Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Habe ich nun was, oder habe ich nicht ? Und ist die Lösung vielleicht sogar das Problem ? (https://www.trojaner-board.de/129285-habe-habe-loesung-vielleicht-sogar-problem.html)

Welsper 10.01.2013 15:11
Habe ich nun was, oder habe ich nicht ? Und ist die Lösung vielleicht sogar das Problem ?
 
Hallo zusammen,

ich habe vorhin festgestellt, daß mir ein, b.z.w. zwei Progamme bei Firefox ständig versuchen irgendwelche Coupons anzudrehen.

Ich habe die beiden als " Browse to save " und "fast save" ausgemacht.

Da diese Popups oder wie man sie nennen mag die automatische Passworteingabe bei ein paar Internetseiten gestört haben ( also das PW wurde nicht wie normal automatisch eingefügt sondern ich musste es manuell eingeben), habe ich direkt im Internet gesucht was das sein könnte.

Nun gingen dort die Aussagen von Malware über Spyware bis hin zum Virus.

Daraufhin habe ich mir von der Seite www.securitystronghold.com ein Programm Names " Browse To Save Removal Tool " geladen.

Soweit schön und gut.
Nun bin ich aber ja nicht blöd und habe auch andere Malware und Spyware Erkennungsprogramme laufen lassen.

Weder Malware Bytes, noch feasyclean oder Norton Power Eraser haben irgendetwas gefunden.

Nun hat das Removal Tool bis jetzt 3 Dateien ausgemacht die infiziert sein sollen.
Komisch ist aber, daß diese Dateien teils seit 3 Jahren auf dem PC sind und noch nie Probleme gemacht haben. Der einzel Scan mit den genannten Programmen ergibt auch keinen Treffer und mein Norton Security ebenfalls nicht.

Ich habe auch bei www.virustotal.com alle Dateien überprüfen lassen - kein Treffer.
Die werden da von bis zu 46 verschiedenen Scannern durchsucht.
Was dort allerdings bei einem der Scanner einen Treffer verursacht hat ist das Removal Tool selbst....

Da hieß es dann bei ESET-NOD32 " a variant of Win32/SecurityStronghold "

Nun bin ich natürlich völlig verwirrt und weiß nicht ob vielleicht das Programm welches eine eventuelle Spyware beheben sollte, nicht die Spyware selbst ist :wtf:

Die Dateien die das Removal Tool bisher entfernen möchte sind:

c:\End
c:\Windows\System32\COMDLG32.OCX
c:\Windows\System32\MSINET.OCX
c:\Windows\Left 4 Dead\uninstall.exe

und er ist gerade mal zur Hälfte fertig mit Scannen.

Also die letzte Datei kann nicht verseucht sein. Die ist Monatelang bereits bei mir und wurde von Steam installiert....
Auch die Dateien im System 32 sind von 2009 b.z.w. 2010 und ich habe im Internet nachgesehen was diese Dateien so machen und herausgefunden daß sie teilweise sehr schwer zu beschaffen sind wenn sie fehlen.

Also wieso will das Programm Dateien löschen an die ich kaum noch rankomme ?

Das "Browse to Save " und " Fast Save " Problem habe ich inzwischen gelöst, indem ich eine Erweiterung in Firefox deinstalliert habe.
Da sie " Fast Save " hieß und ich am Anfang nur nach " Browse to Save " gesucht hatte, habe ich sie erst nicht gefunden. Sonst hätte ich garnicht erst im Internet nacheiner Möglichkeit zum entfernen gesucht.

Nun kommen keine Gutschein und Coupon Angebote mehr - aber die Sorge etwas zu haben oder sich etwas einzufangen ist nun da.

Wer hat Recht ? Das Removal Tool, oder meine 3 Malwarescanner ?

markusg 10.01.2013 15:13
Hi
lösche diesen komischen Remover.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Welsper 10.01.2013 16:01
OTL Logfile:
Code:
OTL logfile created on: 10.01.2013 15:23:31 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\*****\Desktop\Trojaner und Malware Bekämpfung
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 52,60% Memory free
9,11 Gb Paging File | 7,61 Gb Available in Paging File | 83,51% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,56 Gb Total Space | 10,35 Gb Free Space | 10,61% Space Free | Partition Type: NTFS
Drive D: | 7,81 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 368,10 Gb Total Space | 154,33 Gb Free Space | 41,93% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 0,60 Gb Free Space | 0,03% Space Free | Partition Type: NTFS
 
Computer Name: ***** | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.05 21:44:45 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.08 17:29:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\Trojaner und Malware Bekämpfung\OTL.exe
PRC - [2012.10.11 03:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton Internet Security CBE\Engine\20.2.0.19\ccsvchst.exe
PRC - [2012.10.02 20:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.10.02 20:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.06.28 09:52:12 | 004,941,768 | ---- | M] (SafeNet Inc.) -- C:\Windows\System32\hasplms.exe
PRC - [2011.03.28 19:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:16:54 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2010.07.29 06:05:38 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Programme\Common Files\Nuance\dgnsvc.exe
PRC - [2009.07.21 08:17:46 | 000,323,584 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\SetPoint II\SetPointII.exe
PRC - [2009.07.10 11:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.05 21:44:44 | 002,397,152 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.12.05 18:09:41 | 002,148,376 | ---- | M] () -- c:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll
MOD - [2012.11.30 03:07:48 | 000,100,248 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012.11.30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2012.05.30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Programme\Norton Internet Security CBE\Engine\20.2.0.19\wincfi39.dll
MOD - [2010.07.04 22:32:38 | 000,010,752 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll
MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013.01.01 19:37:34 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.05 21:44:44 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.11 03:29:13 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security CBE\Engine\20.2.0.19\ccSvcHst.exe -- (NIS)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.08.30 20:13:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.06.28 09:52:12 | 004,941,768 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\System32\hasplms.exe -- (hasplms)
SRV - [2012.06.17 08:51:58 | 000,075,536 | ---- | M] (SANDBOXIE L.T.D) [Disabled | Stopped] -- C:\Programme\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011.03.28 19:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.01.11 07:04:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.07.29 06:05:38 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Programme\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (a3tqiwo3)
DRV - [2013.01.10 12:59:30 | 000,097,440 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SMR311.SYS -- (SMR311)
DRV - [2013.01.07 04:14:30 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130109.040\NAVEX15.SYS -- (NAVEX15)
DRV - [2013.01.07 04:14:30 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130109.040\NAVENG.SYS -- (NAVENG)
DRV - [2012.12.06 03:09:18 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.10.31 10:36:43 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.10.27 08:51:20 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130109.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012.10.24 00:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130107.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.10.10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.10.09 02:00:02 | 000,586,400 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1402000.013\srtsp.sys -- (SRTSP)
DRV - [2012.10.04 02:40:35 | 000,927,904 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1402000.013\symefa.sys -- (SymEFA)
DRV - [2012.10.04 02:40:20 | 000,368,288 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1402000.013\symds.sys -- (SymDS)
DRV - [2012.10.04 02:19:14 | 000,134,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1402000.013\ccsetx86.sys -- (ccSet_NIS)
DRV - [2012.09.26 14:02:32 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2012.09.07 03:05:14 | 000,338,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1402000.013\symnets.sys -- (SymNetS)
DRV - [2012.09.07 02:48:08 | 000,175,264 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1402000.013\ironx86.sys -- (SymIRON)
DRV - [2012.08.18 02:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.07.03 16:25:17 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012.06.28 09:51:46 | 000,362,496 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2012.06.17 08:51:54 | 000,137,488 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2012.05.24 22:36:56 | 000,032,888 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1402000.013\srtspx.sys -- (SRTSPX)
DRV - [2011.08.10 15:05:24 | 000,596,424 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hardlock.sys -- (hardlock)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.10.06 04:48:29 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.10.06 04:48:28 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.09.22 20:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010.07.06 19:52:50 | 000,097,376 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2010.07.04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.09.17 12:02:04 | 001,086,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.06.26 08:29:34 | 001,656,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ambfilt.sys -- (AMBFilt)
DRV - [2009.06.17 08:56:18 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 08:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.05.21 14:39:54 | 000,090,472 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009.05.04 17:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.12.02 07:56:00 | 001,389,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Monfilt.sys -- (MonFilt)
DRV - [2008.01.19 04:55:22 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2007.06.29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2005.09.23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2001.11.07 01:00:00 | 000,166,504 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\webc3vid.sys -- (CTL511Plus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Programme\AF-HSS\tbAF-H.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2765711
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109727&tt=4812_8&babsrc=SP_ss&mntrId=54a93cd60000000000000025223606c8
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=15527&prt=NIS&chn=retail&geo=DE&ver=20&locale=de_DE&tpr=111
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2765711
IE - HKCU\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.2.0
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7BBAEBEF65-9289-47c5-8524-C345CC5D860D%7D:1.11
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=109727&tt=4812_8&babsrc=KW_ss&mntrId=54a93cd60000000000000025223606c8&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\Binaries\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\***\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.11 12:07:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.10.31 10:36:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.01.10 14:14:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.11.03 18:03:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.31 18:15:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.31 18:15:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mj7a9djq.default\extensions\firejump@firejump.net
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2012.12.07 02:13:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.31 18:15:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.31 18:15:39 | 000,000,000 | ---D | M]
 
