriDef 3D
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Dennis\AppData\Roaming\*.tmp files -> C:\Users\Dennis\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.05 14:58:51 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 14:58:51 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 14:51:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.05 14:22:59 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.05 13:55:54 | 000,050,477 | ---- | M] () -- C:\Users\Dennis\Desktop\Defogger.exe
[2012.08.05 13:54:25 | 000,000,017 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\blckdom.res
[2012.08.05 13:50:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2012.08.05 11:58:53 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.05 11:58:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.05 11:58:44 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.05 11:02:34 | 000,001,061 | ---- | M] () -- C:\Users\Dennis\Desktop\Spybot - Search & Destroy.lnk
[2012.08.04 15:20:14 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{089F02C9-035D-4675-87E0-D33C6D9D4B30}.job
[2012.08.01 22:48:10 | 000,006,400 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\BAcroIEHelpe180.dll
[2012.07.29 22:26:19 | 000,000,011 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\urhtps.dat
[2012.07.29 10:40:58 | 000,693,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.29 10:40:58 | 000,654,402 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.29 10:40:58 | 000,137,740 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.29 10:40:58 | 000,120,738 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.24 16:15:40 | 000,041,023 | ---- | M] () -- C:\Users\Dennis\.recently-used.xbel
[2012.07.24 16:14:48 | 002,924,244 | ---- | M] () -- C:\Users\Dennis\Desktop\Test.png
[2012.07.24 12:41:13 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.07.23 14:00:59 | 000,244,736 | ---- | M] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.21 17:48:59 | 000,107,737 | ---- | M] () -- C:\Users\Dennis\Desktop\N002_Neighborhood.png
[2012.07.14 22:44:52 | 000,002,032 | ---- | M] () -- C:\Users\Dennis\AppData\Local\d3d9caps.dat
[2012.07.13 13:26:27 | 000,192,711 | ---- | M] () -- C:\Users\Dennis\Desktop.jpg
[2012.07.11 22:33:50 | 000,000,948 | ---- | M] () -- C:\Users\Dennis\Desktop\Dropbox.lnk
[2012.07.11 22:31:01 | 000,000,958 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.08 15:09:47 | 000,327,680 | ---- | M] () -- C:\Windows\SPInstall.etl
[2012.07.08 10:38:11 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\LG 3D Game - TriDef 3D.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Dennis\AppData\Roaming\*.tmp files -> C:\Users\Dennis\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.05 13:56:54 | 000,050,477 | ---- | C] () -- C:\Users\Dennis\Desktop\Defogger.exe
[2012.08.05 11:02:34 | 000,001,061 | ---- | C] () -- C:\Users\Dennis\Desktop\Spybot - Search & Destroy.lnk
[2012.08.01 22:48:10 | 000,006,400 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\BAcroIEHelpe180.dll
[2012.07.29 22:26:19 | 000,000,011 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\urhtps.dat
[2012.07.28 23:03:19 | 000,000,017 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\blckdom.res
[2012.07.25 10:37:45 | 026,484,387 | ---- | C] () -- C:\Users\Dennis\Desktop\TestMerkw.Sims3Pack
[2012.07.24 16:15:40 | 000,041,023 | ---- | C] () -- C:\Users\Dennis\.recently-used.xbel
[2012.07.24 12:41:13 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.07.21 17:35:26 | 000,107,737 | ---- | C] () -- C:\Users\Dennis\Desktop\N002_Neighborhood.png
[2012.07.13 17:06:43 | 002,924,244 | ---- | C] () -- C:\Users\Dennis\Desktop\Test.png
[2012.07.13 13:26:23 | 000,192,711 | ---- | C] () -- C:\Users\Dennis\Desktop.jpg
[2012.07.11 22:33:50 | 000,000,948 | ---- | C] () -- C:\Users\Dennis\Desktop\Dropbox.lnk
[2012.07.11 22:31:01 | 000,000,958 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.08 11:11:52 | 000,327,680 | ---- | C] () -- C:\Windows\SPInstall.etl
[2012.07.08 10:30:55 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\LG 3D Game - TriDef 3D.lnk
[2012.07.06 18:09:26 | 3220,496,384 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.03 17:16:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.06.11 18:24:32 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2012.06.11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.04.12 21:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2011.01.10 22:13:50 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.01.10 22:13:50 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.12.31 13:38:52 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.12.07 14:53:52 | 000,002,032 | ---- | C] () -- C:\Users\Dennis\AppData\Local\d3d9caps.dat
[2010.12.05 20:23:20 | 000,026,340 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\UserTile.png
[2010.12.05 17:14:45 | 000,244,736 | ---- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.05 16:14:46 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008.12.09 17:23:13 | 000,052,688 | RHS- | C] () -- C:\Users\Dennis\AppData\Roaming\appconf32.exe
 
========== LOP Check ==========
 
[2012.07.28 23:03:39 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\14001.006
[2012.07.30 16:18:23 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\14001.007
[2012.07.31 22:36:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\14001.008
[2011.10.12 14:08:17 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Amazon
[2010.12.23 12:22:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\AniTuner
[2012.02.23 13:02:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Audacity
[2012.02.23 13:14:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\BL-Soft
[2011.07.02 14:02:02 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\BreezeTree
[2011.11.20 12:23:37 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Canon
[2011.04.14 17:21:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2012.08.05 12:00:00 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Dropbox
[2012.07.16 16:00:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\gtk-2.0
[2012.02.23 12:39:01 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Iggels
[2011.09.06 15:42:54 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\JavaEditor
[2012.07.28 23:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\kock
[2011.11.17 11:52:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leawo
[2010.12.11 12:15:42 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\MilkShape 3D 1.x.x
[2011.12.03 13:43:10 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OnLive App
[2012.07.20 21:52:13 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenCandy
[2012.07.10 12:48:53 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Origin
[2011.01.10 22:20:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\PC Suite
[2010.12.05 20:23:20 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\PeerNetworking
[2011.02.18 19:17:29 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\RawTherapee
[2011.01.11 18:07:50 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Samsung
[2010.12.05 16:14:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ScanSoft
[2011.11.17 11:52:50 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\tiger-k
[2012.02.06 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TSRWorkshop
[2012.07.20 21:52:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software
[2012.08.05 13:39:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\UAs
[2010.12.23 13:06:49 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\XMedia Recode
[2012.08.05 13:39:40 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\xmldm
[2012.08.05 11:58:03 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.04 15:20:14 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{089F02C9-035D-4675-87E0-D33C6D9D4B30}.job
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

--- --- ---


OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 05.08.2012 15:18:05 - Run 1
OTL by OldTimer - Version 3.2.56.0    Folder = C:\Users\Dennis\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,51% Memory free
6,19 Gb Paging File | 4,99 Gb Available in Paging File | 80,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,84 Gb Total Space | 62,27 Gb Free Space | 20,49% Space Free | Partition Type: NTFS
Drive D: | 149,92 Gb Total Space | 12,44 Gb Free Space | 8,30% Space Free | Partition Type: NTFS
Drive E: | 5,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 672,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Play_with_TriDef_Media_Player] -- "C:\Program Files\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" "%1" (DDD Group Plc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = C:\Program Files\TriDef 3D\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef 3D Media Player -- (DDD Group Plc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055BFB92-6AAC-4A75-B644-1647CE4DE81B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0A976BC8-9A8F-436D-A883-775624F9677D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D4AC4D9-75FF-4EAB-AE9A-9FDD6A47ABC9}" = rport=137 | protocol=17 | dir=out | app=system |
"{1DB3102A-F882-472E-BCC0-2FF7FD966EE8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{278BE7B6-0668-4D7B-BA89-EF0D3F6D6F02}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3626F180-A7B5-4FB6-A71A-05C76FEE58B8}" = lport=138 | protocol=17 | dir=in | app=system |
"{4721E6D5-118A-44C8-9E28-55DAD384A64C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{872501D2-75F6-4048-B47A-C243C86EFAFC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9B4DF311-D48C-4A9C-BEE5-9AB2AC23719D}" = lport=137 | protocol=17 | dir=in | app=system |
"{A1233C36-4FDB-44AB-8574-6380D4445EF2}" = rport=445 | protocol=6 | dir=out | app=system |
"{A3EF1A0F-D803-4704-ABC6-CAFC088B0E89}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BBABBA42-9A0C-4AE2-BF2D-38A7FFEE88D7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C70D3888-43C3-428C-9785-DD3B6B714B8A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C986D0EB-AA1A-43EE-B10D-3654C4BB0744}" = rport=138 | protocol=17 | dir=out | app=system |
"{D73B9B1A-B21C-4197-AAE2-A7E4245AA210}" = lport=139 | protocol=6 | dir=in | app=system |
"{D992E784-07AA-4A62-9137-868532A6B0E0}" = lport=445 | protocol=6 | dir=in | app=system |
"{E0B47CAF-D4EA-47D2-9FBE-B73BA891B066}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E80B8B71-7C90-4D52-A7CE-CA814619521A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F35CC11C-C59B-44DB-8349-5818B5EB8A6B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F8809484-C787-4A48-8B89-93FA5C0E47BA}" = rport=139 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017C3724-2D85-4B74-A7B1-63908A8AFC2C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0F8E31DE-F379-467A-91C3-DB288B1A7DA4}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{1FE5802E-36BD-4A8C-AFBB-A0EDC4BB6F32}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{24C93F5C-F821-4207-981E-DA192D4E840D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{281E56A5-2530-4694-A46F-55F00253E649}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2FCDD9A9-E6FC-474D-ABB2-B804F3ADFE2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{33001643-9F4B-40E3-8F4A-77798091A02B}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{34EBCA59-E3AC-4BBD-80F7-80633E1FEEC5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\war in the north\witn.exe |
"{35C4928A-6A2C-45CA-AC88-4A88F46FF812}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{367C971C-70E7-41D0-89A4-254A74D40DF9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4368AF0D-DCBE-48CF-B2F0-473A6C40E60C}" = protocol=17 | dir=in | app=c:\users\dennis\appdata\roaming\dropbox\bin\dropbox.exe |
"{47E49893-2A23-4E65-BC90-82EC6FDC6338}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{55DF598E-E409-43B2-B782-F6B08901C111}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5A065633-9D8F-463E-84DA-683D28D9BC11}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{638B5C87-9C3A-4A58-9F03-0B82E4577DA5}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{68430387-D081-4FDD-8A33-D8CB9F6DCCAA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6DC1BD3D-4FFA-4E2F-B670-06A0EAED10B1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7BACA8AD-73D2-4B06-9B23-FF85294636E6}" = protocol=6 | dir=out | app=system |
"{80D7E0C5-445B-40E5-AE92-1EBA9A4227CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8659DEBF-7A8B-40E0-9080-725D6340EDFD}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{8C15929B-0408-4099-9AFC-ED9FFF55B7FF}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{910EB025-7456-451C-9DFB-2C0797F419EE}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{914B413C-4586-48CE-A5B0-EC58FCE11712}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9548854D-13F6-42B1-B8AC-1DC66D7DCFEE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\war in the north\witn.exe |
"{A1D0C49E-A0AC-4862-AB66-0252AA21532A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ACD318EA-F705-4C59-B0E9-C22A3352E865}" = protocol=6 | dir=in | app=c:\users\dennis\appdata\roaming\dropbox\bin\dropbox.exe |
"{B03CD7D1-A1A5-4FC5-B428-D46EEC404111}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{B1D3ED54-54F2-4114-8DB5-68DDC3837DA7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B52BE822-BDAE-465A-8B82-D76D063CB543}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C0A95776-C465-46A5-A7AA-056B2150AB49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C204CB28-38D4-4140-8D70-FDA362B2F239}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C83AB34A-3F5C-4D01-A143-AFAB290C1634}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{D776E064-2629-45E2-9BE0-F5AFE11D9BFF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D98D247A-9ACD-4425-A083-E032929F5E3B}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{EC3A5D78-2F31-4E60-A008-3551CA97C2AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F65B0ABB-2C98-4D27-B75D-6CBE584F7633}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FB8D7D25-DCE8-4935-BB0D-E1EA8B34AAA9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FCAE38FC-7A73-466B-BF9D-AF86A0EA7EFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0A5E062A-7C76-41FB-B360-9C2EDC8C4A94}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{17530CF7-9A3E-46C3-AA9B-1A835AC52992}C:\greenfoot\greenfoot.exe" = protocol=6 | dir=in | app=c:\greenfoot\greenfoot.exe |
"TCP Query User{7196AA76-22F2-4666-A1B5-53F326D987F6}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=6 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe |
"TCP Query User{BE7C5B72-0B05-4D11-9AD5-5D5C0A10E5EC}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{D52BC37A-1B00-4B9B-A875-32001184398C}C:\program files\java\jdk1.6.0_23\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_23\jre\bin\java.exe |
"UDP Query User{18C5563E-5125-4C24-9FC2-A133D694F8CC}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{609C019E-0717-48A3-875E-15641FD5AA7F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{6821028D-E9D8-46F5-A5AA-6337CCDDC4BC}C:\greenfoot\greenfoot.exe" = protocol=17 | dir=in | app=c:\greenfoot\greenfoot.exe |
"UDP Query User{A8736C23-97C9-4629-8BA2-912CA17AECC9}C:\program files\dsnet corp\atube catcher 2.0\yct.exe" = protocol=17 | dir=in | app=c:\program files\dsnet corp\atube catcher 2.0\yct.exe |
"UDP Query User{DE386183-1CF4-441D-A834-F09BAFDCEA02}C:\program files\java\jdk1.6.0_23\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_23\jre\bin\java.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP510" = Canon MP510
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{147A8145-0AA6-0921-8414-9B1EE5A8108F}" = Warner Bros. Digital Copy Manager
"{1A2A15C2-6780-49c1-B296-503230E9DE00}" = Die Sims™ 2 Villen- und Garten-Accessoires
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2A56A0-AF80-4423-8C73-ADBFAB40E629}" = TSR RigFix
"{1F897E00-83A6-4133-54E1-58F8D35E61C2}" = AMD Catalyst Install Manager
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codecv
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java(TM) SE Development Kit 6 Update 23
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Die Sims™ 3 Showtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}" = Die Sims™ 3 Erstelle ein Muster-Tool
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D13D187-BA0B-4319-B8FE-7C3613E73278}" = QRCode
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = Die Sims™ 2 Teen Style-Accessoires
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{65761BAE-11E8-48FE-B30F-1F01011AB906}" = Die Sims™ 3 "Erstelle eine Welt"-Tool - Beta
"{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 10.4c, 2010.09.03
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{69A05CAD-B0AA-4586-8FDD-D4827B2652DC}" = AniTuner
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = Die Sims 2: Family Fun - Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7C056FA6-E362-467B-8160-062E9474FEE5}" = SlimDX Redistributable for .NET 2.0 (September 2011)
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_STANDARDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_STANDARDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_STANDARDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = Die Sims™ 2: Glamour-Accessoires
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE518445-0054-44F8-8315-2AD45BF3701E}" = Raw Therapee V4.0.8.3 x86
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = Die Sims™ 2 Gute Reise
"{F37DC802-9565-4B57-9F3C-2289910E34FD}_is1" = FlowBreeze Standard 2.6.0.14
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"aTube Catcher" = aTube Catcher
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Avira AntiVir Desktop" = Avira Free Antivirus
"Big Fish Games Center" = Big Fish Games Center (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"BlueJ_is1" = BlueJ 3.0.4
"Canon MP510 Benutzerregistrierung" = Canon MP510 Benutzerregistrierung
"com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager
"Cradle of Rome" = Cradle of Rome (remove only)
"dcmsvc_is1" = dcmsvc 1.0
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"experience-lge-mon-lite-bundle" = TriDef 3D Games (LG 3D Monitor/TV) 1.7.1
"Greenfoot_is1" = Greenfoot 2.0.1
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MilkShape 3D 1.8.4" = MilkShape 3D 1.8.4
"MilkShape 3D 1.8.5" = MilkShape 3D 1.8.5
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Poker Superstars II" = Poker Superstars II (remove only)
"RealPlayer 15.0" = RealPlayer
"Replay Video Capture4.2" = Replay Video Capture
"s3oc" = s3oc - Sims3 Object Cloner
"s3pe" = s3pe - Sims3 Package Editor
"Sims 2 Wardrobe Wrangler v1.1" = Sims 2 Wardrobe Wrangler v1.1
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"STANDARDR" = Microsoft Office Standard 2007
"StarUML_is1" = StarUML 5.0.2.1570
"Steam App 32800" = The Lord of the Rings: War in the North
"Video mp3 Extractor_is1" = Video mp3 Extractor
"Virtual Villagers" = Virtual Villagers (remove only)
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.2.8.9
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.01.2012 10:11:51 | Computer Name = Dennis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 06.01.2012 10:11:51 | Computer Name = Dennis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15672
 
Error - 06.01.2012 10:11:51 | Computer Name = Dennis-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15672
 
Error - 07.01.2012 07:08:15 | Computer Name = Dennis-PC | Source = WerSvc | ID = 5007
Description =
 
Error - 07.01.2012 18:50:22 | Computer Name = Dennis-PC | Source = WerSvc | ID = 5007
Description =
 
Error - 08.01.2012 07:21:35 | Computer Name = Dennis-PC | Source = WerSvc | ID = 5007
Description =
 
Error - 08.01.2012 17:55:35 | Computer Name = Dennis-PC | Source = WerSvc | ID = 5007
Description =
 
Error - 10.01.2012 07:43:46 | Computer Name = Dennis-PC | Source = WerSvc | ID = 5007
Description =
 
Error - 11.01.2012 08:00:08 | Computer Name = Dennis-PC | Source = WerSvc | ID = 5007
Description =
 
Error - 11.01.2012 12:02:25 | Computer Name = Dennis-PC | Source = WerSvc | ID = 5007
Description =
 
[ System Events ]
Error - 23.06.2011 11:07:13 | Computer Name = Dennis-PC | Source = bowser | ID = 8003
Description =
 
Error - 01.07.2011 03:59:58 | Computer Name = Dennis-PC | Source = Print | ID = 6161
Description = Das Dokument Ganzseitiges Foto im Besitz von Dennis konnte nicht auf
 dem Drucker Canon MP510 Printer gedruckt werden. Versuchen Sie erneut, das Dokument
 zu drucken, oder starten Sie den Druckspooler erneut.  Datentyp: NT EMF 1.008. Größe
 der Spooldatei in Bytes: 136773632. Anzahl der gedruckten Bytes: 136599436. Gesamtanzahl
 der Seiten des Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\DENNIS-PC.
 Vom Druckprozessor zurückgegebener Win32-Fehlercode: 1. Unzulässige Funktion. 
 