[2012.02.18 04:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.02.02 18:01:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\celtx@celtx.com
[2013.01.10 14:29:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mj7a9djq.default\extensions
[2012.11.22 05:58:55 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\mj7a9djq.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.09.14 22:39:55 | 000,004,404 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\mj7a9djq.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2012.08.07 07:59:36 | 000,154,252 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\mj7a9djq.default\extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}.xpi
[2013.01.05 08:50:09 | 000,220,411 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\mj7a9djq.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2012.11.24 08:34:41 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\mj7a9djq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.09.25 20:07:58 | 000,271,097 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\mj7a9djq.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}.xpi
[2012.09.14 22:32:46 | 000,000,853 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\mj7a9djq.default\searchplugins\11-suche.xml
[2012.09.14 22:32:47 | 000,002,209 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\mj7a9djq.default\searchplugins\englische-ergebnisse.xml
[2012.09.14 22:32:46 | 000,010,506 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\mj7a9djq.default\searchplugins\gmx-suche.xml
[2012.09.14 22:32:46 | 000,002,368 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\mj7a9djq.default\searchplugins\lastminute.xml
[2012.12.02 22:44:11 | 000,002,536 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\mj7a9djq.default\searchplugins\mngr.xml
[2012.09.14 22:32:46 | 000,005,489 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\mj7a9djq.default\searchplugins\webde-suche.xml
[2012.10.30 09:42:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.11.02 19:57:11 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.27 09:09:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.10.27 09:09:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.30 09:42:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.10.27 09:09:59 | 000,000,000 | ---D | M] (Yummy Games Player) -- C:\Programme\Mozilla Firefox\extensions\YPlayer@yummy.net
[2012.10.30 09:42:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.12.05 21:44:45 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.12.02 22:43:50 | 000,002,349 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.08.30 01:02:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?affID=109727&tt=4812_8&babsrc=HP_ss&mntrId=54a93cd60000000000000025223606c8
CHR - default_search_provider: ICQ Search (Enabled)
CHR - default_search_provider: search_url = hxxp://search.icq.com/search/results.php?ch_id=osd&q={searchTerms}&icid=chrome
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://search.babylon.com/?affID=109727&tt=4812_8&babsrc=HP_ss&mntrId=54a93cd60000000000000025223606c8
CHR - plugin: Erster Nutzer (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Linkury Smartbar = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: Browse2save = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmalahghdikadpdonhnpjopablkibj\1\
CHR - Extension: Babylon Toolbar = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\
CHR - Extension: Freemake Video Converter = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Settings Protector = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
 
O1 HOSTS File: ([2010.10.06 23:35:35 | 000,000,863 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 launcher01.kalypsomedia.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security CBE\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security CBE\Engine\20.2.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Browse2save) - {AF0D7BA7-2A75-9534-3D50-855D8141DBD3} - C:\ProgramData\Browse2save\50e7da3064f4b.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AF-HSS Toolbar) - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Programme\AF-HSS\tbAF-H.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security CBE\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (AF-HSS Toolbar) - {f0381dbd-e018-4e07-ae40-d96ab15083f0} - C:\Programme\AF-HSS\tbAF-H.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security CBE\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AF-HSS Toolbar) - {F0381DBD-E018-4E07-AE40-D96AB15083F0} - C:\Programme\AF-HSS\tbAF-H.dll (Conduit Ltd.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Programme\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKCU..\Run: [ASRockIES]  File not found
O4 - HKCU..\Run: [Personal ID] C:\Programme\coolspot AG\Personal ID\pid.exe (coolspot AG, Düsseldorf)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [zASRockInstantBoot]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Programme\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C5B0027-A7E3-417D-B1E6-D31E32DA8C0D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\25976~1.107\{c16c1~1\mngr.dll) - c:\ProgramData\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012.05.14 14:35:13 | 000,000,081 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2012.08.01 14:05:00 | 000,000,000 | R--D | M] - D:\autostarter -- [ UDF ]
O32 - AutoRun File - [2007.07.30 10:00:50 | 000,233,472 | R--- | M] () - D:\AutoStarter.exe -- [ UDF ]
O32 - AutoRun File - [2010.07.10 02:10:56 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O33 - MountPoints2\{01de29bc-b2dc-11e0-a4a1-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{01de29bc-b2dc-11e0-a4a1-0025223606c8}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{04dc5fb6-5e49-11e1-818a-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{04dc5fb6-5e49-11e1-818a-0025223606c8}\Shell\AutoRun\command - "" = G:\PzC-AfrikaKorps-SetupRelease-DE-v112.exe
O33 - MountPoints2\{0ff45385-da91-11df-a05d-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{0ff45385-da91-11df-a05d-0025223606c8}\Shell\AutoRun\command - "" = Z:\Setup.exe
O33 - MountPoints2\{0ff45389-da91-11df-a05d-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{0ff45389-da91-11df-a05d-0025223606c8}\Shell\AutoRun\command - "" = Z:\autorun.exe
O33 - MountPoints2\{1717fae8-d229-11df-a3da-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{1717fae8-d229-11df-a3da-0025223606c8}\Shell\AutoRun\command - "" = V:\Setup.exe
O33 - MountPoints2\{1717fbe8-d229-11df-a3da-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{1717fbe8-d229-11df-a3da-0025223606c8}\Shell\AutoRun\command - "" = V:\Setup.exe
O33 - MountPoints2\{1717fd5d-d229-11df-a3da-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{1717fd5d-d229-11df-a3da-0025223606c8}\Shell\AutoRun\command - "" = W:\autorun.exe -auto
O33 - MountPoints2\{1717fd70-d229-11df-a3da-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{1717fd70-d229-11df-a3da-0025223606c8}\Shell\AutoRun\command - "" = W:\Autorun.exe
O33 - MountPoints2\{1717fdd3-d229-11df-a3da-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{1717fdd3-d229-11df-a3da-0025223606c8}\Shell\AutoRun\command - "" = V:\AUTOSTARTER.EXE
O33 - MountPoints2\{1892ec14-0bf5-11e1-8526-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{1892ec14-0bf5-11e1-8526-0025223606c8}\Shell\AutoRun\command - "" = M:\SETUP.EXE
O33 - MountPoints2\{1892ec15-0bf5-11e1-8526-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{1892ec15-0bf5-11e1-8526-0025223606c8}\Shell\AutoRun\command - "" = M:\SETUP.EXE
O33 - MountPoints2\{1892ec16-0bf5-11e1-8526-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{1892ec16-0bf5-11e1-8526-0025223606c8}\Shell\AutoRun\command - "" = M:\SETUP.EXE
O33 - MountPoints2\{1b0aa9c3-d67d-11df-a831-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{1b0aa9c3-d67d-11df-a831-0025223606c8}\Shell\AutoRun\command - "" = X:\autorun.exe
O33 - MountPoints2\{1b0aab0b-d67d-11df-a831-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{1b0aab0b-d67d-11df-a831-0025223606c8}\Shell\AutoRun\command - "" = Y:\autorun.exe
O33 - MountPoints2\{26606a75-e73b-11df-a90e-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{26606a75-e73b-11df-a90e-0025223606c8}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{26c2ba8e-21ee-11e0-9d20-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{26c2ba8e-21ee-11e0-9d20-0025223606c8}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{26c2ba8e-21ee-11e0-9d20-0025223606c8}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe
O33 - MountPoints2\{26c2ba98-21ee-11e0-9d20-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{26c2ba98-21ee-11e0-9d20-0025223606c8}\Shell\AutoRun\command - "" = H:\autoplay.exe
O33 - MountPoints2\{26c2baa1-21ee-11e0-9d20-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{26c2baa1-21ee-11e0-9d20-0025223606c8}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{2f631f90-303b-11e0-a288-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{2f631f90-303b-11e0-a288-0025223606c8}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{2fe53a4e-eb60-11df-8d01-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{2fe53a4e-eb60-11df-8d01-0025223606c8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{343cc8f7-dc30-11df-a4a6-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{343cc8f7-dc30-11df-a4a6-0025223606c8}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{343db5d5-f080-11df-a045-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{343db5d5-f080-11df-a045-0025223606c8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{34863e66-2cca-11e0-8c80-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{34863e66-2cca-11e0-8c80-0025223606c8}\Shell\AutoRun\command - "" = J:\Setup.exe
O33 - MountPoints2\{34863f2d-2cca-11e0-8c80-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{34863f2d-2cca-11e0-8c80-0025223606c8}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{35ffec9e-ea78-11df-8853-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{35ffec9e-ea78-11df-8853-0025223606c8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{3710d18a-f344-11e1-b20f-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{3710d18a-f344-11e1-b20f-0025223606c8}\Shell\AutoRun\command - "" = K:\SETUP.EXE
O33 - MountPoints2\{3710d18b-f344-11e1-b20f-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{3710d18b-f344-11e1-b20f-0025223606c8}\Shell\AutoRun\command - "" = L:\CD_Start.exe
O33 - MountPoints2\{3710d18c-f344-11e1-b20f-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{3710d18c-f344-11e1-b20f-0025223606c8}\Shell\AutoRun\command - "" = K:\setup.exe
O33 - MountPoints2\{3aaaf57d-ed41-11df-822d-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{3aaaf57d-ed41-11df-822d-0025223606c8}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{43a494a1-a756-11e0-bc47-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{43a494a1-a756-11e0-bc47-0025223606c8}\Shell\AutoRun\command - "" = J:\DNF.exe
O33 - MountPoints2\{44582417-0906-11e1-a30b-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{44582417-0906-11e1-a30b-0025223606c8}\Shell\AutoRun\command - "" = K:\OriginInstaller.exe
O33 - MountPoints2\{4aac0b06-fee1-11e0-9fbe-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{4aac0b06-fee1-11e0-9fbe-0025223606c8}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{4d796292-a326-11e0-9da0-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{4d796292-a326-11e0-9da0-0025223606c8}\Shell\AutoRun\command - "" = I:\setup.exe
O33 - MountPoints2\{4d796298-a326-11e0-9da0-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{4d796298-a326-11e0-9da0-0025223606c8}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{536a3de3-2603-11e0-a8b8-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{536a3de3-2603-11e0-a8b8-0025223606c8}\Shell\AutoRun\command - "" = H:\autoset.exe
O33 - MountPoints2\{536a3de7-2603-11e0-a8b8-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{536a3de7-2603-11e0-a8b8-0025223606c8}\Shell\AutoRun\command - "" = H:\Autorun.exe
O33 - MountPoints2\{536a3dfa-2603-11e0-a8b8-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{536a3dfa-2603-11e0-a8b8-0025223606c8}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{53c2b99a-562a-11e0-8504-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{53c2b99a-562a-11e0-8504-0025223606c8}\Shell\AutoRun\command - "" = I:\Autorun.exe
O33 - MountPoints2\{5764886d-30f8-11e0-8da0-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{5764886d-30f8-11e0-8da0-0025223606c8}\Shell\AutoRun\command - "" = G:\install.exe
O33 - MountPoints2\{5efd0b4b-e4d1-11df-a39d-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{5efd0b4b-e4d1-11df-a39d-0025223606c8}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{5efd0b57-e4d1-11df-a39d-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{5efd0b57-e4d1-11df-a39d-0025223606c8}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{5efd0bc4-e4d1-11df-a39d-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{5efd0bc4-e4d1-11df-a39d-0025223606c8}\Shell\AutoRun\command - "" = F:\METT-Program-Player.exe
O33 - MountPoints2\{5efd0be2-e4d1-11df-a39d-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{5efd0be2-e4d1-11df-a39d-0025223606c8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{65f5f12c-d751-11df-9fb8-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{65f5f12c-d751-11df-9fb8-0025223606c8}\Shell\AutoRun\command - "" = Y:\autorun.exe
O33 - MountPoints2\{65f5f13a-d751-11df-9fb8-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{65f5f13a-d751-11df-9fb8-0025223606c8}\Shell\AutoRun\command - "" = Z:\autorun.exe
O33 - MountPoints2\{6daf07c8-d14b-11df-9578-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{6daf07c8-d14b-11df-9578-0025223606c8}\Shell\AutoRun\command - "" = V:\Autorun.exe