Error - 03.07.2011 05:12:15 | Computer Name = Dennis-PC | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - Rigoberta Menchú_Sirvienta en la capital
 im Besitz von Dennis konnte nicht auf dem Drucker Canon MP510 Printer gedruckt
werden. Versuchen Sie erneut, das Dokument zu drucken, oder starten Sie den Druckspooler
 erneut.  Datentyp: NT EMF 1.008. Größe der Spooldatei in Bytes: 131072. Anzahl der
 gedruckten Bytes: 47248. Gesamtanzahl der Seiten des Dokuments: 2. Anzahl der gedruckten
 Seiten: 0. Clientcomputer: \\DENNIS-PC. Vom Druckprozessor zurückgegebener Win32-Fehlercode:
 1. Unzulässige Funktion. 
 
Error - 03.07.2011 09:18:56 | Computer Name = Dennis-PC | Source = bowser | ID = 8003
Description =
 
Error - 03.07.2011 11:18:40 | Computer Name = Dennis-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.07.2011 um 17:17:00 unerwartet heruntergefahren.
 
Error - 16.07.2011 08:34:09 | Computer Name = Dennis-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 16.07.2011 um 14:29:49 unerwartet heruntergefahren.
 
Error - 29.07.2011 04:36:02 | Computer Name = Dennis-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Canon MP510 Printer nicht unter
 dem Namen Canon MP510 Printer freigeben. Fehler: 2114. Der Drucker kann nicht von
 anderen Benutzern im Netzwerk verwendet werden.
 
Error - 14.08.2011 05:04:16 | Computer Name = Dennis-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.08.2011 um 11:03:33 unerwartet heruntergefahren.
 
Error - 06.09.2011 09:09:42 | Computer Name = Dennis-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker Canon MP510 Printer nicht unter
 dem Namen Canon MP510 Printer freigeben. Fehler: 2114. Der Drucker kann nicht von
 anderen Benutzern im Netzwerk verwendet werden.
 
Error - 13.09.2011 16:22:41 | Computer Name = Dennis-PC | Source = Print | ID = 6161
Description = Das Dokument Microsoft Word - the world's most famous love story-
Romeo and Juliet summary im Besitz von Dennis konnte nicht auf dem Drucker Canon
 MP510 Printer gedruckt werden. Versuchen Sie erneut, das Dokument zu drucken, oder
 starten Sie den Druckspooler erneut.  Datentyp: NT EMF 1.008. Größe der Spooldatei
 in Bytes: 65536. Anzahl der gedruckten Bytes: 29544. Gesamtanzahl der Seiten des
 Dokuments: 1. Anzahl der gedruckten Seiten: 0. Clientcomputer: \\DENNIS-PC. Vom
 Druckprozessor zurückgegebener Win32-Fehlercode: 1. Unzulässige Funktion. 
 
 
< End of report >
--- --- ---

Dennis91 07.08.2012 10:23
Edit:
Defogger hat keine Fehlermldung angezeigt.
Bei Gmer wurde der Pc während des Suchlaufs automatisch neu gestartet, da es laut Windows zu einem Fehler kam.
Außerdem zeigt Antivir seit heute keine Fehlermeldung mehr an.
Was hat das zu bedeuten?

LOG File von heute:

OTL Logfile:
Code:
OTL logfile created on: 07.08.2012 11:35:19 - Run 2
OTL by OldTimer - Version 3.2.56.0    Folder = C:\Users\Dennis\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 57,45% Memory free
6,19 Gb Paging File | 4,74 Gb Available in Paging File | 76,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 303,84 Gb Total Space | 61,81 Gb Free Space | 20,34% Space Free | Partition Type: NTFS
Drive D: | 149,92 Gb Total Space | 12,41 Gb Free Space | 8,28% Space Free | Partition Type: NTFS
Drive E: | 5,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 672,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.05 13:50:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
PRC - [2012.07.19 10:56:06 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.07.03 03:21:38 | 026,868,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.06.11 19:19:36 | 000,468,992 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.06.11 19:19:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.05.28 12:56:15 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012.05.15 11:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.05.15 11:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.05.08 11:05:34 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 11:05:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 11:05:34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 11:05:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.02.24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.12.06 08:48:15 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.11.03 00:49:23 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.10.01 11:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006.11.02 21:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.06 22:51:23 | 000,138,808 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\14001.009\components\AcroFF009.dll
MOD - [2012.08.06 22:51:17 | 000,006,400 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\BAcroIEHelpe181.dll
MOD - [2012.07.19 10:56:05 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.05.15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2009.04.07 13:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files\dcmsvc\dcmsvc.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2012.08.03 11:23:11 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.19 10:56:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.07 18:35:58 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.06.11 19:19:02 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.05.15 12:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.08 11:05:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 11:05:34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.11.03 00:49:23 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2006.12.08 11:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2006.11.02 21:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\D846.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.06.11 20:58:44 | 008,733,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.06.11 18:25:48 | 000,295,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.05.15 12:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.05.08 11:05:34 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 11:05:34 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.02.23 14:31:36 | 000,083,984 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.02.11 23:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=10
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={2B7F8034-8896-419E-B617-1D6B9DCE4C63}&mid=7743bdcb501947d19bc9d15067ae688a-9ec377898ad09ba0776e436fc3ac9e28ac1a7bcf&lang=en&ds=ins13&pr=sa&d=2012-02-23 11:43:40&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000&q="
FF - prefs.js..network.proxy.http: "95.65.124.199"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.28 12:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 10:56:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.28 12:57:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Dennis\AppData\Roaming\14001.009 [2012.08.06 22:51:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.19 10:56:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.28 12:57:10 | 000,000,000 | ---D | M]
 
[2010.12.05 16:07:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions
[2012.07.26 14:33:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\91bwina0.default\extensions
[2010.12.08 18:17:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\91bwina0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.03.31 11:42:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\91bwina0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.03.12 18:37:40 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\91bwina0.default\extensions\personas@christopher.beard
[2011.12.19 14:26:36 | 000,005,508 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\91bwina0.default\searchplugins\webde-suche.xml
[2012.06.11 14:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.08.06 22:51:23 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\DENNIS\APPDATA\ROAMING\14001.009
[2012.02.23 12:43:19 | 000,164,722 | ---- | M] () (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\91BWINA0.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
[2012.07.26 14:33:28 | 000,184,864 | ---- | M] () (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\91BWINA0.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.07.19 10:56:06 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.20 13:59:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.05.28 12:56:28 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.12 19:40:16 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Codecv Class) - {63F52C44-BE4E-420C-A48E-54630AAA04ED} - C:\ProgramData\Codecv\bhoclass.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Userinit] C:\Users\Dennis\AppData\Roaming\appconf32.exe ()
O4 - Startup: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dennis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AF80116-5608-4163-8B68-09FB0734EBA7}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dennis\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.02.03 08:11:25 | 000,055,136 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2011.11.14 17:40:17 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008.10.24 01:56:12 | 000,000,000 | R--D | M] - F:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2008.10.24 01:58:06 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.24 01:58:07 | 000,662,592 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ UDF ]
O32 - AutoRun File - [2008.10.24 01:57:48 | 000,000,166 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{b81f32b3-0073-11e0-aa8d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b81f32b3-0073-11e0-aa8d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2012.02.03 08:11:25 | 000,055,136 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{b81f32b4-0073-11e0-aa8d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b81f32b4-0073-11e0-aa8d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.24 01:58:06 | 000,703,552 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.07 11:09:29 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.08.06 22:51:23 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\14001.009
[2012.08.05 13:56:54 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2012.08.05 13:38:58 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\UAs
[2012.08.05 12:04:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012.08.05 12:04:12 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2012.08.05 11:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.08.05 11:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.08.05 11:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.07.31 22:36:07 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\14001.008
[2012.07.30 16:18:23 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\14001.007
[2012.07.28 23:03:39 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\14001.006
[2012.07.28 23:03:08 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\xmldm
[2012.07.28 23:03:07 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\kock
[2012.07.24 12:44:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.07.24 12:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2012.07.24 12:41:20 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\Origin
[2012.07.24 12:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012.07.24 12:40:50 | 000,000,000 | ---D | C] -- C:\Program Files\Origin
[2012.07.23 13:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2012.07.20 21:52:55 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software
[2012.07.20 21:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.07.20 21:52:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.07.20 21:52:13 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\OpenCandy
[2012.07.20 21:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher
[2012.07.18 18:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2012.07.18 18:24:45 | 000,000,000 | ---D | C] -- C:\Users\Dennis\SystemRequirementsLab
[2012.07.17 18:09:19 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\et
[2012.07.15 14:33:12 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\Layer
[2012.07.11 22:33:50 | 000,000,000 | R--D | C] -- C:\Users\Dennis\Dropbox
[2012.07.11 22:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012.07.11 22:30:44 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.07.11 22:29:46 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Dropbox
[2012.07.10 16:09:19 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\dt
[2012.07.10 16:05:40 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\xvi32
[2012.07.10 12:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.07.10 12:47:39 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Origin
[2012.07.10 12:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.07.09 14:21:12 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\4kdownload.com
[2012.07.09 13:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2012.07.09 13:50:29 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\Freemake
[2012.07.09 13:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2012.07.09 13:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2012.07.08 14:24:02 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\RawTherapee4.0
[2012.07.08 14:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raw Therapee
[2012.07.08 14:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\RawTherapeeV40
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Dennis\AppData\Roaming\*.tmp files -> C:\Users\Dennis\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.07 11:23:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.07 11:12:22 | 000,000,017 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\blckdom.res
[2012.08.07 11:09:29 | 227,408,299 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.07 11:09:23 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.07 11:09:19 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.07 11:09:18 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.07 11:09:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.07 11:08:55 | 3220,496,384 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.07 11:02:12 | 000,302,592 | ---- | M] () -- C:\Users\Dennis\Desktop\ecj9i2lt.exe
[2012.08.07 10:52:48 | 000,000,000 | ---- | M] () -- C:\Users\Dennis\defogger_reenable
[2012.08.07 10:51:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.07 10:46:20 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{089F02C9-035D-4675-87E0-D33C6D9D4B30}.job
[2012.08.06 22:51:17 | 000,179,344 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\AcroIEHelpe181.dll
[2012.08.06 22:51:17 | 000,006,400 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\BAcroIEHelpe181.dll
[2012.08.05 13:55:54 | 000,050,477 | ---- | M] () -- C:\Users\Dennis\Desktop\Defogger.exe
[2012.08.05 13:50:29 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Dennis\Desktop\OTL.exe
[2012.08.05 11:02:34 | 000,001,061 | ---- | M] () -- C:\Users\Dennis\Desktop\Spybot - Search & Destroy.lnk
[2012.07.29 22:26:19 | 000,000,011 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\urhtps.dat
[2012.07.29 10:40:58 | 000,693,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.29 10:40:58 | 000,654,402 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.29 10:40:58 | 000,137,740 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.29 10:40:58 | 000,120,738 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.24 16:15:40 | 000,041,023 | ---- | M] () -- C:\Users\Dennis\.recently-used.xbel
[2012.07.24 16:14:48 | 002,924,244 | ---- | M] () -- C:\Users\Dennis\Desktop\Test.png
[2012.07.24 12:41:13 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.07.23 14:00:59 | 000,244,736 | ---- | M] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.21 17:48:59 | 000,107,737 | ---- | M] () -- C:\Users\Dennis\Desktop\N002_Neighborhood.png
[2012.07.14 22:44:52 | 000,002,032 | ---- | M] () -- C:\Users\Dennis\AppData\Local\d3d9caps.dat
[2012.07.13 13:26:27 | 000,192,711 | ---- | M] () -- C:\Users\Dennis\Desktop.jpg
[2012.07.11 22:33:50 | 000,000,948 | ---- | M] () -- C:\Users\Dennis\Desktop\Dropbox.lnk
[2012.07.11 22:31:01 | 000,000,958 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.08 15:09:47 | 000,327,680 | ---- | M] () -- C:\Windows\SPInstall.etl
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Dennis\AppData\Roaming\*.tmp files -> C:\Users\Dennis\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.07 11:09:00 | 227,408,299 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.08.07 11:03:26 | 000,302,592 | ---- | C] () -- C:\Users\Dennis\Desktop\ecj9i2lt.exe
[2012.08.07 10:52:48 | 000,000,000 | ---- | C] () -- C:\Users\Dennis\defogger_reenable
[2012.08.06 22:51:17 | 000,179,344 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\AcroIEHelpe181.dll
[2012.08.06 22:51:17 | 000,006,400 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\BAcroIEHelpe181.dll
[2012.08.05 13:56:54 | 000,050,477 | ---- | C] () -- C:\Users\Dennis\Desktop\Defogger.exe
[2012.08.05 11:02:34 | 000,001,061 | ---- | C] () -- C:\Users\Dennis\Desktop\Spybot - Search & Destroy.lnk
[2012.07.29 22:26:19 | 000,000,011 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\urhtps.dat
[2012.07.28 23:03:19 | 000,000,017 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\blckdom.res
[2012.07.25 10:37:45 | 026,484,387 | ---- | C] () -- C:\Users\Dennis\Desktop\TestMerkw.Sims3Pack
[2012.07.24 16:15:40 | 000,041,023 | ---- | C] () -- C:\Users\Dennis\.recently-used.xbel
[2012.07.24 12:41:13 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.07.21 17:35:26 | 000,107,737 | ---- | C] () -- C:\Users\Dennis\Desktop\N002_Neighborhood.png
[2012.07.13 17:06:43 | 002,924,244 | ---- | C] () -- C:\Users\Dennis\Desktop\Test.png
[2012.07.13 13:26:23 | 000,192,711 | ---- | C] () -- C:\Users\Dennis\Desktop.jpg
[2012.07.11 22:33:50 | 000,000,948 | ---- | C] () -- C:\Users\Dennis\Desktop\Dropbox.lnk
[2012.07.11 22:31:01 | 000,000,958 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.07.03 17:16:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.06.11 18:24:32 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2012.06.11 13:50:42 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012.04.12 21:30:10 | 000,637,743 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2011.01.10 22:13:50 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2011.01.10 22:13:50 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.12.31 13:38:52 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.12.07 14:53:52 | 000,002,032 | ---- | C] () -- C:\Users\Dennis\AppData\Local\d3d9caps.dat
[2010.12.05 20:23:20 | 000,026,340 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\UserTile.png
[2010.12.05 17:14:45 | 000,244,736 | ---- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.05 16:14:46 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008.12.09 17:23:13 | 000,052,688 | RHS- | C] () -- C:\Users\Dennis\AppData\Roaming\appconf32.exe
 