O33 - MountPoints2\{74763719-ff9c-11e0-8a17-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{74763719-ff9c-11e0-8a17-0025223606c8}\Shell\AutoRun\command - "" = K:\Autorun.exe
O33 - MountPoints2\{784c994d-1509-11e1-a9b1-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{784c994d-1509-11e1-a9b1-0025223606c8}\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\{784c9954-1509-11e1-a9b1-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{784c9954-1509-11e1-a9b1-0025223606c8}\Shell\AutoRun\command - "" = K:\setup.exe
O33 - MountPoints2\{784c9957-1509-11e1-a9b1-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{784c9957-1509-11e1-a9b1-0025223606c8}\Shell\AutoRun\command - "" = L:\CD_Start.exe
O33 - MountPoints2\{784c995f-1509-11e1-a9b1-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{784c995f-1509-11e1-a9b1-0025223606c8}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\{784c9961-1509-11e1-a9b1-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{784c9961-1509-11e1-a9b1-0025223606c8}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{7a5a959d-d496-11df-a13a-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{7a5a959d-d496-11df-a13a-0025223606c8}\Shell\AutoRun\command - "" = V:\FalloutLauncher.exe
O33 - MountPoints2\{7a5a95a4-d496-11df-a13a-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{7a5a95a4-d496-11df-a13a-0025223606c8}\Shell\AutoRun\command - "" = W:\FalloutLauncher.exe
O33 - MountPoints2\{7a5a95a8-d496-11df-a13a-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{7a5a95a8-d496-11df-a13a-0025223606c8}\Shell\AutoRun\command - "" = X:\DE_Fallout_3_DLC.EXE
O33 - MountPoints2\{7a5a95c5-d496-11df-a13a-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{7a5a95c5-d496-11df-a13a-0025223606c8}\Shell\AutoRun\command - "" = X:\AUTOSTARTER.EXE
O33 - MountPoints2\{80eb2a54-f573-11df-9f0f-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{80eb2a54-f573-11df-9f0f-0025223606c8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{898305f5-e8cf-11df-ac70-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{898305f5-e8cf-11df-ac70-0025223606c8}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{898305f5-e8cf-11df-ac70-0025223606c8}\Shell\directx\command - "" = G:\Support\DirectX\DXSETUP.exe
O33 - MountPoints2\{898305f5-e8cf-11df-ac70-0025223606c8}\Shell\install\command - "" = G:\setup.exe
O33 - MountPoints2\{89830608-e8cf-11df-ac70-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{89830608-e8cf-11df-ac70-0025223606c8}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{89830608-e8cf-11df-ac70-0025223606c8}\Shell\directx\command - "" = G:\Support\DirectX\DXSETUP.exe
O33 - MountPoints2\{89830608-e8cf-11df-ac70-0025223606c8}\Shell\install\command - "" = G:\setup.exe
O33 - MountPoints2\{89830643-e8cf-11df-ac70-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{89830643-e8cf-11df-ac70-0025223606c8}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{8a22f969-ba79-11df-8b69-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8a22f969-ba79-11df-8b69-806e6f6e6963}\Shell\AutoRun\command - "" = D:\0data\cbs.exe -- [2012.05.14 14:28:10 | 003,430,400 | R--- | M] ()
O33 - MountPoints2\{8c6b16c0-31cd-11e0-b923-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8c6b16c0-31cd-11e0-b923-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{900868d4-26d9-11e0-abf3-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{900868d4-26d9-11e0-abf3-0025223606c8}\Shell\AutoRun\command - "" = H:\Setup.exe
O33 - MountPoints2\{900868f6-26d9-11e0-abf3-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{900868f6-26d9-11e0-abf3-0025223606c8}\Shell\AutoRun\command - "" = I:\CoDMW2.exe
O33 - MountPoints2\{900868f9-26d9-11e0-abf3-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{900868f9-26d9-11e0-abf3-0025223606c8}\Shell\AutoRun\command - "" = 1
O33 - MountPoints2\{900868fd-26d9-11e0-abf3-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{900868fd-26d9-11e0-abf3-0025223606c8}\Shell\AutoRun\command - "" = 1
O33 - MountPoints2\{94fbcc79-cbba-11e0-88d9-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{94fbcc79-cbba-11e0-88d9-0025223606c8}\Shell\AutoRun\command - "" = J:\StartUp.exe
O33 - MountPoints2\{9fd86f97-98a2-11e0-b0ae-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{9fd86f97-98a2-11e0-b0ae-0025223606c8}\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\{a2c8e10c-ec46-11df-bf85-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{a2c8e10c-ec46-11df-bf85-0025223606c8}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{a7584c5e-22c8-11e0-9eaa-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{a7584c5e-22c8-11e0-9eaa-0025223606c8}\Shell\AutoRun\command - "" = H:\autoplay.exe
O33 - MountPoints2\{b1a752ff-2887-11e0-959e-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{b1a752ff-2887-11e0-959e-0025223606c8}\Shell\AutoRun\command - "" = J:\Setup.exe
O33 - MountPoints2\{b1a75307-2887-11e0-959e-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{b1a75307-2887-11e0-959e-0025223606c8}\Shell\AutoRun\command - "" = J:\Setup.exe
O33 - MountPoints2\{b99b43d5-d8e9-11df-b931-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{b99b43d5-d8e9-11df-b931-0025223606c8}\Shell\AutoRun\command - "" = Z:\Setup.exe
O33 - MountPoints2\{be6aaa49-f5a9-11df-b009-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{be6aaa49-f5a9-11df-b009-0025223606c8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{bf78c0ff-deb1-11df-a636-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{bf78c0ff-deb1-11df-a636-0025223606c8}\Shell\AutoRun\command - "" = F:\Autostart.exe
O33 - MountPoints2\{c0a93676-d895-11e0-b6b1-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{c0a93676-d895-11e0-b6b1-0025223606c8}\Shell\AutoRun\command - "" = J:\steambackup2.EXE
O33 - MountPoints2\{c44fbbcb-0c39-11e0-a490-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{c44fbbcb-0c39-11e0-a490-0025223606c8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{c44fbbcc-0c39-11e0-a490-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{c44fbbcc-0c39-11e0-a490-0025223606c8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{c49228af-279e-11e0-b7aa-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{c49228af-279e-11e0-b7aa-0025223606c8}\Shell\AutoRun\command - "" = J:\CD_Start.exe
O33 - MountPoints2\{cefebe40-080b-11e2-acfe-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cefebe40-080b-11e2-acfe-806e6f6e6963}\Shell\AutoRun\command - "" = H:\PanzerCorpsWehrmacht-SetupRelease-v103.exe
O33 - MountPoints2\{cf7431ba-e3d8-11df-aba6-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{cf7431ba-e3d8-11df-aba6-0025223606c8}\Shell\AutoRun\command - "" = F:\Support\AutoRun\AutoRun.exe
O33 - MountPoints2\{cf7431d9-e3d8-11df-aba6-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{cf7431d9-e3d8-11df-aba6-0025223606c8}\Shell\AutoRun\command - "" = F:\AUTOSTARTER.EXE
O33 - MountPoints2\{cf743207-e3d8-11df-aba6-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{cf743207-e3d8-11df-aba6-0025223606c8}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{d62d4c66-e131-11df-9b6d-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{d62d4c66-e131-11df-9b6d-0025223606c8}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{d990bcfe-1394-11e0-8096-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{d990bcfe-1394-11e0-8096-0025223606c8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{deea389e-0070-11e0-9d93-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{deea389e-0070-11e0-9d93-0025223606c8}\Shell\AutoRun\command - "" = G:\StartHere.exe
O33 - MountPoints2\{e1287832-6295-11e1-9141-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{e1287832-6295-11e1-9141-0025223606c8}\Shell\AutoRun\command - "" = L:\SETUP.EXE
O33 - MountPoints2\{e6351052-2954-11e0-8dad-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{e6351052-2954-11e0-8dad-0025223606c8}\Shell\AutoRun\command - "" = J:\Autorun.exe
O33 - MountPoints2\{e6351053-2954-11e0-8dad-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{e6351053-2954-11e0-8dad-0025223606c8}\Shell\AutoRun\command - "" = J:\Autorun.exe
O33 - MountPoints2\{e6351054-2954-11e0-8dad-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{e6351054-2954-11e0-8dad-0025223606c8}\Shell\AutoRun\command - "" = J:\Autorun.exe
O33 - MountPoints2\{fd64aaec-e652-11df-a6a5-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{fd64aaec-e652-11df-a6a5-0025223606c8}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{fe1a5ef3-3b09-11e0-add5-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{fe1a5ef3-3b09-11e0-add5-0025223606c8}\Shell\AutoRun\command - "" = I:\Autorun.exe
O33 - MountPoints2\{fff1b05e-2db9-11e0-b238-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{fff1b05e-2db9-11e0-b238-0025223606c8}\Shell\AutoRun\command - "" = K:\autorun.exe -auto
O33 - MountPoints2\{fff1b060-2db9-11e0-b238-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{fff1b060-2db9-11e0-b238-0025223606c8}\Shell\AutoRun\command - "" = K:\autorun.exe -auto
O33 - MountPoints2\{fff1b061-2db9-11e0-b238-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{fff1b061-2db9-11e0-b238-0025223606c8}\Shell\AutoRun\command - "" = L:\autorun.exe -auto
O33 - MountPoints2\{fff1b068-2db9-11e0-b238-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{fff1b068-2db9-11e0-b238-0025223606c8}\Shell\AutoRun\command - "" = L:\autorun.exe -auto
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VideoBrowser Camera Monitor.lnk - C:\Programme\PIXELA\VideoBrowser\CameraMonitor.exe - (PIXELA CORPORATION)
MsConfig - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: DNS7reminder - hkey= - key= - C:\Program Files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: dradio-RecorderTimer - hkey= - key= - C:\Programme\dradio-Recorder\phonostarTimer.exe ()
MsConfig - StartUpReg: EA Core - hkey= - key= -  File not found
MsConfig - StartUpReg: F-Secure Hoster (666) - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\***\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HDAudDeck - hkey= - key= - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
MsConfig - StartUpReg: Linkury Chrome Smartbar - hkey= - key= - C:\Program Files\Linkury\Linkury.exe (Linkury)
MsConfig - StartUpReg: Malwarebytes Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= -  File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SandboxieControl - hkey= - key= - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
MsConfig - StartUpReg: Skype - hkey= - key= -  File not found
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: UnlockerAssistant - hkey= - key= - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
MsConfig - StartUpReg: USBToolTip - hkey= - key= -  File not found
MsConfig - StartUpReg: WinampAgent - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.10 12:59:30 | 000,097,440 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR311.SYS
[2013.01.10 12:58:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs
[2013.01.10 12:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\Browse To Save Removal Tool
[2013.01.09 23:26:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panzer General Special Edition
[2013.01.09 23:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slitherine
[2013.01.07 19:06:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Doomsday
[2013.01.07 18:47:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Doomsday
[2013.01.06 20:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Particles
[2013.01.06 20:25:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Murder on the Titanic
[2013.01.06 20:08:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NevoSoft Games
[2013.01.05 09:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Intenium
[2013.01.05 08:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\DEUTSCHLAND SPIELT
[2013.01.05 08:58:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT
[2013.01.05 08:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\OXXOGames
[2013.01.05 08:50:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DieselPuppet
[2013.01.05 08:46:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AlawarWrapper
[2013.01.05 08:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2013.01.05 08:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2save
[2013.01.05 08:44:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Browse2save
[2013.01.05 08:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AlawarWrapper
[2013.01.05 08:42:44 | 000,000,000 | ---D | C] -- C:\Program Files\Alawar
[2013.01.05 08:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013.01.05 08:25:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\AlawarEntertainment
[2013.01.04 02:42:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mord im Laufrad
[2013.01.04 02:27:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver
[2013.01.02 13:32:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.01.02 13:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment
[2013.01.01 20:25:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\onOne Software
[2013.01.01 20:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\onOne Software
[2012.12.31 21:07:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SourceTec
[2012.12.31 21:07:30 | 000,000,000 | ---D | C] -- C:\Program Files\LAV Filters
[2012.12.31 21:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sothink Video Converter
[2012.12.31 21:06:59 | 001,283,584 | ---- | C] (xy-VSFilter Team) -- C:\Windows\System32\VSFilter.dll
[2012.12.31 21:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
[2012.12.31 21:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Sothink Video Converter
[2012.12.31 18:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.12.31 18:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.12.20 17:30:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Artifex Mundi
[2012.12.20 17:22:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LeeGT-Games
[2012.12.17 04:54:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\InstallShare
[2012.12.11 19:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\ToyDefense
[2012.12.11 19:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toy Defense
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.10 15:02:02 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.10 14:32:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2373844148-831878903-2888449-1000UA.job
[2013.01.10 14:22:45 | 000,014,800 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.10 14:22:45 | 000,014,800 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.10 14:14:57 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.10 14:14:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.10 14:14:26 | 2616,696,832 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.10 12:59:30 | 000,097,440 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR311.SYS
[2013.01.10 12:58:59 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.10 12:22:11 | 000,674,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.10 07:46:12 | 002,239,823 | ---- | M] () -- C:\Users\***\Desktop\WritersWorkshop_E-Zine_2012_12.pdf
[2013.01.10 03:13:43 | 000,699,276 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.10 03:13:43 | 000,654,594 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.10 03:13:43 | 000,149,170 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.10 03:13:43 | 000,122,124 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.09 22:32:17 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2373844148-831878903-2888449-1000Core.job
[2013.01.09 08:13:06 | 004,337,449 | ---- | M] () -- C:\Users\***\Desktop\vhs_2013.pdf
[2013.01.07 18:47:10 | 000,000,088 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013.01.02 13:36:50 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Edna Bricht Aus - Sammler Edition.lnk
[2013.01.02 13:29:39 | 000,000,885 | ---- | M] () -- C:\Users\Public\Desktop\Harveys neue Augen Special Edition.lnk
[2012.12.31 21:07:06 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\Sothink Video Converter.lnk
[2012.12.31 18:15:35 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.12.23 10:26:49 | 000,000,394 | ---- | M] () -- C:\Users\***\AppData\Roaming\burnaware.ini
[2012.12.21 12:36:07 | 000,010,240 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.13 18:45:22 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\000035B3.LCS
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.10 12:58:57 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.01.10 07:46:12 | 002,239,823 | ---- | C] () -- C:\Users\***\Desktop\WritersWorkshop_E-Zine_2012_12.pdf
[2013.01.09 23:14:25 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\Play Panzer Corps (Game Menu).lnk
[2013.01.09 08:13:02 | 004,337,449 | ---- | C] () -- C:\Users\***\Desktop\vhs_2013.pdf
[2013.01.07 18:47:10 | 000,000,088 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013.01.05 08:43:58 | 000,001,867 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alawar Games.lnk
[2013.01.05 08:42:55 | 000,001,264 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Weird Park Broken Tune.lnk
[2013.01.02 13:36:50 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Edna Bricht Aus - Sammler Edition.lnk
[2013.01.02 13:29:39 | 000,000,885 | ---- | C] () -- C:\Users\Public\Desktop\Harveys neue Augen Special Edition.lnk
[2012.12.31 21:07:05 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\Sothink Video Converter.lnk
[2012.12.31 18:15:35 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012.12.09 05:46:13 | 000,000,000 | ---- | C] () -- C:\Windows\Hatchery.INI
[2012.12.02 22:43:36 | 000,338,432 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2012.12.01 16:09:41 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2012.11.08 22:28:17 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.11.08 22:28:17 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.11.05 23:51:34 | 000,079,360 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.11.05 16:32:18 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2012.11.05 16:32:18 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2012.11.05 16:32:18 | 000,001,786 | ---- | C] () -- C:\Windows\unins000.dat
[2012.10.29 18:54:17 | 000,001,529 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2012.10.18 12:33:10 | 000,038,520 | ---- | C] () -- C:\Windows\System32\RGBAcodec.dll
[2012.10.06 11:43:10 | 000,000,116 | ---- | C] () -- C:\Users\***\kvirc4.ini
[2012.09.15 17:35:35 | 000,017,408 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2012.09.03 10:19:45 | 003,536,817 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.07.13 16:35:13 | 001,853,448 | ---- | C] () -- C:\Users\***\Seite 01.cl2arc
[2012.07.13 15:08:38 | 000,001,600 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2012.07.13 13:59:54 | 000,000,008 | RHS- | C] () -- C:\ProgramData\sysqcl1129067056.dat
[2012.06.03 05:36:34 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2012.06.03 05:23:10 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2012.04.23 18:46:07 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2012.04.23 18:46:07 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2012.04.23 18:46:07 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2012.04.09 08:10:49 | 000,164,265 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.01.31 01:55:16 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{5F4576A9-1564-43D3-914D-CA58C34077D5}
[2012.01.23 16:08:58 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{529152BF-0786-4130-BD32-9A10C3B07BDF}
[2012.01.09 14:13:18 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{90EB7169-0EAE-4849-9A15-DA31C63470D7}
[2012.01.08 08:34:58 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{7327A8CA-D566-46A6-AE01-DB27B8D95032}
[2012.01.07 02:43:03 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{CEB597CB-F0C4-4683-85AF-FAF2E9CE4828}
[2012.01.06 09:47:10 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{CFFC551E-FBB3-4D65-AA29-99BE32F85DC9}
[2012.01.03 01:52:55 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{84E33C9E-10E7-4E96-9609-9C1108E3B2B4}
[2011.12.20 11:39:58 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{A6535F84-3155-4CC0-BD7F-705A6B66E08E}
[2011.12.19 14:47:35 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{FA7DBC69-E9B0-4A50-829A-72FFD7F82AEB}
[2011.11.30 07:40:08 | 000,070,656 | ---- | C] () -- C:\Windows\System32\tmbvcm32.dll
[2011.10.11 12:35:19 | 000,010,240 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.09.19 08:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2011.09.19 08:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2011.02.02 18:01:05 | 000,003,095 | ---- | C] () -- C:\Users\***\.ganttproject