========== LOP Check ==========
 
[2012.07.28 23:03:39 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\14001.006
[2012.07.30 16:18:23 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\14001.007
[2012.07.31 22:36:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\14001.008
[2012.08.06 22:51:23 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\14001.009
[2011.10.12 14:08:17 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Amazon
[2010.12.23 12:22:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\AniTuner
[2012.02.23 13:02:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Audacity
[2012.02.23 13:14:12 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\BL-Soft
[2011.07.02 14:02:02 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\BreezeTree
[2011.11.20 12:23:37 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Canon
[2011.04.14 17:21:58 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2012.08.07 11:12:06 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Dropbox
[2012.07.16 16:00:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\gtk-2.0
[2012.02.23 12:39:01 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Iggels
[2011.09.06 15:42:54 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\JavaEditor
[2012.07.28 23:03:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\kock
[2011.11.17 11:52:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leawo
[2010.12.11 12:15:42 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\MilkShape 3D 1.x.x
[2011.12.03 13:43:10 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OnLive App
[2012.07.20 21:52:13 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenCandy
[2012.07.10 12:48:53 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Origin
[2011.01.10 22:20:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\PC Suite
[2010.12.05 20:23:20 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\PeerNetworking
[2011.02.18 19:17:29 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\RawTherapee
[2011.01.11 18:07:50 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Samsung
[2010.12.05 16:14:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ScanSoft
[2011.11.17 11:52:50 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\tiger-k
[2012.02.06 18:18:42 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TSRWorkshop
[2012.07.20 21:52:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software
[2012.08.05 13:39:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\UAs
[2010.12.23 13:06:49 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\XMedia Recode
[2012.08.05 13:39:40 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\xmldm
[2012.08.07 10:54:11 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.07 10:46:20 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{089F02C9-035D-4675-87E0-D33C6D9D4B30}.job
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


Gruß
Dennis

t'john 07.08.2012 19:54
:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL
MOD - [2012.08.06 22:51:23 | 000,138,808 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\14001.009\components\AcroFF009.dll
MOD - [2012.08.06 22:51:17 | 000,006,400 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\BAcroIEHelpe181.dll
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\D846.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=10
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
IE - HKCU\..\URLSearchHook: {64ead72b-ffd4-4e01-aa3a-4c71665d73e4} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={2B7F8034-8896-419E-B617-1D6B9DCE4C63}&mid=7743bdcb501947d19bc9d15067ae688a-9ec377898ad09ba0776e436fc3ac9e28ac1a7bcf&lang=en&ds=ins13&pr=sa&d=2012-02-23 11:43:40&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2849855
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&crg=3.1010000&q="
FF - prefs.js..network.proxy.http: "95.65.124.199"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll File not found
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll File not found
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files\dcmsvc\dcmsvc.exe ()
O4 - HKCU..\Run: [Userinit] C:\Users\Dennis\AppData\Roaming\appconf32.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.11.14 17:40:17 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008.10.24 01:57:48 | 000,000,166 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{b81f32b3-0073-11e0-aa8d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b81f32b3-0073-11e0-aa8d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2012.02.03 08:11:25 | 000,055,136 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{b81f32b4-0073-11e0-aa8d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b81f32b4-0073-11e0-aa8d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2008.10.24 01:58:06 | 000,703,552 | R--- | M] (Electronic Arts Inc.)

[2012.07.20 21:52:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}

[2012.08.07 11:02:12 | 000,302,592 | ---- | M] () -- C:\Users\Dennis\Desktop\ecj9i2lt.exe

[2008.12.09 17:23:13 | 000,052,688 | RHS- | C] () -- C:\Users\Dennis\AppData\Roaming\appconf32.exe


[2012.08.05 13:38:58 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\UAs
[2012.08.05 13:39:40 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\xmldm

 
[2012.07.28 23:03:39 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\14001.006
[2012.07.28 23:03:07 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\kock
[2012.07.28 23:03:19 | 000,000,017 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\blckdom.res

[2012.07.23 13:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM

[2012.07.20 21:52:13 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\OpenCandy


[2012.08.07 11:09:23 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.07 11:09:19 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.07 11:09:18 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.07 10:51:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.07 10:46:20 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{089F02C9-035D-4675-87E0-D33C6D9D4B30}.job
[2012.08.06 22:51:23 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\DENNIS\APPDATA\ROAMING\14001.009
[2012.08.06 22:51:23 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\14001.009
[2012.08.06 22:51:17 | 000,179,344 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\AcroIEHelpe181.dll
[2012.08.06 22:51:17 | 000,006,400 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\BAcroIEHelpe181.dll

:Files

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Dennis91 07.08.2012 22:04
Hier ist das Logfile:

Code:
All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service MEMSWEEP2 stopped successfully!
Service MEMSWEEP2 deleted successfully!
File C:\Windows\system32\D846.tmp not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\system32\drivers\blbdrive.sys not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64ead72b-ffd4-4e01-aa3a-4c71665d73e4}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll moved successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "LEO Eng-Deu" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.update
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.google.de/" removed from browser.startup.homepage
Prefs.js: personas@christopher.beard:1.6.2 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000&q=" removed from keyword.URL
Prefs.js: "95.65.124.199" removed from network.proxy.http
Prefs.js: 80 removed from network.proxy.http_port
Prefs.js: "localhost, 127.0.0.1, stealthy.co" removed from network.proxy.no_proxies_on
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: 0 removed from network.proxy.type
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from sweetim.toolbar.previous.keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F9639E4A-801B-4843-AEE3-03D9DA199E77} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64EAD72B-FFD4-4E01-AA3A-4C71665D73E4}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\dcmsvc deleted successfully.
C:\Program Files\dcmsvc\dcmsvc.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Userinit deleted successfully.
C:\Users\Dennis\AppData\Roaming\appconf32.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b81f32b3-0073-11e0-aa8d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b81f32b3-0073-11e0-aa8d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b81f32b3-0073-11e0-aa8d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b81f32b3-0073-11e0-aa8d-806e6f6e6963}\ not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b81f32b4-0073-11e0-aa8d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b81f32b4-0073-11e0-aa8d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b81f32b4-0073-11e0-aa8d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b81f32b4-0073-11e0-aa8d-806e6f6e6963}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} folder moved successfully.
C:\Users\Dennis\Desktop\ecj9i2lt.exe moved successfully.
File C:\Users\Dennis\AppData\Roaming\appconf32.exe not found.
C:\Users\Dennis\AppData\Roaming\UAs folder moved successfully.
C:\Users\Dennis\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Dennis\AppData\Roaming\14001.006\components folder moved successfully.
C:\Users\Dennis\AppData\Roaming\14001.006 folder moved successfully.
C:\Users\Dennis\AppData\Roaming\kock folder moved successfully.
C:\Users\Dennis\AppData\Roaming\blckdom.res moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\orange folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\green folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\blue folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf folder moved successfully.
C:\Program Files\SweetIM\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files\SweetIM\Toolbars folder moved successfully.
C:\Program Files\SweetIM folder moved successfully.
C:\Users\Dennis\AppData\Roaming\OpenCandy\3D89086F3AF042F08210C23B45E3AA0B folder moved successfully.
C:\Users\Dennis\AppData\Roaming\OpenCandy folder moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\User_Feed_Synchronization-{089F02C9-035D-4675-87E0-D33C6D9D4B30}.job moved successfully.
C:\USERS\DENNIS\APPDATA\ROAMING\14001.009\components folder moved successfully.
C:\USERS\DENNIS\APPDATA\ROAMING\14001.009 folder moved successfully.
Folder C:\Users\Dennis\AppData\Roaming\14001.009\ not found.
File C:\Users\Dennis\AppData\Roaming\AcroIEHelpe181.dll not found.
File C:\Users\Dennis\AppData\Roaming\BAcroIEHelpe181.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Dennis\Desktop\cmd.bat deleted successfully.
C:\Users\Dennis\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
 
User: Dennis
->Temp folder emptied: 7887149159 bytes
->Temporary Internet Files folder emptied: 100433943 bytes
->Java cache emptied: 6432741 bytes
->FireFox cache emptied: 90118245 bytes
->Flash cache emptied: 198648 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 378060174 bytes
RecycleBin emptied: 17983109 bytes
 
Total Files Cleaned = 8.088,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
 
User: Dennis
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.56.0 log created on 08072012_223855

Files\Folders moved on Reboot...
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.
File move failed. C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2011.11.14 17:40:17 | 000,000,049 | R--- | M] () E:\Autorun.inf : MD5=38375BDA813BA2DD3512B6D25D343F8E
[2008.10.24 01:57:48 | 000,000,166 | R--- | M] () F:\autorun.inf : MD5=D703F7557778CBE560147F0264249970
[2012.02.03 08:11:25 | 000,055,136 | R--- | M] (Electronic Arts) E:\Autorun.exe : MD5=93F05DBDEA7415A4D936774493F58C38
[2008.10.24 01:58:06 | 000,703,552 | R--- | M] (Electronic Arts Inc.) F:\AutoRun.exe : MD5=452013213FAC34FEDCF6C60E3069BE83
[2012.08.07 22:51:37 | 000,003,072 | -H-- | M] () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 : Unable to obtain MD5
[2012.08.07 22:51:37 | 000,003,072 | -H-- | M] () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 : Unable to obtain MD5

Registry entries deleted on Reboot...
Ist mein PC jetzt wieder frei von Viren?

Schonmal vielen Dank für deine Hilfe t'john :dankeschoen:

t'john 07.08.2012 23:24
Sehr gut! :daumenhoc

Wie laeuft der Rechner?

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Dennis91 08.08.2012 08:44
Direkt nach dem Fix war alles wie immer. Nur Firefox hat gemeldet, dass 2 Add Ons installiert wurden. Die waren aber schon vorher installiert.
Als ich ihn heute Morgen hochfahren wollte kam die zunächst die Meldung "An Windows wurde eine nicht autorisierte Veränderung am System vorgenommen" und ich konnte Windows nicht starten.
Als ich den Pc dann ein zweites Mal hochfahren wollte, kam die Meldung nicht und es war alles wie immer.
Bei Antivir befinden sich noch einige Viren in der Quarantäne, soll ich die löschen?

Gruß Dennis

Hier sind die Logs

Malwarebytes:

Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.08.03

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Dennis :: DENNIS-PC [Administrator]

Schutz: Aktiviert

08.08.2012 09:53:22
mbam-log-2012-08-08 (09-53-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 441803
Laufzeit: 1 Stunde(n), 45 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 9
HKCR\CLSID\{63F52C44-BE4E-420C-A48E-54630AAA04ED} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63F52C44-BE4E-420C-A48E-54630AAA04ED} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63F52C44-BE4E-420C-A48E-54630AAA04ED} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63F52C44-BE4E-420C-A48E-54630AAA04ED} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DD31495E-290C-41CF-8C66-7415383F82DE} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dennis\AppData\Roaming\AcroIEHelpe183.dll (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\08072012_223855\C_Users\Dennis\AppData\Roaming\appconf32.exe (Spyware.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
AdwCleaner:

Code:
# AdwCleaner v1.800 - Logfile created 08/08/2012 at 11:47:32
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium  (32 bits)
# User : Dennis - DENNIS-PC
# Running from : C:\Users\Dennis\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Dennis\AppData\Local\Conduit
Folder Found : C:\Users\Dennis\AppData\Local\Ilivid Player
Folder Found : C:\Users\Dennis\AppData\LocalLow\Conduit
Folder Found : C:\Users\Dennis\AppData\LocalLow\SweetIM
Folder Found : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\91bwina0.default\SweetPacksToolbarData
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\Program Files\Conduit
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Found : HKLM\SOFTWARE\Classes\I
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Found : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\SweetIM

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.16982

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\91bwina0.default\prefs.js

Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10606");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "ec2fe9070000000000000019214a8179");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15431");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "85%5F3");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8oBnIJAB&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6R8oBnIJAB");
Found : user_pref("extensions.incredibar_i.upn2n", "92824115243516673");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1416:56:22");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

*************************

AdwCleaner[R1].txt - [8881 octets] - [08/08/2012 11:47:32]

########## EOF - C:\AdwCleaner[R1].txt - [9009 octets] ##########
Windows hat mich aufgefordert den Product Key einzugeben und es läuft seitdem wieder alles normal.

Gruß Dennis

t'john 08.08.2012 14:28
Sehr gut! :daumenhoc


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Dennis91 08.08.2012 23:31
So Hier sind die Logs:
AdwCleaner

Code:
# AdwCleaner v1.800 - Logfile created 08/08/2012 at 18:00:49
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Dennis - DENNIS-PC
# Running from : C:\Users\Dennis\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Dennis\AppData\Local\Conduit
Folder Deleted : C:\Users\Dennis\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Dennis\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Dennis\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Dennis\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dennis\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\91bwina0.default\SweetPacksToolbarData
Folder Deleted : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\91bwina0.default\extensions\toolbar@ask.com
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
File Deleted : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\91bwina0.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\APN
Key Deleted : HKLM\SOFTWARE\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\SweetIM
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6002.18005

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\91bwina0.default\prefs.js

C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\91bwina0.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Deleted : user_pref("extensions.asktb.apn_dbr", "ff_14.0.1");
Deleted : user_pref("extensions.asktb.cbid", "^ABT");
Deleted : user_pref("extensions.asktb.config-updated", false);
Deleted : user_pref("extensions.asktb.crumb", "2012.08.08+08.54.13-toolbar006iad-DE-QmllbGVmZWxkLEdlcm1hbnk%3D[...]
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Deleted : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Deleted : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("extensions.asktb.first-launch", true);
Deleted : user_pref("extensions.asktb.first-restart-after-config-update", true);
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "ba2992cf-ae38-4345-bcbe-830b686d6cbc");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1344441632176");
Deleted : user_pref("extensions.asktb.locale", "de_DE");
Deleted : user_pref("extensions.asktb.location", "Bielefeld,Germany");
Deleted : user_pref("extensions.asktb.o", "APN10395");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "2");
Deleted : user_pref("extensions.asktb.sa", "YES");
Deleted : user_pref("extensions.asktb.saguid", "F04E8BF5-17C6-43CC-84F5-B7053D582047");
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.timeinstalled", "08.08.2012 17:59:19");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("extensions.asktb.v", "3.15.4.100013");
Deleted : user_pref("extensions.asktb.version", "5.15.4.23930");
Deleted : user_pref("extensions.enabledAddons", "compatibility@addons.mozilla.org:1.1,personas@christopher.bea[...]
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10606");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "ec2fe9070000000000000019214a8179");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15431");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "85%5F3");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8oBnIJAB&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6R8oBnIJAB");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92824115243516673");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1416:56:22");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]

*************************

AdwCleaner[R1].txt - [9010 octets] - [08/08/2012 11:47:32]
AdwCleaner[S1].txt - [14766 octets] - [08/08/2012 18:00:49]

########## EOF - C:\AdwCleaner[S1].txt - [14895 octets] ##########
Emisoft:

Code:
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 08.08.2012 18:08:53

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:        08.08.2012 18:09:02

Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\luxor amun rising --> displayname        gefunden: Trace.Registry.luxor amun rising!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\luxor amun rising --> uninstallstring        gefunden: Trace.Registry.luxor amun rising!E1
Key: hkey_local_machine\software\trymedia systems        gefunden: Trace.Registry.trymedia!E1
Key: hkey_local_machine\software\trymedia systems\activemark software        gefunden: Trace.Registry.trymedia!E1
C:\Users\Dennis\AppData\Roaming\AcroIEHelpe182.dll        gefunden: Trojan-Spy.Win32.Farko!E2

Gescannt        709341
Gefunden        5

Scan Ende:        09.08.2012 00:21:37
Scan Zeit:        6:12:35

C:\Users\Dennis\AppData\Roaming\AcroIEHelpe182.dll        Quarantäne Trojan-Spy.Win32.Farko!E2
Key: hkey_local_machine\software\trymedia systems        Quarantäne Trace.Registry.trymedia!E1
Key: hkey_local_machine\software\trymedia systems\activemark software        Quarantäne Trace.Registry.trymedia!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\luxor amun rising --> displayname        Quarantäne Trace.Registry.luxor amun rising!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\luxor amun rising --> uninstallstring        Quarantäne Trace.Registry.luxor amun rising!E1

Quarantäne        5
Der Scan hat mehr als 6 Stunden gedauert :crazy:

Firefox stürtzt manchmal beim Starten ab und kann dann nur im abgesicherten Modus wieder gestartet werden. Ansonsten läuft alles wie immer.