[2011.01.22 16:34:42 | 000,284,160 | ---- | C] () -- C:\Windows\unin0407.exe
[2010.11.11 15:10:38 | 000,001,955 | ---- | C] () -- C:\Users\***\AppData\Roaming\SAS7_000.DAT
[2010.11.05 15:11:38 | 000,000,394 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini
[2010.11.04 21:44:58 | 000,138,056 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2010.10.23 15:53:19 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.09.11 12:30:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.12.03 22:24:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2012.09.29 14:29:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.terasology
[2012.10.19 07:54:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\1-abc
[2012.06.25 04:05:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus
[2012.03.30 20:02:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Advanced Combat Tracker
[2013.01.09 02:53:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AIMP
[2013.01.05 08:25:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AlawarEntertainment
[2012.01.07 07:58:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Antares Design
[2012.12.09 05:41:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Anvil-Soft
[2012.12.20 17:30:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Artifex Mundi
[2011.11.11 05:20:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2010.11.02 12:36:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Astroburn Lite
[2013.01.10 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity
[2012.11.16 02:15:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2012.11.02 19:58:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BANDISOFT
[2010.11.14 13:07:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Bioshock2
[2010.10.08 08:46:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2010.10.29 16:15:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2012.11.20 17:30:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\capy
[2012.07.13 13:59:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CocotronLibrary
[2012.09.14 22:31:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\convert
[2012.11.19 18:58:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Crayon Physics Deluxe
[2010.10.27 09:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\cYo
[2012.12.07 23:53:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.11.05 15:07:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner
[2012.12.02 22:43:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DesktopIconForAmazon
[2013.01.05 08:50:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DieselPuppet
[2013.01.07 18:47:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Doomsday
[2012.11.20 00:34:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations
[2012.09.26 01:04:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.02.23 20:45:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FOG Downloader
[2011.02.18 03:00:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeCommander
[2012.11.01 09:18:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFLVConverter
[2012.04.02 19:25:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GamesCafe
[2012.11.08 22:28:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GeoVid
[2010.11.02 12:32:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.01.04 00:13:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\go
[2011.02.02 18:01:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Greyfirst
[2012.11.07 12:39:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake
[2011.06.25 21:10:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hi-Rez Studios
[2012.05.25 00:38:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2012.07.03 05:33:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.02.06 19:53:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JAM Software
[2012.05.04 03:26:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kalypso Media
[2012.10.06 11:51:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KVIrc4
[2012.11.22 00:25:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lazy 8 Studios
[2012.12.20 17:22:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LeeGT-Games
[2012.03.04 18:23:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logia
[2012.10.01 18:36:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Machete Lite
[2012.11.06 00:31:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mkvtoolnix
[2012.11.04 17:24:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MPEG Streamclip
[2010.09.11 16:32:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World
[2013.01.06 20:08:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NevoSoft Games
[2010.11.11 14:32:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuance
[2013.01.01 20:25:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\onOne Software
[2011.11.28 18:19:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenCandy
[2010.11.16 13:39:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2012.09.22 02:36:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.12.16 12:30:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit
[2010.11.08 19:20:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy
[2010.10.25 10:54:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Papyrus Autor
[2012.11.05 19:19:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pegasys Inc
[2011.02.25 18:51:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\phonostar GmbH
[2010.12.06 01:39:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Poser Pro
[2010.09.11 15:08:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense
[2012.09.23 03:17:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProtectDISC
[2012.08.06 10:40:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2012.09.12 03:18:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ReelDealSlotQuest_Alice
[2012.06.01 05:54:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RIFT
[2012.11.09 07:59:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SkyGoblin
[2012.08.06 10:40:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2012.12.31 21:07:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SourceTec
[2011.02.02 17:54:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Spacejock Software
[2012.12.07 18:43:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sports Interactive
[2011.02.25 17:31:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\streamripper
[2011.06.05 19:05:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SYSTEMAX Software Development
[2012.06.03 05:56:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\systweak
[2011.10.11 13:16:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sytexis Software
[2010.11.06 22:11:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.09.29 13:58:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\temp
[2010.10.09 21:55:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tropico 3
[2012.11.08 15:42:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2012.08.25 11:04:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ts3overlay
[2011.02.01 07:54:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Utherverse
[2012.11.27 18:17:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZenBound2
[2011.02.13 22:57:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ZombieDriver
[2012.11.01 10:40:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\zombies
[2012.04.02 19:22:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zylom
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.09.16 12:20:29 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2013.01.10 15:25:07 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.09.07 13:22:54 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.11.08 00:20:33 | 000,000,000 | ---D | M] -- C:\Dos Games
[2012.11.08 21:55:06 | 000,000,000 | ---D | M] -- C:\Dosspiele
[2012.10.30 17:43:26 | 000,000,000 | ---D | M] -- C:\Fraps
[2012.05.18 16:43:58 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.01.10 12:44:41 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.10 14:18:51 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.09.07 13:22:54 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.09.07 13:22:54 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.07.13 15:10:10 | 000,000,000 | R--D | M] -- C:\Sandbox
[2013.01.10 15:24:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.09.16 17:57:05 | 000,000,000 | ---D | M] -- C:\temp
[2012.09.03 10:19:55 | 000,000,000 | R--D | M] -- C:\Users
[2013.01.10 15:18:34 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2009.07.14 05:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2011.06.13 05:02:19 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.06.13 05:02:20 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.09.14 21:19:55 | 000,001,072 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2373844148-831878903-2888449-1000Core.job
[2012.09.14 21:20:00 | 000,001,124 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2373844148-831878903-2888449-1000UA.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2011.02.02 18:01:07 | 000,003,095 | ---- | M] () -- C:\Users\***\.ganttproject
[2011.02.02 18:01:07 | 000,021,957 | ---- | M] () -- C:\Users\***\.ganttproject.log
[2012.10.06 11:43:10 | 000,000,116 | ---- | M] () -- C:\Users\***\kvirc4.ini
[2013.01.10 15:32:10 | 005,242,880 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2013.01.10 15:32:10 | 000,262,144 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG1
[2010.09.07 13:23:01 | 000,000,000 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG2
[2010.09.07 13:25:04 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.09.07 13:25:04 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.09.07 13:25:04 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010.09.07 13:23:01 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini
[2012.07.13 16:35:14 | 001,853,448 | ---- | M] () -- C:\Users\***\Seite 01.cl2arc
[2012.09.12 19:57:45 | 000,038,400 | -HS- | M] () -- C:\Users\***\Thumbs.db
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:5F91AB27

< End of report >
--- --- ---

markusg 10.01.2013 17:36
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O33 - MountPoints2\{01de29bc-b2dc-11e0-a4a1-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{01de29bc-b2dc-11e0-a4a1-0025223606c8}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{04dc5fb6-5e49-11e1-818a-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{04dc5fb6-5e49-11e1-818a-0025223606c8}\Shell\AutoRun\command - "" = G:\PzC-AfrikaKorps-SetupRelease-DE-v112.exe
O33 - MountPoints2\{0ff45385-da91-11df-a05d-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{0ff45385-da91-11df-a05d-0025223606c8}\Shell\AutoRun\command - "" = Z:\Setup.exe
O33 - MountPoints2\{0ff45389-da91-11df-a05d-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{0ff45389-da91-11df-a05d-0025223606c8}\Shell\AutoRun\command - "" = Z:\autorun.exe
O33 - MountPoints2\{1717fae8-d229-11df-a3da-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{1717fae8-d229-11df-a3da-0025223606c8}\Shell\AutoRun\command - "" = V:\Setup.exe
O33 - MountPoints2\{1717fbe8-d229-11df-a3da-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{1717fbe8-d229-11df-a3da-0025223606c8}\Shell\AutoRun\command - "" = V:\Setup.exe
O33 - MountPoints2\{1717fd5d-d229-11df-a3da-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{1717fd5d-d229-11df-a3da-0025223606c8}\Shell\AutoRun\command - "" = W:\autorun.exe -auto
O33 - MountPoints2\{1717fd70-d229-11df-a3da-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{1717fd70-d229-11df-a3da-0025223606c8}\Shell\AutoRun\command - "" = W:\Autorun.exe
O33 - MountPoints2\{1717fdd3-d229-11df-a3da-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{1717fdd3-d229-11df-a3da-0025223606c8}\Shell\AutoRun\command - "" = V:\AUTOSTARTER.EXE
O33 - MountPoints2\{1892ec14-0bf5-11e1-8526-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{1892ec14-0bf5-11e1-8526-0025223606c8}\Shell\AutoRun\command - "" = M:\SETUP.EXE
O33 - MountPoints2\{1892ec15-0bf5-11e1-8526-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{1892ec15-0bf5-11e1-8526-0025223606c8}\Shell\AutoRun\command - "" = M:\SETUP.EXE
O33 - MountPoints2\{1892ec16-0bf5-11e1-8526-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{1892ec16-0bf5-11e1-8526-0025223606c8}\Shell\AutoRun\command - "" = M:\SETUP.EXE
O33 - MountPoints2\{1b0aa9c3-d67d-11df-a831-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{1b0aa9c3-d67d-11df-a831-0025223606c8}\Shell\AutoRun\command - "" = X:\autorun.exe
O33 - MountPoints2\{1b0aab0b-d67d-11df-a831-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{1b0aab0b-d67d-11df-a831-0025223606c8}\Shell\AutoRun\command - "" = Y:\autorun.exe
O33 - MountPoints2\{26606a75-e73b-11df-a90e-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{26606a75-e73b-11df-a90e-0025223606c8}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{26c2ba8e-21ee-11e0-9d20-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{26c2ba8e-21ee-11e0-9d20-0025223606c8}\Shell\AutoRun\command - "" = G:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{26c2ba8e-21ee-11e0-9d20-0025223606c8}\Shell\dinstall\command - "" = G:\Directx\dxsetup.exe
O33 - MountPoints2\{26c2ba98-21ee-11e0-9d20-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{26c2ba98-21ee-11e0-9d20-0025223606c8}\Shell\AutoRun\command - "" = H:\autoplay.exe
O33 - MountPoints2\{26c2baa1-21ee-11e0-9d20-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{26c2baa1-21ee-11e0-9d20-0025223606c8}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{2f631f90-303b-11e0-a288-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{2f631f90-303b-11e0-a288-0025223606c8}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{2fe53a4e-eb60-11df-8d01-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{2fe53a4e-eb60-11df-8d01-0025223606c8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{343cc8f7-dc30-11df-a4a6-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{343cc8f7-dc30-11df-a4a6-0025223606c8}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{343db5d5-f080-11df-a045-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{343db5d5-f080-11df-a045-0025223606c8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{34863e66-2cca-11e0-8c80-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{34863e66-2cca-11e0-8c80-0025223606c8}\Shell\AutoRun\command - "" = J:\Setup.exe
O33 - MountPoints2\{34863f2d-2cca-11e0-8c80-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{34863f2d-2cca-11e0-8c80-0025223606c8}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{35ffec9e-ea78-11df-8853-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{35ffec9e-ea78-11df-8853-0025223606c8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{3710d18a-f344-11e1-b20f-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{3710d18a-f344-11e1-b20f-0025223606c8}\Shell\AutoRun\command - "" = K:\SETUP.EXE
O33 - MountPoints2\{3710d18b-f344-11e1-b20f-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{3710d18b-f344-11e1-b20f-0025223606c8}\Shell\AutoRun\command - "" = L:\CD_Start.exe
O33 - MountPoints2\{3710d18c-f344-11e1-b20f-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{3710d18c-f344-11e1-b20f-0025223606c8}\Shell\AutoRun\command - "" = K:\setup.exe
O33 - MountPoints2\{3aaaf57d-ed41-11df-822d-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{3aaaf57d-ed41-11df-822d-0025223606c8}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{43a494a1-a756-11e0-bc47-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{43a494a1-a756-11e0-bc47-0025223606c8}\Shell\AutoRun\command - "" = J:\DNF.exe
O33 - MountPoints2\{44582417-0906-11e1-a30b-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{44582417-0906-11e1-a30b-0025223606c8}\Shell\AutoRun\command - "" = K:\OriginInstaller.exe
O33 - MountPoints2\{4aac0b06-fee1-11e0-9fbe-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{4aac0b06-fee1-11e0-9fbe-0025223606c8}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{4d796292-a326-11e0-9da0-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{4d796292-a326-11e0-9da0-0025223606c8}\Shell\AutoRun\command - "" = I:\setup.exe
O33 - MountPoints2\{4d796298-a326-11e0-9da0-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{4d796298-a326-11e0-9da0-0025223606c8}\Shell\AutoRun\command - "" = J:\setup.exe
O33 - MountPoints2\{536a3de3-2603-11e0-a8b8-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{536a3de3-2603-11e0-a8b8-0025223606c8}\Shell\AutoRun\command - "" = H:\autoset.exe
O33 - MountPoints2\{536a3de7-2603-11e0-a8b8-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{536a3de7-2603-11e0-a8b8-0025223606c8}\Shell\AutoRun\command - "" = H:\Autorun.exe
O33 - MountPoints2\{536a3dfa-2603-11e0-a8b8-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{536a3dfa-2603-11e0-a8b8-0025223606c8}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{53c2b99a-562a-11e0-8504-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{53c2b99a-562a-11e0-8504-0025223606c8}\Shell\AutoRun\command - "" = I:\Autorun.exe
O33 - MountPoints2\{5764886d-30f8-11e0-8da0-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{5764886d-30f8-11e0-8da0-0025223606c8}\Shell\AutoRun\command - "" = G:\install.exe
O33 - MountPoints2\{5efd0b4b-e4d1-11df-a39d-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{5efd0b4b-e4d1-11df-a39d-0025223606c8}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{5efd0b57-e4d1-11df-a39d-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{5efd0b57-e4d1-11df-a39d-0025223606c8}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{5efd0bc4-e4d1-11df-a39d-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{5efd0bc4-e4d1-11df-a39d-0025223606c8}\Shell\AutoRun\command - "" = F:\METT-Program-Player.exe
O33 - MountPoints2\{5efd0be2-e4d1-11df-a39d-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{5efd0be2-e4d1-11df-a39d-0025223606c8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{65f5f12c-d751-11df-9fb8-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{65f5f12c-d751-11df-9fb8-0025223606c8}\Shell\AutoRun\command - "" = Y:\autorun.exe
O33 - MountPoints2\{65f5f13a-d751-11df-9fb8-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{65f5f13a-d751-11df-9fb8-0025223606c8}\Shell\AutoRun\command - "" = Z:\autorun.exe
O33 - MountPoints2\{6daf07c8-d14b-11df-9578-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{6daf07c8-d14b-11df-9578-0025223606c8}\Shell\AutoRun\command - "" = V:\Autorun.exe
O33 - MountPoints2\{74763719-ff9c-11e0-8a17-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{74763719-ff9c-11e0-8a17-0025223606c8}\Shell\AutoRun\command - "" = K:\Autorun.exe
O33 - MountPoints2\{784c994d-1509-11e1-a9b1-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{784c994d-1509-11e1-a9b1-0025223606c8}\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\{784c9954-1509-11e1-a9b1-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{784c9954-1509-11e1-a9b1-0025223606c8}\Shell\AutoRun\command - "" = K:\setup.exe
O33 - MountPoints2\{784c9957-1509-11e1-a9b1-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{784c9957-1509-11e1-a9b1-0025223606c8}\Shell\AutoRun\command - "" = L:\CD_Start.exe
O33 - MountPoints2\{784c995f-1509-11e1-a9b1-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{784c995f-1509-11e1-a9b1-0025223606c8}\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\{784c9961-1509-11e1-a9b1-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{784c9961-1509-11e1-a9b1-0025223606c8}\Shell\AutoRun\command - "" = K:\Setup.exe
O33 - MountPoints2\{7a5a959d-d496-11df-a13a-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{7a5a959d-d496-11df-a13a-0025223606c8}\Shell\AutoRun\command - "" = V:\FalloutLauncher.exe