Gruß Dennis

t'john 09.08.2012 07:33
Firefox reinstallieren bitte!


Sehr gut! :daumenhoc



Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Dennis91 09.08.2012 15:53
Hier ist das Logfile:

Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f212326dfaa0e5439dea4d0b2715bc0a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-09 02:47:29
# local_time=2012-08-09 04:47:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 25740438 25740438 0 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776573 100 100 61319 182034343 0 0
# compatibility_mode=8192 67108863 100 0 276 276 0 0
# scanned=290197
# found=2
# cleaned=2
# scan_time=22034
C:\ProgramData\Codecv\uninstall.exe        Win32/Adware.MultiPlug.A application (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Dennis\AppData\Roaming\14001.010\components\AcroFF010.dll        probably a variant of Win32/Spy.Banker.YCR trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
Ich habe Firefox neu installiert und seitdem gibt es keine Abstürze mehr.

Sind jetzt alle Viren beseitigt?

Gruß Dennis

t'john 09.08.2012 17:14
Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL
:Files
C:\Users\Dennis\AppData\Roaming\14*
C:\Users\Dennis\AppData\Roaming\AcroIE*
:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Dennis91 09.08.2012 18:05
Hier ist das Logfile:

Code:
All processes killed
========== OTL ==========
========== FILES ==========
C:\Users\Dennis\AppData\Roaming\14001.007\components folder moved successfully.
C:\Users\Dennis\AppData\Roaming\14001.007 folder moved successfully.
C:\Users\Dennis\AppData\Roaming\14001.008\components folder moved successfully.
C:\Users\Dennis\AppData\Roaming\14001.008 folder moved successfully.
C:\Users\Dennis\AppData\Roaming\14001.010\components folder moved successfully.
C:\Users\Dennis\AppData\Roaming\14001.010 folder moved successfully.
C:\Users\Dennis\AppData\Roaming\AcroIEHelpe.txt moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
 
User: Dennis
->Temp folder emptied: 1963131 bytes
->Temporary Internet Files folder emptied: 4068100 bytes
->Java cache emptied: 64646 bytes
->FireFox cache emptied: 69573988 bytes
->Flash cache emptied: 2898 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59952920 bytes
RecycleBin emptied: 949 bytes
 
Total Files Cleaned = 129,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
 
User: Dennis
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.56.0 log created on 08092012_185921

Files\Folders moved on Reboot...
File\Folder C:\Users\Dennis\AppData\Local\Temp\~DFDB9B.tmp not found!
File\Folder C:\Users\Dennis\AppData\Local\Temp\~DFDBD4.tmp not found!
File\Folder C:\Users\Dennis\AppData\Local\Temp\~DFE06F.tmp not found!
File\Folder C:\Users\Dennis\AppData\Local\Temp\~DFE0FA.tmp not found!

PendingFileRenameOperations files...
File C:\Users\Dennis\AppData\Local\Temp\~DFDB9B.tmp not found!
File C:\Users\Dennis\AppData\Local\Temp\~DFDBD4.tmp not found!
File C:\Users\Dennis\AppData\Local\Temp\~DFE06F.tmp not found!
File C:\Users\Dennis\AppData\Local\Temp\~DFE0FA.tmp not found!

Registry entries deleted on Reboot...

t'john 10.08.2012 12:26
TDSSKiller von Kaspersky
- Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
- Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
- deaktiviere vorübergehend dein AntiVirus-Programm
- Starte die TDSSKiller.exe durch Doppelklick.
- Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
- Bestätige das ggfs. mit Y(es).
- Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
- Poste den Inhalt von C:\TDSSKiller.txt hier in den Thread.
Hier findest Du eine ausführlichere TDSSKiller Anleitung.

Dennis91 10.08.2012 12:41
TDSS Killer hat keine Viren gefunden.
Nach einem Neustart wurde ich auch nicht gefragt.

Hier ist das Logfile:

Code:
13:35:12.0617 3844        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:35:14.0641 3844        ============================================================
13:35:14.0641 3844        Current date / time: 2012/08/10 13:35:14.0641
13:35:14.0641 3844        SystemInfo:
13:35:14.0641 3844       
13:35:14.0641 3844        OS Version: 6.0.6002 ServicePack: 2.0
13:35:14.0641 3844        Product type: Workstation
13:35:14.0641 3844        ComputerName: DENNIS-PC
13:35:14.0641 3844        UserName: Dennis
13:35:14.0641 3844        Windows directory: C:\Windows
13:35:14.0641 3844        System windows directory: C:\Windows
13:35:14.0641 3844        Processor architecture: Intel x86
13:35:14.0641 3844        Number of processors: 4
13:35:14.0641 3844        Page size: 0x1000
13:35:14.0641 3844        Boot type: Normal boot
13:35:14.0641 3844        ============================================================
13:35:15.0710 3844        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:35:15.0726 3844        ============================================================
13:35:15.0726 3844        \Device\Harddisk0\DR0:
13:35:15.0744 3844        MBR partitions:
13:35:15.0744 3844        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x25FAD800
13:35:15.0744 3844        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x277AE000, BlocksNum 0x12BD7800
13:35:15.0744 3844        ============================================================
13:35:15.0817 3844        C: <-> \Device\Harddisk0\DR0\Partition0
13:35:15.0904 3844        D: <-> \Device\Harddisk0\DR0\Partition1
13:35:15.0904 3844        ============================================================
13:35:15.0904 3844        Initialize success
13:35:15.0904 3844        ============================================================
13:35:57.0549 5560        ============================================================
13:35:57.0549 5560        Scan started
13:35:57.0549 5560        Mode: Manual;
13:35:57.0549 5560        ============================================================
13:35:58.0510 5560        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:35:58.0522 5560        ACPI - ok
13:35:58.0606 5560        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:35:58.0608 5560        AdobeARMservice - ok
13:35:58.0680 5560        AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:35:58.0682 5560        AdobeFlashPlayerUpdateSvc - ok
13:35:58.0717 5560        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
13:35:58.0727 5560        adp94xx - ok
13:35:58.0770 5560        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
13:35:58.0783 5560        adpahci - ok
13:35:58.0790 5560        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
13:35:58.0793 5560        adpu160m - ok
13:35:58.0802 5560        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
13:35:58.0814 5560        adpu320 - ok
13:35:58.0846 5560        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:35:58.0846 5560        AeLookupSvc - ok
13:35:58.0893 5560        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:35:58.0906 5560        AFD - ok
13:35:58.0933 5560        agp440          (198636e76971ebc96404547ec0fd5e75) C:\Windows\system32\drivers\agp440.sys
13:35:58.0935 5560        agp440 - ok
13:35:58.0956 5560        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:35:58.0958 5560        aic78xx - ok
13:35:58.0989 5560        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:35:58.0991 5560        ALG - ok
13:35:59.0014 5560        aliide          (0b3b337a68d9a75cc8d787dc98b53d79) C:\Windows\system32\drivers\aliide.sys
13:35:59.0015 5560        aliide - ok
13:35:59.0055 5560        AMD External Events Utility (b90a4332cf4c6580c845266a656de4ab) C:\Windows\system32\atiesrxx.exe
13:35:59.0064 5560        AMD External Events Utility - ok
13:35:59.0070 5560        amdagp          (2363abc8989a14fd7247ca6f4e89d397) C:\Windows\system32\drivers\amdagp.sys
13:35:59.0071 5560        amdagp - ok
13:35:59.0075 5560        amdide          (468a204966d09f327a662c35f4b15dd3) C:\Windows\system32\drivers\amdide.sys
13:35:59.0076 5560        amdide - ok
13:35:59.0082 5560        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
13:35:59.0084 5560        AmdK7 - ok
13:35:59.0088 5560        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
13:35:59.0090 5560        AmdK8 - ok
13:35:59.0454 5560        amdkmdag        (7844984a5e1e6f18d93af9e9bcc65436) C:\Windows\system32\DRIVERS\atikmdag.sys
13:35:59.0659 5560        amdkmdag - ok
13:35:59.0798 5560        amdkmdap        (202def509d76105b08741d36c3a7e4d7) C:\Windows\system32\DRIVERS\atikmpag.sys
13:35:59.0809 5560        amdkmdap - ok
13:35:59.0882 5560        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:35:59.0888 5560        AntiVirSchedulerService - ok
13:35:59.0921 5560        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:35:59.0927 5560        AntiVirService - ok
13:35:59.0976 5560        AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
13:35:59.0987 5560        AntiVirWebService - ok
13:36:00.0045 5560        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:36:00.0046 5560        Appinfo - ok
13:36:00.0167 5560        Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:36:00.0170 5560        Apple Mobile Device - ok
13:36:00.0221 5560        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
13:36:00.0223 5560        arc - ok
13:36:00.0239 5560        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
13:36:00.0241 5560        arcsas - ok
13:36:00.0323 5560        aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:36:00.0324 5560        aspnet_state - ok
13:36:00.0358 5560        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:36:00.0359 5560        AsyncMac - ok
13:36:00.0385 5560        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:36:00.0385 5560        atapi - ok
13:36:00.0438 5560        AtiHDAudioService (35290682dbdb9cede934b73369f3cede) C:\Windows\system32\drivers\AtihdLH3.sys
13:36:00.0446 5560        AtiHDAudioService - ok
13:36:00.0502 5560        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:36:00.0516 5560        AudioEndpointBuilder - ok
13:36:00.0521 5560        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:36:00.0524 5560        Audiosrv - ok
13:36:00.0551 5560        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
13:36:00.0559 5560        avgntflt - ok
13:36:00.0575 5560        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
13:36:00.0582 5560        avipbb - ok
13:36:00.0593 5560        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
13:36:00.0595 5560        avkmgr - ok
13:36:00.0627 5560        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:36:00.0628 5560        Beep - ok
13:36:00.0675 5560        BFE            (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
13:36:00.0688 5560        BFE - ok
13:36:00.0759 5560        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
13:36:00.0792 5560        BITS - ok
13:36:00.0885 5560        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:36:00.0896 5560        Bonjour Service - ok
13:36:00.0957 5560        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:36:00.0959 5560        bowser - ok
13:36:00.0997 5560        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:36:00.0998 5560        BrFiltLo - ok
13:36:01.0002 5560        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:36:01.0003 5560        BrFiltUp - ok
13:36:01.0047 5560        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:36:01.0049 5560        Browser - ok
13:36:01.0073 5560        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:36:01.0085 5560        Brserid - ok
13:36:01.0090 5560        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:36:01.0092 5560        BrSerWdm - ok
13:36:01.0096 5560        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:36:01.0097 5560        BrUsbMdm - ok
13:36:01.0103 5560        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:36:01.0104 5560        BrUsbSer - ok
13:36:01.0109 5560        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:36:01.0111 5560        BTHMODEM - ok
13:36:01.0154 5560        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:36:01.0156 5560        cdfs - ok
13:36:01.0194 5560        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:36:01.0196 5560        cdrom - ok
13:36:01.0258 5560        CertPropSvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:36:01.0259 5560        CertPropSvc - ok
13:36:01.0265 5560        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
13:36:01.0267 5560        circlass - ok
13:36:01.0295 5560        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:36:01.0309 5560        CLFS - ok
13:36:01.0367 5560        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:36:01.0369 5560        clr_optimization_v2.0.50727_32 - ok
13:36:01.0433 5560        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:36:01.0441 5560        clr_optimization_v4.0.30319_32 - ok
13:36:01.0456 5560        cmdide          (2ac0c92b29ec21838f4cb46adb26bcc0) C:\Windows\system32\drivers\cmdide.sys
13:36:01.0457 5560        cmdide - ok
13:36:01.0471 5560        Compbatt        (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
13:36:01.0472 5560        Compbatt - ok
13:36:01.0475 5560        COMSysApp - ok
13:36:01.0498 5560        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
13:36:01.0499 5560        crcdisk - ok
13:36:01.0505 5560        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
13:36:01.0506 5560        Crusoe - ok
13:36:01.0540 5560        CryptSvc        (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
13:36:01.0547 5560        CryptSvc - ok
13:36:01.0596 5560        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:36:01.0615 5560        DcomLaunch - ok
13:36:01.0650 5560        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:36:01.0652 5560        DfsC - ok
13:36:01.0767 5560        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
13:36:01.0826 5560        DFSR - ok
13:36:01.0944 5560        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
13:36:01.0958 5560        Dhcp - ok
13:36:02.0010 5560        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:36:02.0012 5560        disk - ok
13:36:02.0045 5560        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
13:36:02.0051 5560        Dnscache - ok
13:36:02.0072 5560        dot3svc        (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
13:36:02.0078 5560        dot3svc - ok
13:36:02.0121 5560        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:36:02.0127 5560        DPS - ok
13:36:02.0170 5560        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:36:02.0171 5560        drmkaud - ok
13:36:02.0256 5560        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:36:02.0280 5560        DXGKrnl - ok
13:36:02.0426 5560        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:36:02.0484 5560        E1G60 - ok
13:36:02.0547 5560        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:36:02.0549 5560        EapHost - ok
13:36:02.0602 5560        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:36:02.0610 5560        Ecache - ok
13:36:02.0678 5560        ehRecvr        (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
13:36:02.0691 5560        ehRecvr - ok
13:36:02.0718 5560        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
13:36:02.0724 5560        ehSched - ok
13:36:02.0735 5560        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
13:36:02.0736 5560        ehstart - ok
13:36:02.0766 5560        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
13:36:02.0778 5560        elxstor - ok
13:36:02.0820 5560        EMDMgmt        (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
13:36:02.0837 5560        EMDMgmt - ok
13:36:02.0889 5560        EventSystem    (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
13:36:02.0902 5560        EventSystem - ok
13:36:02.0929 5560        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:36:02.0936 5560        exfat - ok
13:36:02.0962 5560        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:36:02.0968 5560        fastfat - ok
13:36:02.0973 5560        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
13:36:02.0975 5560        fdc - ok
13:36:03.0000 5560        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:36:03.0002 5560        fdPHost - ok
13:36:03.0030 5560        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:36:03.0031 5560        FDResPub - ok
13:36:03.0074 5560        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:36:03.0076 5560        FileInfo - ok
13:36:03.0093 5560        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:36:03.0112 5560        Filetrace - ok
13:36:03.0117 5560        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
13:36:03.0118 5560        flpydisk - ok
13:36:03.0145 5560        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:36:03.0150 5560        FltMgr - ok
13:36:03.0215 5560        FontCache      (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
13:36:03.0255 5560        FontCache - ok
13:36:03.0342 5560        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:36:03.0343 5560        FontCache3.0.0.0 - ok
13:36:03.0410 5560        FreemakeVideoCapture - ok
13:36:03.0458 5560        FsUsbExDisk    (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
13:36:03.0460 5560        FsUsbExDisk - ok
13:36:03.0487 5560        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
13:36:03.0488 5560        Fs_Rec - ok
13:36:03.0516 5560        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
13:36:03.0518 5560        gagp30kx - ok
13:36:03.0555 5560        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:36:03.0556 5560        GEARAspiWDM - ok
13:36:03.0610 5560        gpsvc          (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
13:36:03.0625 5560        gpsvc - ok
13:36:03.0690 5560        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:36:03.0696 5560        gupdate - ok
13:36:03.0701 5560        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:36:03.0702 5560        gupdatem - ok
13:36:03.0763 5560        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
13:36:03.0782 5560        HdAudAddService - ok
13:36:03.0834 5560        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:36:03.0853 5560        HDAudBus - ok
13:36:03.0916 5560        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:36:03.0917 5560        HidBth - ok
13:36:03.0921 5560        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:36:03.0922 5560        HidIr - ok
13:36:03.0956 5560        hidserv        (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
13:36:03.0958 5560        hidserv - ok
13:36:03.0988 5560        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:36:03.0989 5560        HidUsb - ok
13:36:04.0019 5560        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:36:04.0022 5560        hkmsvc - ok
13:36:04.0028 5560        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
13:36:04.0029 5560        HpCISSs - ok
13:36:04.0404 5560        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:36:04.0416 5560        HTTP - ok
13:36:04.0451 5560        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
13:36:04.0453 5560        i2omp - ok
13:36:04.0500 5560        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:36:04.0502 5560        i8042prt - ok
13:36:04.0523 5560        iaStor          (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
13:36:04.0535 5560        iaStor - ok
13:36:04.0562 5560        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
13:36:04.0576 5560        iaStorV - ok
13:36:04.0704 5560        idsvc          (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:36:04.0729 5560        idsvc - ok
13:36:04.0737 5560        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:36:04.0739 5560        iirsp - ok
13:36:04.0774 5560        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
13:36:04.0827 5560        IKEEXT - ok
13:36:05.0046 5560        IntcAzAudAddService (34b8b4a442046e3d5fdd0b17926cf3f1) C:\Windows\system32\drivers\RTKVHDA.sys
13:36:05.0104 5560        IntcAzAudAddService - ok
13:36:05.0246 5560        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:36:05.0246 5560        intelide - ok
13:36:05.0286 5560        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:36:05.0287 5560        intelppm - ok
13:36:05.0302 5560        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:36:05.0305 5560        IPBusEnum - ok
13:36:05.0340 5560        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:36:05.0341 5560        IpFilterDriver - ok
13:36:05.0381 5560        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
13:36:05.0395 5560        iphlpsvc - ok
13:36:05.0421 5560        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
13:36:05.0423 5560        IPMIDRV - ok
13:36:05.0443 5560        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:36:05.0450 5560        IPNAT - ok
13:36:05.0530 5560        iPod Service    (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
13:36:05.0550 5560        iPod Service - ok
13:36:05.0589 5560        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:36:05.0590 5560        IRENUM - ok
13:36:05.0598 5560        isapnp          (ce2997a0c3b0049a3188c4f0c7a04bc9) C:\Windows\system32\drivers\isapnp.sys
13:36:05.0600 5560        isapnp - ok
13:36:05.0643 5560        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:36:05.0648 5560        iScsiPrt - ok
13:36:05.0655 5560        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:36:05.0657 5560        iteatapi - ok
13:36:05.0678 5560        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:36:05.0679 5560        iteraid - ok
13:36:05.0685 5560        JRAID          (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys
13:36:05.0686 5560        JRAID - ok
13:36:05.0724 5560        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:36:05.0725 5560        kbdclass - ok
13:36:05.0755 5560        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:36:05.0756 5560        kbdhid - ok
13:36:05.0786 5560        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:36:05.0788 5560        KeyIso - ok
13:36:05.0818 5560        KSecDD          (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
13:36:05.0846 5560        KSecDD - ok
13:36:05.0912 5560        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:36:05.0924 5560        KtmRm - ok
13:36:05.0970 5560        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
13:36:05.0985 5560        LanmanServer - ok
13:36:06.0030 5560        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
13:36:06.0044 5560        LanmanWorkstation - ok
13:36:06.0084 5560        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:36:06.0085 5560        lltdio - ok
13:36:06.0104 5560        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:36:06.0118 5560        lltdsvc - ok
13:36:06.0145 5560        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:36:06.0148 5560        lmhosts - ok
13:36:06.0176 5560        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
13:36:06.0178 5560        LSI_FC - ok
13:36:06.0187 5560        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
13:36:06.0189 5560        LSI_SAS - ok
13:36:06.0199 5560        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
13:36:06.0201 5560        LSI_SCSI - ok
13:36:06.0236 5560        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:36:06.0243 5560        luafv - ok
13:36:06.0271 5560        MBAMProtector  (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
13:36:06.0273 5560        MBAMProtector - ok
13:36:06.0340 5560        MBAMService    (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:36:06.0372 5560        MBAMService - ok
13:36:06.0410 5560        Mcx2Svc        (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
13:36:06.0413 5560        Mcx2Svc - ok
13:36:06.0432 5560        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
13:36:06.0434 5560        megasas - ok
13:36:06.0465 5560        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:36:06.0467 5560        MMCSS - ok
13:36:06.0482 5560        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:36:06.0484 5560        Modem - ok
13:36:06.0520 5560        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:36:06.0521 5560        monitor - ok
13:36:06.0550 5560        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:36:06.0551 5560        mouclass - ok
13:36:06.0587 5560        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:36:06.0588 5560        mouhid - ok
13:36:06.0599 5560        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:36:06.0601 5560        MountMgr - ok
13:36:06.0673 5560        MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:36:06.0680 5560        MozillaMaintenance - ok
13:36:06.0724 5560        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
13:36:06.0726 5560        mpio - ok
13:36:06.0744 5560        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:36:06.0745 5560        mpsdrv - ok
13:36:06.0810 5560        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
13:36:06.0827 5560        MpsSvc - ok
13:36:06.0834 5560        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:36:06.0835 5560        Mraid35x - ok
13:36:06.0863 5560        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:36:06.0869 5560        MRxDAV - ok
13:36:06.0926 5560        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:36:06.0928 5560        mrxsmb - ok
13:36:06.0949 5560        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:36:06.0963 5560        mrxsmb10 - ok
13:36:06.0983 5560        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:36:06.0985 5560        mrxsmb20 - ok
13:36:07.0004 5560        msahci          (13fa01d10c95762e3e191bb023dfa8cc) C:\Windows\system32\drivers\msahci.sys
13:36:07.0006 5560        msahci - ok
13:36:07.0028 5560        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
13:36:07.0031 5560        msdsm - ok
13:36:07.0072 5560        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:36:07.0078 5560        MSDTC - ok
13:36:07.0115 5560        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:36:07.0116 5560        Msfs - ok
13:36:07.0164 5560        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:36:07.0166 5560        msisadrv - ok
13:36:07.0212 5560        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:36:07.0219 5560        MSiSCSI - ok
13:36:07.0222 5560        msiserver - ok
13:36:07.0239 5560        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:36:07.0240 5560        MSKSSRV - ok
13:36:07.0284 5560        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:36:07.0285 5560        MSPCLOCK - ok
13:36:07.0296 5560        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:36:07.0297 5560        MSPQM - ok
13:36:07.0335 5560        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:36:07.0342 5560        MsRPC - ok
13:36:07.0365 5560        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:36:07.0366 5560        mssmbios - ok
13:36:07.0386 5560        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:36:07.0388 5560        MSTEE - ok
13:36:07.0414 5560        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:36:07.0416 5560        Mup - ok
13:36:07.0473 5560        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
13:36:07.0486 5560        napagent - ok
13:36:07.0771 5560        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:36:07.0779 5560        NativeWifiP - ok
13:36:07.0811 5560        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:36:07.0829 5560        NDIS - ok
13:36:07.0875 5560        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:36:07.0877 5560        NdisTapi - ok
13:36:07.0892 5560        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:36:07.0893 5560        Ndisuio - ok
13:36:07.0909 5560        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:36:07.0916 5560        NdisWan - ok
13:36:07.0922 5560        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:36:07.0924 5560        NDProxy - ok
13:36:08.0069 5560        Nero BackItUp Scheduler 3 (a0101e836d2a39682e134c47b1565256) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
13:36:08.0126 5560        Nero BackItUp Scheduler 3 - ok
13:36:08.0162 5560        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:36:08.0164 5560        NetBIOS - ok
13:36:08.0185 5560        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:36:08.0192 5560        netbt - ok
13:36:08.0218 5560        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:36:08.0220 5560        Netlogon - ok
13:36:08.0241 5560        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:36:08.0255 5560        Netman - ok
13:36:08.0332 5560        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:36:08.0339 5560        NetMsmqActivator - ok
13:36:08.0343 5560        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:36:08.0345 5560        NetPipeActivator - ok
13:36:08.0363 5560        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:36:08.0377 5560        netprofm - ok
13:36:08.0381 5560        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:36:08.0383 5560        NetTcpActivator - ok
13:36:08.0387 5560        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:36:08.0388 5560        NetTcpPortSharing - ok
13:36:08.0426 5560        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:36:08.0428 5560        nfrd960 - ok
13:36:08.0457 5560        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:36:08.0472 5560        NlaSvc - ok
13:36:08.0633 5560        NMIndexingService (9cf3e134eb0490d60fe68631a7d666a0) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
13:36:08.0645 5560        NMIndexingService - ok
13:36:08.0695 5560        npf            (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
13:36:08.0696 5560        npf - ok
13:36:08.0728 5560        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:36:08.0730 5560        Npfs - ok
13:36:08.0759 5560        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:36:08.0762 5560        nsi - ok
13:36:08.0774 5560        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:36:08.0775 5560        nsiproxy - ok
13:36:08.0829 5560        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:36:08.0864 5560        Ntfs - ok
13:36:08.0895 5560        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:36:08.0897 5560        ntrigdigi - ok
13:36:08.0930 5560        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:36:08.0931 5560        Null - ok
13:36:09.0367 5560        nvlddmkm        (afb33a823aabc112fc7bd62afbcdb0cd) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:36:09.0599 5560        nvlddmkm - ok
13:36:09.0718 5560        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
13:36:09.0723 5560        nvraid - ok
13:36:09.0747 5560        nvrd32          (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys
13:36:09.0753 5560        nvrd32 - ok
13:36:09.0759 5560        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
13:36:09.0760 5560        nvstor - ok
13:36:09.0769 5560        nvstor32        (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys
13:36:09.0772 5560        nvstor32 - ok
13:36:09.0823 5560        nvsvc          (782945716ad010ac3d41758e8e52c735) C:\Windows\system32\nvvsvc.exe
13:36:09.0850 5560        nvsvc - ok
13:36:09.0966 5560        nvUpdatusService (a974e5c310b9b00894070ceb055d467f) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:36:10.0016 5560        nvUpdatusService - ok
13:36:10.0122 5560        nv_agp          (925eb9e53eca4473a2d156a02b7418e3) C:\Windows\system32\drivers\nv_agp.sys
13:36:10.0136 5560        nv_agp - ok
13:36:10.0234 5560        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:36:10.0251 5560        odserv - ok
13:36:10.0287 5560        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:36:10.0289 5560        ohci1394 - ok
13:36:10.0318 5560        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:36:10.0326 5560        ose - ok
13:36:10.0384 5560        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:36:10.0410 5560        p2pimsvc - ok
13:36:10.0420 5560        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:36:10.0429 5560        p2psvc - ok
13:36:10.0474 5560        Parport        (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
13:36:10.0476 5560        Parport - ok
13:36:10.0501 5560        partmgr        (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
13:36:10.0503 5560        partmgr - ok
13:36:10.0523 5560        Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
13:36:10.0524 5560        Parvdm - ok
13:36:10.0591 5560        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:36:10.0599 5560        PcaSvc - ok
13:36:10.0640 5560        pccsmcfd        (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
13:36:10.0641 5560        pccsmcfd - ok
13:36:10.0679 5560        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:36:10.0685 5560        pci - ok
13:36:10.0717 5560        pciide          (353968946bcb766f6c5c01717686b382) C:\Windows\system32\drivers\pciide.sys
13:36:10.0718 5560        pciide - ok
13:36:10.0737 5560        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:36:10.0748 5560        pcmcia - ok
13:36:10.0805 5560        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:36:10.0823 5560        PEAUTH - ok
13:36:10.0903 5560        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:36:10.0957 5560        pla - ok
13:36:11.0076 5560        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
13:36:11.0090 5560        PlugPlay - ok
13:36:11.0151 5560        PNRPAutoReg    (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:36:11.0157 5560        PNRPAutoReg - ok
13:36:11.0165 5560        PNRPsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:36:11.0171 5560        PNRPsvc - ok
13:36:11.0228 5560        PolicyAgent    (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
13:36:11.0242 5560        PolicyAgent - ok
13:36:11.0320 5560        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:36:11.0322 5560        PptpMiniport - ok
13:36:11.0355 5560        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
13:36:11.0357 5560        Processor - ok
13:36:11.0393 5560        ProfSvc        (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
13:36:11.0407 5560        ProfSvc - ok
13:36:11.0434 5560        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:36:11.0436 5560        ProtectedStorage - ok
13:36:11.0477 5560        ProtexisLicensing (64e413ba0c529aa40c3924bbcc4153db) c:\Windows\system32\PSIService.exe
13:36:11.0491 5560        ProtexisLicensing - ok
13:36:11.0513 5560        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:36:11.0515 5560        PSched - ok
13:36:11.0578 5560        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
13:36:11.0624 5560        ql2300 - ok
13:36:11.0654 5560        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:36:11.0657 5560        ql40xx - ok
13:36:11.0691 5560        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:36:11.0705 5560        QWAVE - ok
13:36:11.0719 5560        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:36:11.0721 5560        QWAVEdrv - ok
13:36:11.0729 5560        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:36:11.0731 5560        RasAcd - ok
13:36:11.0748 5560        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:36:11.0756 5560        RasAuto - ok
13:36:11.0819 5560        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:36:11.0821 5560        Rasl2tp - ok
13:36:11.0853 5560        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
13:36:11.0867 5560        RasMan - ok
13:36:11.0888 5560        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:36:11.0889 5560        RasPppoe - ok
13:36:11.0902 5560        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:36:11.0904 5560        RasSstp - ok
13:36:11.0944 5560        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:36:11.0959 5560        rdbss - ok
13:36:11.0970 5560        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:36:11.0971 5560        RDPCDD - ok
13:36:12.0003 5560        rdpdr          (87ee019fe9fbff071d76ccf9ec794646) C:\Windows\system32\drivers\rdpdr.sys
13:36:12.0016 5560        rdpdr - ok
13:36:12.0041 5560        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:36:12.0042 5560        RDPENCDD - ok
13:36:12.0082 5560        RDPWD          (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
13:36:12.0097 5560        RDPWD - ok
13:36:12.0128 5560        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:36:12.0131 5560        RemoteAccess - ok
13:36:12.0150 5560        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
13:36:12.0157 5560        RemoteRegistry - ok
13:36:12.0182 5560        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:36:12.0184 5560        RpcLocator - ok
13:36:12.0232 5560        RpcSs          (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:36:12.0239 5560        RpcSs - ok
13:36:12.0284 5560        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:36:12.0286 5560        rspndr - ok
13:36:12.0336 5560        RTL8169        (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
13:36:12.0351 5560        RTL8169 - ok
13:36:12.0383 5560        SamSs          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:36:12.0385 5560        SamSs - ok
13:36:12.0416 5560        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:36:12.0418 5560        sbp2port - ok
13:36:12.0521 5560        SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
13:36:12.0573 5560        SBSDWSCService - ok
13:36:12.0684 5560        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
13:36:12.0690 5560        SCardSvr - ok
13:36:12.0736 5560        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
13:36:12.0754 5560        Schedule - ok
13:36:12.0841 5560        SCPolicySvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:36:12.0842 5560        SCPolicySvc - ok
13:36:12.0928 5560        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:36:12.0936 5560        SDRSVC - ok
13:36:12.0980 5560        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:36:12.0982 5560        secdrv - ok
13:36:13.0006 5560        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:36:13.0010 5560        seclogon - ok
13:36:13.0022 5560        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
13:36:13.0026 5560        SENS - ok
13:36:13.0056 5560        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
13:36:13.0057 5560        Serenum - ok
13:36:13.0088 5560        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
13:36:13.0096 5560        Serial - ok
13:36:13.0136 5560        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:36:13.0138 5560        sermouse - ok
13:36:13.0230 5560        ServiceLayer    (9d38320bb32230349379df5ddbbf7fce) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
13:36:13.0242 5560        ServiceLayer - ok
13:36:13.0280 5560        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:36:13.0288 5560        SessionEnv - ok
13:36:13.0307 5560        sffdisk        (55b145d4248012d306da8e92fa9fdc20) C:\Windows\system32\drivers\sffdisk.sys
13:36:13.0307 5560        sffdisk - ok
13:36:13.0311 5560        sffp_mmc        (b86dfcd55294a0495571a27b861e6ef3) C:\Windows\system32\drivers\sffp_mmc.sys
13:36:13.0313 5560        sffp_mmc - ok
13:36:13.0318 5560        sffp_sd        (5b327b59fae2b01c34690d91ed03786e) C:\Windows\system32\drivers\sffp_sd.sys
13:36:13.0319 5560        sffp_sd - ok
13:36:13.0325 5560        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:36:13.0326 5560        sfloppy - ok
13:36:13.0361 5560        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:36:13.0374 5560        SharedAccess - ok
13:36:13.0411 5560        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
13:36:13.0425 5560        ShellHWDetection - ok
13:36:13.0432 5560        sisagp          (e5773c4cff310d00a59db01ef4074135) C:\Windows\system32\drivers\sisagp.sys
13:36:13.0442 5560        sisagp - ok
13:36:13.0447 5560        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
13:36:13.0449 5560        SiSRaid2 - ok
13:36:13.0458 5560        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
13:36:13.0461 5560        SiSRaid4 - ok
13:36:13.0650 5560        slsvc          (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
13:36:13.0755 5560        slsvc - ok
13:36:13.0846 5560        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
13:36:13.0849 5560        SLUINotify - ok
13:36:13.0904 5560        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:36:13.0906 5560        Smb - ok
13:36:13.0947 5560        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:36:13.0951 5560        SNMPTRAP - ok
13:36:13.0989 5560        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:36:13.0991 5560        spldr - ok
13:36:14.0024 5560        Spooler        (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
13:36:14.0039 5560        Spooler - ok
13:36:14.0089 5560        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:36:14.0103 5560        srv - ok
13:36:14.0134 5560        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:36:14.0139 5560        srv2 - ok
13:36:14.0164 5560        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:36:14.0171 5560        srvnet - ok
13:36:14.0211 5560        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:36:14.0224 5560        SSDPSRV - ok
13:36:14.0249 5560        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:36:14.0251 5560        ssmdrv - ok
13:36:14.0271 5560        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:36:14.0277 5560        SstpSvc - ok
13:36:14.0336 5560        Steam Client Service - ok
13:36:14.0428 5560        Stereo Service  (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:36:14.0439 5560        Stereo Service - ok
13:36:14.0503 5560        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
13:36:14.0525 5560        stisvc - ok
13:36:14.0566 5560        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:36:14.0567 5560        swenum - ok
13:36:14.0634 5560        swprv          (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
13:36:14.0646 5560        swprv - ok
13:36:14.0679 5560        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:36:14.0680 5560        Symc8xx - ok
13:36:14.0686 5560        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:36:14.0688 5560        Sym_hi - ok
13:36:14.0694 5560        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:36:14.0696 5560        Sym_u3 - ok
13:36:14.0737 5560        SysMain        (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
13:36:14.0772 5560        SysMain - ok
13:36:14.0807 5560        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:36:14.0811 5560        TabletInputService - ok
13:36:14.0849 5560        TapiSrv        (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
13:36:14.0863 5560        TapiSrv - ok
13:36:14.0900 5560        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:36:14.0904 5560        TBS - ok
13:36:14.0969 5560        Tcpip          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
13:36:15.0016 5560        Tcpip - ok
13:36:15.0029 5560        Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
13:36:15.0037 5560        Tcpip6 - ok
13:36:15.0084 5560        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:36:15.0085 5560        tcpipreg - ok
13:36:15.0096 5560        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:36:15.0097 5560        TDPIPE - ok
13:36:15.0112 5560        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:36:15.0113 5560        TDTCP - ok
13:36:15.0131 5560        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:36:15.0133 5560        tdx - ok
13:36:15.0168 5560        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:36:15.0170 5560        TermDD - ok
13:36:15.0201 5560        TermService    (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
13:36:15.0245 5560        TermService - ok
13:36:15.0300 5560        TestHandler    (8c80a73a5d77b2208ca91e4fa269981d) C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
13:36:15.0313 5560        TestHandler - ok
13:36:15.0369 5560        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
13:36:15.0373 5560        Themes - ok
13:36:15.0410 5560        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:36:15.0412 5560        THREADORDER - ok
13:36:15.0454 5560        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:36:15.0459 5560        TrkWks - ok
13:36:15.0505 5560        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
13:36:15.0506 5560        TrustedInstaller - ok
13:36:15.0519 5560        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:36:15.0521 5560        tssecsrv - ok
13:36:15.0566 5560        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:36:15.0567 5560        tunmp - ok
13:36:15.0581 5560        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:36:15.0582 5560        tunnel - ok
13:36:15.0608 5560        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
13:36:15.0610 5560        uagp35 - ok
13:36:15.0641 5560        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:36:15.0656 5560        udfs - ok
13:36:15.0697 5560        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:36:15.0702 5560        UI0Detect - ok
13:36:15.0725 5560        uliagpkx        (5895ef4d0f1424392ee6439250e25677) C:\Windows\system32\drivers\uliagpkx.sys
13:36:15.0727 5560        uliagpkx - ok
13:36:15.0755 5560        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
13:36:15.0759 5560        uliahci - ok
13:36:15.0769 5560        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:36:15.0772 5560        UlSata - ok
13:36:15.0796 5560        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:36:15.0810 5560        ulsata2 - ok
13:36:15.0842 5560        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:36:15.0842 5560        umbus - ok
13:36:15.0885 5560        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:36:15.0899 5560        upnphost - ok
13:36:15.0947 5560        USBAAPL        (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
13:36:15.0948 5560        USBAAPL - ok
13:36:15.0978 5560        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:36:15.0980 5560        usbccgp - ok
13:36:16.0008 5560        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:36:16.0010 5560        usbcir - ok
13:36:16.0049 5560        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:36:16.0050 5560        usbehci - ok
13:36:16.0079 5560        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:36:16.0092 5560        usbhub - ok
13:36:16.0113 5560        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:36:16.0114 5560        usbohci - ok
13:36:16.0147 5560        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:36:16.0148 5560        usbprint - ok
13:36:16.0192 5560        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:36:16.0194 5560        usbscan - ok
13:36:16.0218 5560        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:36:16.0220 5560        USBSTOR - ok
13:36:16.0256 5560        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:36:16.0257 5560        usbuhci - ok
13:36:16.0321 5560        UxSms          (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
13:36:16.0325 5560        UxSms - ok
13:36:16.0348 5560        vds            (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
13:36:16.0370 5560        vds - ok
13:36:16.0402 5560        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
13:36:16.0403 5560        vga - ok
13:36:16.0435 5560        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:36:16.0437 5560        VgaSave - ok
13:36:16.0461 5560        viaagp          (66e64d5cbeb047c90e65f0962483a5b2) C:\Windows\system32\drivers\viaagp.sys
13:36:16.0463 5560        viaagp - ok
13:36:16.0468 5560        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
13:36:16.0470 5560        ViaC7 - ok
13:36:16.0487 5560        viaide          (7100b56688c5d6d7695d18fd001f0cd6) C:\Windows\system32\drivers\viaide.sys
13:36:16.0488 5560        viaide - ok
13:36:16.0500 5560        viamraid        (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys
13:36:16.0507 5560        viamraid - ok
13:36:16.0546 5560        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:36:16.0548 5560        volmgr - ok
13:36:16.0571 5560        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:36:16.0584 5560        volmgrx - ok
13:36:16.0651 5560        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:36:16.0665 5560        volsnap - ok
13:36:16.0697 5560        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
13:36:16.0710 5560        vsmraid - ok
13:36:16.0779 5560        VSS            (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
13:36:16.0828 5560        VSS - ok
13:36:16.0853 5560        W32Time        (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
13:36:16.0867 5560        W32Time - ok
13:36:16.0919 5560        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:36:16.0920 5560        WacomPen - ok
13:36:16.0952 5560        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:36:16.0954 5560        Wanarp - ok
13:36:16.0957 5560        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:36:16.0958 5560        Wanarpv6 - ok
13:36:16.0990 5560        wcncsvc        (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
13:36:17.0011 5560        wcncsvc - ok
13:36:17.0048 5560        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:36:17.0052 5560        WcsPlugInService - ok
13:36:17.0059 5560        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
13:36:17.0060 5560        Wd - ok
13:36:17.0106 5560        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:36:17.0140 5560        Wdf01000 - ok
13:36:17.0195 5560        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:36:17.0200 5560        WdiServiceHost - ok
13:36:17.0203 5560        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:36:17.0207 5560        WdiSystemHost - ok
13:36:17.0255 5560        WebClient      (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
13:36:17.0269 5560        WebClient - ok
13:36:17.0311 5560        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
13:36:17.0360 5560        Wecsvc - ok
13:36:17.0399 5560        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:36:17.0404 5560        wercplsupport - ok
13:36:17.0439 5560        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
13:36:17.0446 5560        WerSvc - ok
13:36:17.0536 5560        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
13:36:17.0548 5560        WinDefend - ok
13:36:17.0556 5560        WinHttpAutoProxySvc - ok
13:36:17.0623 5560        Winmgmt        (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
13:36:17.0629 5560        Winmgmt - ok
13:36:17.0709 5560        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
13:36:17.0751 5560        WinRM - ok
13:36:17.0817 5560        Wlansvc        (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
13:36:17.0842 5560        Wlansvc - ok
13:36:17.0894 5560        WmiAcpi        (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
13:36:17.0895 5560        WmiAcpi - ok
13:36:17.0962 5560        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
13:36:17.0969 5560        wmiApSrv - ok
13:36:18.0058 5560        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:36:18.0077 5560        WMPNetworkSvc - ok
13:36:18.0120 5560        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
13:36:18.0134 5560        WPCSvc - ok
13:36:18.0186 5560        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
13:36:18.0191 5560        WPDBusEnum - ok
13:36:18.0219 5560        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:36:18.0221 5560        WpdUsb - ok
13:36:18.0333 5560        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:36:18.0354 5560        WPFFontCache_v0400 - ok
13:36:18.0386 5560        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:36:18.0387 5560        ws2ifsl - ok
13:36:18.0425 5560        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
13:36:18.0429 5560        wscsvc - ok
13:36:18.0434 5560        WSearch - ok
13:36:18.0543 5560        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
13:36:18.0601 5560        wuauserv - ok
13:36:18.0751 5560        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:36:18.0758 5560        WUDFRd - ok
13:36:18.0777 5560        wudfsvc        (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:36:18.0782 5560        wudfsvc - ok
13:36:18.0811 5560        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:36:18.0961 5560        \Device\Harddisk0\DR0 - ok
13:36:18.0966 5560        Boot (0x1200)  (60c152c1c32a94153609b36bd034d87f) \Device\Harddisk0\DR0\Partition0
13:36:18.0967 5560        \Device\Harddisk0\DR0\Partition0 - ok
13:36:18.0986 5560        Boot (0x1200)  (48447c04deebc9084b003a64e2603414) \Device\Harddisk0\DR0\Partition1
13:36:18.0987 5560        \Device\Harddisk0\DR0\Partition1 - ok
13:36:18.0988 5560        ============================================================
13:36:18.0988 5560        Scan finished
13:36:18.0988 5560        ============================================================
13:36:19.0000 4868        Detected object count: 0
13:36:19.0000 4868        Actual detected object count: 0
13:37:19.0987 2596        ============================================================
13:37:19.0987 2596        Scan started
13:37:19.0987 2596        Mode: Manual;
13:37:19.0987 2596        ============================================================
13:37:20.0317 2596        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:37:20.0318 2596        ACPI - ok
13:37:20.0406 2596        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:37:20.0407 2596        AdobeARMservice - ok
13:37:20.0463 2596        AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:37:20.0464 2596        AdobeFlashPlayerUpdateSvc - ok
13:37:20.0499 2596        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
13:37:20.0502 2596        adp94xx - ok
13:37:20.0521 2596        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
13:37:20.0523 2596        adpahci - ok
13:37:20.0533 2596        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
13:37:20.0533 2596        adpu160m - ok
13:37:20.0555 2596        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
13:37:20.0556 2596        adpu320 - ok
13:37:20.0579 2596        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:37:20.0579 2596        AeLookupSvc - ok
13:37:20.0617 2596        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:37:20.0619 2596        AFD - ok
13:37:20.0639 2596        agp440          (198636e76971ebc96404547ec0fd5e75) C:\Windows\system32\drivers\agp440.sys
13:37:20.0639 2596        agp440 - ok
13:37:20.0647 2596        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:37:20.0648 2596        aic78xx - ok
13:37:20.0680 2596        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:37:20.0681 2596        ALG - ok
13:37:20.0685 2596        aliide          (0b3b337a68d9a75cc8d787dc98b53d79) C:\Windows\system32\drivers\aliide.sys
13:37:20.0685 2596        aliide - ok
13:37:20.0730 2596        AMD External Events Utility (b90a4332cf4c6580c845266a656de4ab) C:\Windows\system32\atiesrxx.exe
13:37:20.0731 2596        AMD External Events Utility - ok
13:37:20.0740 2596        amdagp          (2363abc8989a14fd7247ca6f4e89d397) C:\Windows\system32\drivers\amdagp.sys
13:37:20.0741 2596        amdagp - ok
13:37:20.0744 2596        amdide          (468a204966d09f327a662c35f4b15dd3) C:\Windows\system32\drivers\amdide.sys
13:37:20.0745 2596        amdide - ok
13:37:20.0749 2596        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
13:37:20.0750 2596        AmdK7 - ok
13:37:20.0768 2596        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
13:37:20.0769 2596        AmdK8 - ok
13:37:21.0111 2596        amdkmdag        (7844984a5e1e6f18d93af9e9bcc65436) C:\Windows\system32\DRIVERS\atikmdag.sys
13:37:21.0179 2596        amdkmdag - ok
13:37:21.0380 2596        amdkmdap        (202def509d76105b08741d36c3a7e4d7) C:\Windows\system32\DRIVERS\atikmpag.sys
13:37:21.0381 2596        amdkmdap - ok
13:37:21.0440 2596        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
13:37:21.0441 2596        AntiVirSchedulerService - ok
13:37:21.0461 2596        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
13:37:21.0462 2596        AntiVirService - ok
13:37:21.0500 2596        AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
13:37:21.0503 2596        AntiVirWebService - ok
13:37:21.0553 2596        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:37:21.0553 2596        Appinfo - ok
13:37:21.0633 2596        Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:37:21.0634 2596        Apple Mobile Device - ok
13:37:21.0662 2596        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
13:37:21.0663 2596        arc - ok
13:37:21.0668 2596        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
13:37:21.0669 2596        arcsas - ok
13:37:21.0722 2596        aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:37:21.0723 2596        aspnet_state - ok
13:37:21.0749 2596        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:37:21.0749 2596        AsyncMac - ok
13:37:21.0777 2596        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:37:21.0777 2596        atapi - ok
13:37:21.0813 2596        AtiHDAudioService (35290682dbdb9cede934b73369f3cede) C:\Windows\system32\drivers\AtihdLH3.sys
13:37:21.0814 2596        AtiHDAudioService - ok
13:37:21.0860 2596        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:37:21.0862 2596        AudioEndpointBuilder - ok
13:37:21.0866 2596        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:37:21.0868 2596        Audiosrv - ok
13:37:21.0910 2596        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
13:37:21.0911 2596        avgntflt - ok
13:37:21.0924 2596        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
13:37:21.0925 2596        avipbb - ok
13:37:21.0935 2596        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
13:37:21.0936 2596        avkmgr - ok
13:37:21.0959 2596        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:37:21.0959 2596        Beep - ok
13:37:21.0984 2596        BFE            (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
13:37:21.0986 2596        BFE - ok
13:37:22.0043 2596        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
13:37:22.0050 2596        BITS - ok
13:37:22.0155 2596        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:37:22.0158 2596        Bonjour Service - ok
13:37:22.0224 2596        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:37:22.0225 2596        bowser - ok
13:37:22.0254 2596        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:37:22.0255 2596        BrFiltLo - ok
13:37:22.0258 2596        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:37:22.0258 2596        BrFiltUp - ok
13:37:22.0287 2596        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:37:22.0289 2596        Browser - ok
13:37:22.0296 2596        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:37:22.0297 2596        Brserid - ok
13:37:22.0302 2596        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:37:22.0303 2596        BrSerWdm - ok
13:37:22.0306 2596        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:37:22.0306 2596        BrUsbMdm - ok
13:37:22.0310 2596        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:37:22.0311 2596        BrUsbSer - ok
13:37:22.0316 2596        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:37:22.0317 2596        BTHMODEM - ok
13:37:22.0350 2596        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:37:22.0350 2596        cdfs - ok
13:37:22.0385 2596        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:37:22.0386 2596        cdrom - ok
13:37:22.0416 2596        CertPropSvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:37:22.0418 2596        CertPropSvc - ok
13:37:22.0423 2596        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
13:37:22.0423 2596        circlass - ok
13:37:22.0452 2596        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:37:22.0455 2596        CLFS - ok
13:37:22.0499 2596        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:37:22.0500 2596        clr_optimization_v2.0.50727_32 - ok
13:37:22.0541 2596        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:37:22.0543 2596        clr_optimization_v4.0.30319_32 - ok
13:37:22.0548 2596        cmdide          (2ac0c92b29ec21838f4cb46adb26bcc0) C:\Windows\system32\drivers\cmdide.sys
13:37:22.0548 2596        cmdide - ok
13:37:22.0553 2596        Compbatt        (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\drivers\compbatt.sys
13:37:22.0554 2596        Compbatt - ok
13:37:22.0557 2596        COMSysApp - ok
13:37:22.0572 2596        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
13:37:22.0573 2596        crcdisk - ok
13:37:22.0591 2596        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
13:37:22.0592 2596        Crusoe - ok
13:37:22.0615 2596        CryptSvc        (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
13:37:22.0617 2596        CryptSvc - ok
13:37:22.0663 2596        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:37:22.0681 2596        DcomLaunch - ok
13:37:22.0708 2596        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:37:22.0709 2596        DfsC - ok
13:37:22.0809 2596        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
13:37:22.0825 2596        DFSR - ok
13:37:22.0937 2596        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
13:37:22.0939 2596        Dhcp - ok
13:37:22.0986 2596        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:37:22.0987 2596        disk - ok
13:37:23.0011 2596        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
13:37:23.0012 2596        Dnscache - ok
13:37:23.0055 2596        dot3svc        (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
13:37:23.0057 2596        dot3svc - ok
13:37:23.0095 2596        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:37:23.0097 2596        DPS - ok
13:37:23.0128 2596        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:37:23.0128 2596        drmkaud - ok
13:37:23.0187 2596        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:37:23.0192 2596        DXGKrnl - ok
13:37:23.0240 2596        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:37:23.0241 2596        E1G60 - ok
13:37:23.0339 2596        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:37:23.0340 2596        EapHost - ok
13:37:23.0460 2596        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:37:23.0461 2596        Ecache - ok
13:37:23.0529 2596        ehRecvr        (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
13:37:23.0531 2596        ehRecvr - ok
13:37:23.0560 2596        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
13:37:23.0561 2596        ehSched - ok
13:37:23.0569 2596        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
13:37:23.0569 2596        ehstart - ok
13:37:23.0591 2596        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
13:37:23.0594 2596        elxstor - ok
13:37:23.0660 2596        EMDMgmt        (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
13:37:23.0666 2596        EMDMgmt - ok
13:37:23.0698 2596        EventSystem    (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
13:37:23.0701 2596        EventSystem - ok
13:37:23.0730 2596        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:37:23.0731 2596        exfat - ok
13:37:23.0762 2596        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:37:23.0763 2596        fastfat - ok
13:37:23.0784 2596        fdc            (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
13:37:23.0785 2596        fdc - ok
13:37:23.0817 2596        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:37:23.0818 2596        fdPHost - ok
13:37:23.0853 2596        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:37:23.0855 2596        FDResPub - ok
13:37:23.0891 2596        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:37:23.0892 2596        FileInfo - ok
13:37:23.0927 2596        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:37:23.0927 2596        Filetrace - ok
13:37:23.0932 2596        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
13:37:23.0933 2596        flpydisk - ok
13:37:23.0961 2596        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:37:23.0962 2596        FltMgr - ok
13:37:24.0014 2596        FontCache      (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
13:37:24.0020 2596        FontCache - ok
13:37:24.0101 2596        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:37:24.0101 2596        FontCache3.0.0.0 - ok
13:37:24.0159 2596        FreemakeVideoCapture - ok
13:37:24.0192 2596        FsUsbExDisk    (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS
13:37:24.0193 2596        FsUsbExDisk - ok
13:37:24.0220 2596        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
13:37:24.0220 2596        Fs_Rec - ok
13:37:24.0241 2596        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
13:37:24.0242 2596        gagp30kx - ok
13:37:24.0263 2596        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:37:24.0264 2596        GEARAspiWDM - ok
13:37:24.0318 2596        gpsvc          (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
13:37:24.0321 2596        gpsvc - ok
13:37:24.0381 2596        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:37:24.0382 2596        gupdate - ok
13:37:24.0385 2596        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:37:24.0386 2596        gupdatem - ok
13:37:24.0418 2596        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
13:37:24.0419 2596        HdAudAddService - ok
13:37:24.0468 2596        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:37:24.0472 2596        HDAudBus - ok
13:37:24.0500 2596        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:37:24.0500 2596        HidBth - ok
13:37:24.0504 2596        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:37:24.0504 2596        HidIr - ok
13:37:24.0530 2596        hidserv        (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
13:37:24.0532 2596        hidserv - ok
13:37:24.0563 2596        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:37:24.0563 2596        HidUsb - ok
13:37:24.0594 2596        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:37:24.0596 2596        hkmsvc - ok
13:37:24.0601 2596        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
13:37:24.0602 2596        HpCISSs - ok
13:37:24.0649 2596        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:37:24.0651 2596        HTTP - ok
13:37:24.0685 2596        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
13:37:24.0686 2596        i2omp - ok
13:37:24.0718 2596        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:37:24.0718 2596        i8042prt - ok
13:37:24.0739 2596        iaStor          (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
13:37:24.0741 2596        iaStor - ok
13:37:24.0821 2596        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
13:37:24.0822 2596        iaStorV - ok
13:37:24.0917 2596        idsvc          (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:37:24.0924 2596        idsvc - ok
13:37:24.0944 2596        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:37:24.0944 2596        iirsp - ok
13:37:24.0966 2596        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
13:37:24.0970 2596        IKEEXT - ok
13:37:25.0058 2596        IntcAzAudAddService (34b8b4a442046e3d5fdd0b17926cf3f1) C:\Windows\system32\drivers\RTKVHDA.sys
13:37:25.0073 2596        IntcAzAudAddService - ok
13:37:25.0195 2596        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:37:25.0196 2596        intelide - ok
13:37:25.0211 2596        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:37:25.0212 2596        intelppm - ok
13:37:25.0228 2596        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:37:25.0230 2596        IPBusEnum - ok
13:37:25.0240 2596        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:37:25.0241 2596        IpFilterDriver - ok
13:37:25.0281 2596        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
13:37:25.0284 2596        iphlpsvc - ok
13:37:25.0314 2596        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
13:37:25.0315 2596        IPMIDRV - ok
13:37:25.0335 2596        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:37:25.0336 2596        IPNAT - ok
13:37:25.0413 2596        iPod Service    (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
13:37:25.0419 2596        iPod Service - ok
13:37:25.0440 2596        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:37:25.0441 2596        IRENUM - ok
13:37:25.0468 2596        isapnp          (ce2997a0c3b0049a3188c4f0c7a04bc9) C:\Windows\system32\drivers\isapnp.sys
13:37:25.0469 2596        isapnp - ok
13:37:25.0501 2596        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:37:25.0503 2596        iScsiPrt - ok
13:37:25.0508 2596        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:37:25.0508 2596        iteatapi - ok
13:37:25.0513 2596        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:37:25.0514 2596        iteraid - ok
13:37:25.0519 2596        JRAID          (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys
13:37:25.0520 2596        JRAID - ok
13:37:25.0550 2596        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:37:25.0551 2596        kbdclass - ok
13:37:25.0581 2596        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:37:25.0581 2596        kbdhid - ok
13:37:25.0611 2596        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:37:25.0613 2596        KeyIso - ok
13:37:25.0643 2596        KSecDD          (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
13:37:25.0647 2596        KSecDD - ok
13:37:25.0695 2596        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:37:25.0700 2596        KtmRm - ok
13:37:25.0746 2596        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
13:37:25.0749 2596        LanmanServer - ok
13:37:25.0788 2596        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
13:37:25.0793 2596        LanmanWorkstation - ok
13:37:25.0817 2596        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:37:25.0818 2596        lltdio - ok
13:37:25.0837 2596        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:37:25.0840 2596        lltdsvc - ok
13:37:25.0879 2596        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:37:25.0881 2596        lmhosts - ok
13:37:25.0911 2596        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
13:37:25.0912 2596        LSI_FC - ok
13:37:25.0917 2596        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
13:37:25.0918 2596        LSI_SAS - ok
13:37:25.0924 2596        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
13:37:25.0925 2596        LSI_SCSI - ok
13:37:25.0944 2596        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:37:25.0945 2596        luafv - ok
13:37:25.0980 2596        MBAMProtector  (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
13:37:25.0980 2596        MBAMProtector - ok
13:37:26.0040 2596        MBAMService    (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:37:26.0046 2596        MBAMService - ok
13:37:26.0069 2596        Mcx2Svc        (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
13:37:26.0071 2596        Mcx2Svc - ok
13:37:26.0076 2596        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
13:37:26.0077 2596        megasas - ok
13:37:26.0115 2596        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:37:26.0118 2596        MMCSS - ok
13:37:26.0133 2596        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:37:26.0133 2596        Modem - ok
13:37:26.0170 2596        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:37:26.0171 2596        monitor - ok
13:37:26.0200 2596        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:37:26.0201 2596        mouclass - ok
13:37:26.0229 2596        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:37:26.0230 2596        mouhid - ok
13:37:26.0267 2596        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:37:26.0268 2596        MountMgr - ok
13:37:26.0340 2596        MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:37:26.0347 2596        MozillaMaintenance - ok
13:37:26.0370 2596        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
13:37:26.0371 2596        mpio - ok
13:37:26.0395 2596        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:37:26.0397 2596        mpsdrv - ok
13:37:26.0476 2596        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
13:37:26.0495 2596        MpsSvc - ok
13:37:26.0526 2596        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:37:26.0527 2596        Mraid35x - ok
13:37:26.0546 2596        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:37:26.0553 2596        MRxDAV - ok
13:37:26.0594 2596        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:37:26.0601 2596        mrxsmb - ok
13:37:26.0625 2596        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:37:26.0639 2596        mrxsmb10 - ok
13:37:26.0658 2596        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:37:26.0660 2596        mrxsmb20 - ok
13:37:26.0681 2596        msahci          (13fa01d10c95762e3e191bb023dfa8cc) C:\Windows\system32\drivers\msahci.sys
13:37:26.0682 2596        msahci - ok
13:37:26.0703 2596        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
13:37:26.0705 2596        msdsm - ok
13:37:26.0742 2596        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:37:26.0754 2596        MSDTC - ok
13:37:26.0782 2596        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:37:26.0783 2596        Msfs - ok
13:37:26.0823 2596        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:37:26.0836 2596        msisadrv - ok
13:37:26.0879 2596        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:37:26.0886 2596        MSiSCSI - ok
13:37:26.0889 2596        msiserver - ok
13:37:26.0905 2596        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:37:26.0906 2596        MSKSSRV - ok
13:37:26.0935 2596        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:37:26.0936 2596        MSPCLOCK - ok
13:37:26.0946 2596        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:37:26.0947 2596        MSPQM - ok
13:37:26.0989 2596        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:37:27.0002 2596        MsRPC - ok
13:37:27.0032 2596        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:37:27.0033 2596        mssmbios - ok
13:37:27.0045 2596        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:37:27.0046 2596        MSTEE - ok
13:37:27.0073 2596        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:37:27.0074 2596        Mup - ok
13:37:27.0115 2596        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
13:37:27.0128 2596        napagent - ok
13:37:27.0172 2596        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:37:27.0179 2596        NativeWifiP - ok
13:37:27.0212 2596        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:37:27.0230 2596        NDIS - ok
13:37:27.0276 2596        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:37:27.0277 2596        NdisTapi - ok
13:37:27.0293 2596        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:37:27.0294 2596        Ndisuio - ok
13:37:27.0310 2596        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:37:27.0316 2596        NdisWan - ok
13:37:27.0322 2596        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:37:27.0334 2596        NDProxy - ok
13:37:27.0464 2596        Nero BackItUp Scheduler 3 (a0101e836d2a39682e134c47b1565256) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
13:37:27.0484 2596        Nero BackItUp Scheduler 3 - ok
13:37:27.0514 2596        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:37:27.0515 2596        NetBIOS - ok
13:37:27.0536 2596        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:37:27.0542 2596        netbt - ok
13:37:27.0568 2596        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:37:27.0570 2596        Netlogon - ok
13:37:27.0617 2596        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:37:27.0630 2596        Netman - ok
13:37:27.0708 2596        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:37:27.0715 2596        NetMsmqActivator - ok
13:37:27.0719 2596        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:37:27.0720 2596        NetPipeActivator - ok
13:37:27.0739 2596        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:37:27.0753 2596        netprofm - ok
13:37:27.0756 2596        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:37:27.0758 2596        NetTcpActivator - ok
13:37:27.0761 2596        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
13:37:27.0762 2596        NetTcpPortSharing - ok
13:37:27.0794 2596        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:37:27.0795 2596        nfrd960 - ok
13:37:27.0816 2596        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:37:27.0831 2596        NlaSvc - ok
13:37:27.0941 2596        NMIndexingService (9cf3e134eb0490d60fe68631a7d666a0) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
13:37:27.0953 2596        NMIndexingService - ok
13:37:27.0996 2596        npf            (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
13:37:27.0998 2596        npf - ok
13:37:28.0028 2596        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:37:28.0030 2596        Npfs - ok
13:37:28.0068 2596        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:37:28.0071 2596        nsi - ok
13:37:28.0082 2596        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:37:28.0084 2596        nsiproxy - ok
13:37:28.0137 2596        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:37:28.0182 2596        Ntfs - ok
13:37:28.0221 2596        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:37:28.0222 2596        ntrigdigi - ok
13:37:28.0247 2596        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:37:28.0248 2596        Null - ok
13:37:28.0805 2596        nvlddmkm        (afb33a823aabc112fc7bd62afbcdb0cd) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:37:29.0075 2596        nvlddmkm - ok
13:37:29.0208 2596        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
13:37:29.0215 2596        nvraid - ok
13:37:29.0230 2596        nvrd32          (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys
13:37:29.0237 2596        nvrd32 - ok
13:37:29.0243 2596        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
13:37:29.0245 2596        nvstor - ok
13:37:29.0252 2596        nvstor32        (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys
13:37:29.0255 2596        nvstor32 - ok
13:37:29.0298 2596        nvsvc          (782945716ad010ac3d41758e8e52c735) C:\Windows\system32\nvvsvc.exe
13:37:29.0315 2596        nvsvc - ok
13:37:29.0405 2596        nvUpdatusService (a974e5c310b9b00894070ceb055d467f) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
13:37:29.0441 2596        nvUpdatusService - ok
13:37:29.0545 2596        nv_agp          (925eb9e53eca4473a2d156a02b7418e3) C:\Windows\system32\drivers\nv_agp.sys
13:37:29.0554 2596        nv_agp - ok
13:37:29.0649 2596        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:37:29.0661 2596        odserv - ok
13:37:29.0687 2596        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:37:29.0689 2596        ohci1394 - ok
13:37:29.0711 2596        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:37:29.0719 2596        ose - ok
13:37:29.0784 2596        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:37:29.0819 2596        p2pimsvc - ok
13:37:29.0826 2596        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:37:29.0834 2596        p2psvc - ok
13:37:29.0874 2596        Parport        (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
13:37:29.0876 2596        Parport - ok
13:37:29.0902 2596        partmgr        (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
13:37:29.0903 2596        partmgr - ok
13:37:29.0924 2596        Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
13:37:29.0926 2596        Parvdm - ok
13:37:29.0967 2596        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:37:29.0970 2596        PcaSvc - ok
13:37:29.0998 2596        pccsmcfd        (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
13:37:30.0000 2596        pccsmcfd - ok
13:37:30.0047 2596        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:37:30.0053 2596        pci - ok
13:37:30.0075 2596        pciide          (353968946bcb766f6c5c01717686b382) C:\Windows\system32\drivers\pciide.sys
13:37:30.0077 2596        pciide - ok
13:37:30.0085 2596        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:37:30.0091 2596        pcmcia - ok
13:37:30.0129 2596        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:37:30.0177 2596        PEAUTH - ok
13:37:30.0261 2596        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:37:30.0301 2596        pla - ok
13:37:30.0461 2596        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
13:37:30.0474 2596        PlugPlay - ok
13:37:30.0533 2596        PNRPAutoReg    (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:37:30.0541 2596        PNRPAutoReg - ok
13:37:30.0548 2596        PNRPsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:37:30.0554 2596        PNRPsvc - ok
13:37:30.0605 2596        PolicyAgent    (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
13:37:30.0618 2596        PolicyAgent - ok
13:37:30.0688 2596        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:37:30.0689 2596        PptpMiniport - ok
13:37:30.0723 2596        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
13:37:30.0724 2596        Processor - ok
13:37:30.0760 2596        ProfSvc        (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
13:37:30.0774 2596        ProfSvc - ok
13:37:30.0801 2596        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:37:30.0803 2596        ProtectedStorage - ok
13:37:30.0836 2596        ProtexisLicensing (64e413ba0c529aa40c3924bbcc4153db) c:\Windows\system32\PSIService.exe
13:37:30.0850 2596        ProtexisLicensing - ok
13:37:30.0872 2596        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:37:30.0873 2596        PSched - ok
13:37:30.0922 2596        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
13:37:30.0958 2596        ql2300 - ok
13:37:30.0980 2596        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:37:30.0983 2596        ql40xx - ok
13:37:31.0017 2596        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:37:31.0030 2596        QWAVE - ok
13:37:31.0053 2596        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:37:31.0054 2596        QWAVEdrv - ok
13:37:31.0064 2596        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:37:31.0065 2596        RasAcd - ok
13:37:31.0074 2596        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:37:31.0081 2596        RasAuto - ok
13:37:31.0120 2596        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:37:31.0122 2596        Rasl2tp - ok
13:37:31.0154 2596        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
13:37:31.0192 2596        RasMan - ok
13:37:31.0213 2596        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:37:31.0215 2596        RasPppoe - ok
13:37:31.0228 2596        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:37:31.0229 2596        RasSstp - ok
13:37:31.0254 2596        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:37:31.0268 2596        rdbss - ok
13:37:31.0287 2596        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:37:31.0288 2596        RDPCDD - ok
13:37:31.0320 2596        rdpdr          (87ee019fe9fbff071d76ccf9ec794646) C:\Windows\system32\drivers\rdpdr.sys
13:37:31.0334 2596        rdpdr - ok
13:37:31.0358 2596        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:37:31.0359 2596        RDPENCDD - ok
13:37:31.0391 2596        RDPWD          (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
13:37:31.0397 2596        RDPWD - ok
13:37:31.0428 2596        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:37:31.0431 2596        RemoteAccess - ok
13:37:31.0451 2596        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
13:37:31.0458 2596        RemoteRegistry - ok
13:37:31.0482 2596        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:37:31.0484 2596        RpcLocator - ok
13:37:31.0532 2596        RpcSs          (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:37:31.0538 2596        RpcSs - ok
13:37:31.0576 2596        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:37:31.0578 2596        rspndr - ok
13:37:31.0619 2596        RTL8169        (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
13:37:31.0635 2596        RTL8169 - ok
13:37:31.0658 2596        SamSs          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:37:31.0661 2596        SamSs - ok
13:37:31.0691 2596        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:37:31.0694 2596        sbp2port - ok
13:37:31.0797 2596        SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
13:37:31.0848 2596        SBSDWSCService - ok
13:37:31.0975 2596        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
13:37:31.0983 2596        SCardSvr - ok
13:37:32.0051 2596        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
13:37:32.0071 2596        Schedule - ok
13:37:32.0103 2596        SCPolicySvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:37:32.0104 2596        SCPolicySvc - ok
13:37:32.0145 2596        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:37:32.0154 2596        SDRSVC - ok
13:37:32.0198 2596        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:37:32.0199 2596        secdrv - ok
13:37:32.0223 2596        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:37:32.0227 2596        seclogon - ok
13:37:32.0273 2596        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
13:37:32.0277 2596        SENS - ok
13:37:32.0305 2596        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
13:37:32.0307 2596        Serenum - ok
13:37:32.0322 2596        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
13:37:32.0330 2596        Serial - ok
13:37:32.0370 2596        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:37:32.0371 2596        sermouse - ok
13:37:32.0455 2596        ServiceLayer    (9d38320bb32230349379df5ddbbf7fce) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
13:37:32.0468 2596        ServiceLayer - ok
13:37:32.0490 2596        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:37:32.0497 2596        SessionEnv - ok
13:37:32.0515 2596        sffdisk        (55b145d4248012d306da8e92fa9fdc20) C:\Windows\system32\drivers\sffdisk.sys
13:37:32.0516 2596        sffdisk - ok
13:37:32.0520 2596        sffp_mmc        (b86dfcd55294a0495571a27b861e6ef3) C:\Windows\system32\drivers\sffp_mmc.sys
13:37:32.0521 2596        sffp_mmc - ok
13:37:32.0525 2596        sffp_sd        (5b327b59fae2b01c34690d91ed03786e) C:\Windows\system32\drivers\sffp_sd.sys
13:37:32.0527 2596        sffp_sd - ok
13:37:32.0531 2596        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:37:32.0532 2596        sfloppy - ok
13:37:32.0570 2596        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:37:32.0584 2596        SharedAccess - ok
13:37:32.0620 2596        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
13:37:32.0633 2596        ShellHWDetection - ok
13:37:32.0640 2596        sisagp          (e5773c4cff310d00a59db01ef4074135) C:\Windows\system32\drivers\sisagp.sys
13:37:32.0641 2596        sisagp - ok
13:37:32.0646 2596        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
13:37:32.0648 2596        SiSRaid2 - ok
13:37:32.0654 2596        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
13:37:32.0656 2596        SiSRaid4 - ok
13:37:32.0817 2596        slsvc          (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
13:37:32.0897 2596        slsvc - ok
13:37:33.0030 2596        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
13:37:33.0034 2596        SLUINotify - ok
13:37:33.0089 2596        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:37:33.0090 2596        Smb - ok
13:37:33.0123 2596        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:37:33.0127 2596        SNMPTRAP - ok
13:37:33.0157 2596        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:37:33.0158 2596        spldr - ok
13:37:33.0192 2596        Spooler        (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
13:37:33.0198 2596        Spooler - ok
13:37:33.0248 2596        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:37:33.0262 2596        srv - ok
13:37:33.0293 2596        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:37:33.0298 2596        srv2 - ok
13:37:33.0364 2596        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:37:33.0372 2596        srvnet - ok
13:37:33.0411 2596        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:37:33.0425 2596        SSDPSRV - ok
13:37:33.0450 2596        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
13:37:33.0452 2596        ssmdrv - ok
13:37:33.0575 2596        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:37:33.0620 2596        SstpSvc - ok
13:37:33.0678 2596        Steam Client Service - ok
13:37:33.0761 2596        Stereo Service  (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
13:37:33.0773 2596        Stereo Service - ok
13:37:33.0823 2596        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
13:37:33.0842 2596        stisvc - ok
13:37:33.0875 2596        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:37:33.0877 2596        swenum - ok
13:37:33.0901 2596        swprv          (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
13:37:33.0914 2596        swprv - ok
13:37:33.0946 2596        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:37:33.0948 2596        Symc8xx - ok
13:37:33.0953 2596        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:37:33.0954 2596        Sym_hi - ok
13:37:33.0961 2596        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:37:33.0962 2596        Sym_u3 - ok
13:37:34.0004 2596        SysMain        (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
13:37:34.0022 2596        SysMain - ok
13:37:34.0066 2596        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:37:34.0071 2596        TabletInputService - ok
13:37:34.0118 2596        TapiSrv        (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
13:37:34.0130 2596        TapiSrv - ok
13:37:34.0168 2596        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:37:34.0171 2596        TBS - ok
13:37:34.0237 2596        Tcpip          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
13:37:34.0275 2596        Tcpip - ok
13:37:34.0286 2596        Tcpip6          (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
13:37:34.0293 2596        Tcpip6 - ok
13:37:34.0326 2596        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:37:34.0328 2596        tcpipreg - ok
13:37:34.0338 2596        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:37:34.0339 2596        TDPIPE - ok
13:37:34.0354 2596        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:37:34.0355 2596        TDTCP - ok
13:37:34.0373 2596        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:37:34.0375 2596        tdx - ok
13:37:34.0411 2596        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:37:34.0413 2596        TermDD - ok
13:37:34.0444 2596        TermService    (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
13:37:34.0488 2596        TermService - ok
13:37:34.0567 2596        TestHandler    (8c80a73a5d77b2208ca91e4fa269981d) C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
13:37:34.0581 2596        TestHandler - ok
13:37:34.0619 2596        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
13:37:34.0624 2596        Themes - ok
13:37:34.0703 2596        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:37:34.0705 2596        THREADORDER - ok
13:37:34.0751 2596        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:37:34.0754 2596        TrkWks - ok
13:37:34.0797 2596        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
13:37:34.0798 2596        TrustedInstaller - ok
13:37:34.0812 2596        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:37:34.0813 2596        tssecsrv - ok
13:37:34.0841 2596        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:37:34.0843 2596        tunmp - ok
13:37:34.0856 2596        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:37:34.0858 2596        tunnel - ok
13:37:34.0892 2596        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
13:37:34.0894 2596        uagp35 - ok
13:37:34.0934 2596        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:37:34.0948 2596        udfs - ok
13:37:34.0982 2596        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:37:34.0986 2596        UI0Detect - ok
13:37:35.0009 2596        uliagpkx        (5895ef4d0f1424392ee6439250e25677) C:\Windows\system32\drivers\uliagpkx.sys
13:37:35.0010 2596        uliagpkx - ok
13:37:35.0022 2596        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
13:37:35.0031 2596        uliahci - ok
13:37:35.0042 2596        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:37:35.0043 2596        UlSata - ok
13:37:35.0051 2596        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:37:35.0054 2596        ulsata2 - ok
13:37:35.0092 2596        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:37:35.0093 2596        umbus - ok
13:37:35.0135 2596        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:37:35.0150 2596        upnphost - ok
13:37:35.0189 2596        USBAAPL        (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
13:37:35.0190 2596        USBAAPL - ok
13:37:35.0220 2596        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:37:35.0222 2596        usbccgp - ok
13:37:35.0250 2596        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:37:35.0251 2596        usbcir - ok
13:37:35.0283 2596        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:37:35.0285 2596        usbehci - ok
13:37:35.0313 2596        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:37:35.0319 2596        usbhub - ok
13:37:35.0331 2596        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
13:37:35.0332 2596        usbohci - ok
13:37:35.0366 2596        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:37:35.0367 2596        usbprint - ok
13:37:35.0410 2596        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:37:35.0411 2596        usbscan - ok
13:37:35.0437 2596        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:37:35.0438 2596        USBSTOR - ok
13:37:35.0473 2596        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:37:35.0475 2596        usbuhci - ok
13:37:35.0539 2596        UxSms          (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
13:37:35.0543 2596        UxSms - ok
13:37:35.0582 2596        vds            (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
13:37:35.0603 2596        vds - ok
13:37:35.0634 2596        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
13:37:35.0636 2596        vga - ok
13:37:35.0669 2596        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:37:35.0671 2596        VgaSave - ok
13:37:35.0679 2596        viaagp          (66e64d5cbeb047c90e65f0962483a5b2) C:\Windows\system32\drivers\viaagp.sys
13:37:35.0681 2596        viaagp - ok
13:37:35.0687 2596        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
13:37:35.0689 2596        ViaC7 - ok
13:37:35.0694 2596        viaide          (7100b56688c5d6d7695d18fd001f0cd6) C:\Windows\system32\drivers\viaide.sys
13:37:35.0696 2596        viaide - ok
13:37:35.0726 2596        viamraid        (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys
13:37:35.0733 2596        viamraid - ok
13:37:35.0772 2596        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:37:35.0773 2596        volmgr - ok
13:37:35.0813 2596        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:37:35.0826 2596        volmgrx - ok
13:37:35.0876 2596        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:37:35.0890 2596        volsnap - ok
13:37:35.0931 2596        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
13:37:35.0944 2596        vsmraid - ok
13:37:36.0030 2596        VSS            (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
13:37:36.0086 2596        VSS - ok
13:37:36.0112 2596        W32Time        (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
13:37:36.0125 2596        W32Time - ok
13:37:36.0161 2596        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:37:36.0163 2596        WacomPen - ok
13:37:36.0195 2596        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:37:36.0197 2596        Wanarp - ok
13:37:36.0199 2596        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:37:36.0200 2596        Wanarpv6 - ok
13:37:36.0264 2596        wcncsvc        (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
13:37:36.0279 2596        wcncsvc - ok
13:37:36.0307 2596        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:37:36.0311 2596        WcsPlugInService - ok
13:37:36.0317 2596        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
13:37:36.0330 2596        Wd - ok
13:37:36.0365 2596        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:37:36.0400 2596        Wdf01000 - ok
13:37:36.0420 2596        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:37:36.0425 2596        WdiServiceHost - ok
13:37:36.0427 2596        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:37:36.0431 2596        WdiSystemHost - ok
13:37:36.0547 2596        WebClient      (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
13:37:36.0587 2596        WebClient - ok
13:37:36.0629 2596        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
13:37:36.0677 2596        Wecsvc - ok
13:37:36.0717 2596        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:37:36.0721 2596        wercplsupport - ok
13:37:36.0740 2596        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
13:37:36.0746 2596        WerSvc - ok
13:37:36.0904 2596        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
13:37:36.0915 2596        WinDefend - ok
13:37:36.0924 2596        WinHttpAutoProxySvc - ok
13:37:36.0973 2596        Winmgmt        (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
13:37:36.0979 2596        Winmgmt - ok
13:37:37.0079 2596        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
13:37:37.0110 2596        WinRM - ok
13:37:37.0185 2596        Wlansvc        (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
13:37:37.0227 2596        Wlansvc - ok
13:37:37.0303 2596        WmiAcpi        (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\drivers\wmiacpi.sys
13:37:37.0304 2596        WmiAcpi - ok
13:37:37.0338 2596        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
13:37:37.0345 2596        wmiApSrv - ok
13:37:37.0450 2596        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:37:37.0470 2596        WMPNetworkSvc - ok
13:37:37.0488 2596        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
13:37:37.0502 2596        WPCSvc - ok
13:37:37.0545 2596        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
13:37:37.0550 2596        WPDBusEnum - ok
13:37:37.0604 2596        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:37:37.0605 2596        WpdUsb - ok
13:37:37.0700 2596        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:37:37.0705 2596        WPFFontCache_v0400 - ok
13:37:37.0745 2596        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:37:37.0746 2596        ws2ifsl - ok
13:37:37.0768 2596        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
13:37:37.0772 2596        wscsvc - ok
13:37:37.0776 2596        WSearch - ok
13:37:37.0893 2596        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
13:37:37.0951 2596        wuauserv - ok
13:37:38.0076 2596        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:37:38.0077 2596        WUDFRd - ok
13:37:38.0094 2596        wudfsvc        (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:37:38.0099 2596        wudfsvc - ok
13:37:38.0128 2596        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:37:38.0280 2596        \Device\Harddisk0\DR0 - ok
13:37:38.0283 2596        Boot (0x1200)  (60c152c1c32a94153609b36bd034d87f) \Device\Harddisk0\DR0\Partition0
13:37:38.0284 2596        \Device\Harddisk0\DR0\Partition0 - ok
13:37:38.0320 2596        Boot (0x1200)  (48447c04deebc9084b003a64e2603414) \Device\Harddisk0\DR0\Partition1
13:37:38.0322 2596        \Device\Harddisk0\DR0\Partition1 - ok
13:37:38.0322 2596        ============================================================
13:37:38.0322 2596        Scan finished
13:37:38.0322 2596        ============================================================
13:37:38.0327 5004        Detected object count: 0
13:37:38.0327 5004        Actual detected object count: 0
13:37:46.0068 5364        Deinitialize success
Gruß Dennis

t'john 10.08.2012 12:53
Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
  • Windows XP (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)


Vorbereitung und wichtige Hinweise

  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte fragen.


  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.


  • Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
  • Während des Laufs von Combofix nichts anderes am Computer machen!
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".


  • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
  • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
  • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
  • Bitte nicht in dieses Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es wird ein Backup Deiner Registry erstellt.
  • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.


  • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
  • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
  • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.


  • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
  • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.



Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:11 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129