O33 - MountPoints2\{7a5a95a4-d496-11df-a13a-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{7a5a95a4-d496-11df-a13a-0025223606c8}\Shell\AutoRun\command - "" = W:\FalloutLauncher.exe
O33 - MountPoints2\{7a5a95a8-d496-11df-a13a-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{7a5a95a8-d496-11df-a13a-0025223606c8}\Shell\AutoRun\command - "" = X:\DE_Fallout_3_DLC.EXE
O33 - MountPoints2\{7a5a95c5-d496-11df-a13a-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{7a5a95c5-d496-11df-a13a-0025223606c8}\Shell\AutoRun\command - "" = X:\AUTOSTARTER.EXE
O33 - MountPoints2\{80eb2a54-f573-11df-9f0f-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{80eb2a54-f573-11df-9f0f-0025223606c8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{898305f5-e8cf-11df-ac70-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{898305f5-e8cf-11df-ac70-0025223606c8}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{898305f5-e8cf-11df-ac70-0025223606c8}\Shell\directx\command - "" = G:\Support\DirectX\DXSETUP.exe
O33 - MountPoints2\{898305f5-e8cf-11df-ac70-0025223606c8}\Shell\install\command - "" = G:\setup.exe
O33 - MountPoints2\{89830608-e8cf-11df-ac70-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{89830608-e8cf-11df-ac70-0025223606c8}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{89830608-e8cf-11df-ac70-0025223606c8}\Shell\directx\command - "" = G:\Support\DirectX\DXSETUP.exe
O33 - MountPoints2\{89830608-e8cf-11df-ac70-0025223606c8}\Shell\install\command - "" = G:\setup.exe
O33 - MountPoints2\{89830643-e8cf-11df-ac70-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{89830643-e8cf-11df-ac70-0025223606c8}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{8a22f969-ba79-11df-8b69-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8a22f969-ba79-11df-8b69-806e6f6e6963}\Shell\AutoRun\command - "" = D:\0data\cbs.exe -- [2012.05.14 14:28:10 | 003,430,400 | R--- |
M] ()
O33 - MountPoints2\{8c6b16c0-31cd-11e0-b923-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8c6b16c0-31cd-11e0-b923-806e6f6e6963}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{900868d4-26d9-11e0-abf3-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{900868d4-26d9-11e0-abf3-0025223606c8}\Shell\AutoRun\command - "" = H:\Setup.exe
O33 - MountPoints2\{900868f6-26d9-11e0-abf3-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{900868f6-26d9-11e0-abf3-0025223606c8}\Shell\AutoRun\command - "" = I:\CoDMW2.exe
O33 - MountPoints2\{900868f9-26d9-11e0-abf3-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{900868f9-26d9-11e0-abf3-0025223606c8}\Shell\AutoRun\command - "" = 1
O33 - MountPoints2\{900868fd-26d9-11e0-abf3-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{900868fd-26d9-11e0-abf3-0025223606c8}\Shell\AutoRun\command - "" = 1
O33 - MountPoints2\{94fbcc79-cbba-11e0-88d9-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{94fbcc79-cbba-11e0-88d9-0025223606c8}\Shell\AutoRun\command - "" = J:\StartUp.exe
O33 - MountPoints2\{9fd86f97-98a2-11e0-b0ae-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{9fd86f97-98a2-11e0-b0ae-0025223606c8}\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\{a2c8e10c-ec46-11df-bf85-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{a2c8e10c-ec46-11df-bf85-0025223606c8}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{a7584c5e-22c8-11e0-9eaa-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{a7584c5e-22c8-11e0-9eaa-0025223606c8}\Shell\AutoRun\command - "" = H:\autoplay.exe
O33 - MountPoints2\{b1a752ff-2887-11e0-959e-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{b1a752ff-2887-11e0-959e-0025223606c8}\Shell\AutoRun\command - "" = J:\Setup.exe
O33 - MountPoints2\{b1a75307-2887-11e0-959e-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{b1a75307-2887-11e0-959e-0025223606c8}\Shell\AutoRun\command - "" = J:\Setup.exe
O33 - MountPoints2\{b99b43d5-d8e9-11df-b931-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{b99b43d5-d8e9-11df-b931-0025223606c8}\Shell\AutoRun\command - "" = Z:\Setup.exe
O33 - MountPoints2\{be6aaa49-f5a9-11df-b009-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{be6aaa49-f5a9-11df-b009-0025223606c8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{bf78c0ff-deb1-11df-a636-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{bf78c0ff-deb1-11df-a636-0025223606c8}\Shell\AutoRun\command - "" = F:\Autostart.exe
O33 - MountPoints2\{c0a93676-d895-11e0-b6b1-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{c0a93676-d895-11e0-b6b1-0025223606c8}\Shell\AutoRun\command - "" = J:\steambackup2.EXE
O33 - MountPoints2\{c44fbbcb-0c39-11e0-a490-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{c44fbbcb-0c39-11e0-a490-0025223606c8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{c44fbbcc-0c39-11e0-a490-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{c44fbbcc-0c39-11e0-a490-0025223606c8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{c49228af-279e-11e0-b7aa-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{c49228af-279e-11e0-b7aa-0025223606c8}\Shell\AutoRun\command - "" = J:\CD_Start.exe
O33 - MountPoints2\{cefebe40-080b-11e2-acfe-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cefebe40-080b-11e2-acfe-806e6f6e6963}\Shell\AutoRun\command - "" = H:\PanzerCorpsWehrmacht-SetupRelease-v103.exe
O33 - MountPoints2\{cf7431ba-e3d8-11df-aba6-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{cf7431ba-e3d8-11df-aba6-0025223606c8}\Shell\AutoRun\command - "" = F:\Support\AutoRun\AutoRun.exe
O33 - MountPoints2\{cf7431d9-e3d8-11df-aba6-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{cf7431d9-e3d8-11df-aba6-0025223606c8}\Shell\AutoRun\command - "" = F:\AUTOSTARTER.EXE
O33 - MountPoints2\{cf743207-e3d8-11df-aba6-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{cf743207-e3d8-11df-aba6-0025223606c8}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{d62d4c66-e131-11df-9b6d-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{d62d4c66-e131-11df-9b6d-0025223606c8}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{d990bcfe-1394-11e0-8096-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{d990bcfe-1394-11e0-8096-0025223606c8}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{deea389e-0070-11e0-9d93-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{deea389e-0070-11e0-9d93-0025223606c8}\Shell\AutoRun\command - "" = G:\StartHere.exe
O33 - MountPoints2\{e1287832-6295-11e1-9141-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{e1287832-6295-11e1-9141-0025223606c8}\Shell\AutoRun\command - "" = L:\SETUP.EXE
O33 - MountPoints2\{e6351052-2954-11e0-8dad-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{e6351052-2954-11e0-8dad-0025223606c8}\Shell\AutoRun\command - "" = J:\Autorun.exe
O33 - MountPoints2\{e6351053-2954-11e0-8dad-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{e6351053-2954-11e0-8dad-0025223606c8}\Shell\AutoRun\command - "" = J:\Autorun.exe
O33 - MountPoints2\{e6351054-2954-11e0-8dad-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{e6351054-2954-11e0-8dad-0025223606c8}\Shell\AutoRun\command - "" = J:\Autorun.exe
O33 - MountPoints2\{fd64aaec-e652-11df-a6a5-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{fd64aaec-e652-11df-a6a5-0025223606c8}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{fe1a5ef3-3b09-11e0-add5-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{fe1a5ef3-3b09-11e0-add5-0025223606c8}\Shell\AutoRun\command - "" = I:\Autorun.exe
O33 - MountPoints2\{fff1b05e-2db9-11e0-b238-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{fff1b05e-2db9-11e0-b238-0025223606c8}\Shell\AutoRun\command - "" = K:\autorun.exe -auto
O33 - MountPoints2\{fff1b060-2db9-11e0-b238-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{fff1b060-2db9-11e0-b238-0025223606c8}\Shell\AutoRun\command - "" = K:\autorun.exe -auto
O33 - MountPoints2\{fff1b061-2db9-11e0-b238-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{fff1b061-2db9-11e0-b238-0025223606c8}\Shell\AutoRun\command - "" = L:\autorun.exe -auto
O33 - MountPoints2\{fff1b068-2db9-11e0-b238-0025223606c8}\Shell - "" = AutoRun
O33 - MountPoints2\{fff1b068-2db9-11e0-b238-0025223606c8}\Shell\AutoRun\command - "" = L:\autorun.exe -auto
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKCU..\Run: [ASRockIES]  File not found
O4 - HKCU..\Run: [zASRockInstantBoot]  File not found
 :Files
:Commands
[EMPTYFLASH]
[emptytemp]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Welsper 10.01.2013 19:06
Ok danke erstmal. Also ich hab das jetzt so gemacht, daraufhin hat er mir alle Symbole vom Desktop gewischt und dann neu gestartet.

Ich poste jetzt gleich die Textdatei, aber ich wüßte schon gerne, was es für ein Problem gibt oder gab. - Man möchte ja informiert sein :lach:
Voe allem da ja Malware Bytes und die anderen nichts angezeigt haben. Wenn das also was größeres ist oder war dann würde mir das schon zu denen geben, denn das würde heißen, daß ich trotz all der Programme nicht ausreichend geschützt bin.

Nun gut hier dann mal die Textdatei:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01de29bc-b2dc-11e0-a4a1-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01de29bc-b2dc-11e0-a4a1-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01de29bc-b2dc-11e0-a4a1-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01de29bc-b2dc-11e0-a4a1-0025223606c8}\ not found.
File J:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04dc5fb6-5e49-11e1-818a-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04dc5fb6-5e49-11e1-818a-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{04dc5fb6-5e49-11e1-818a-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{04dc5fb6-5e49-11e1-818a-0025223606c8}\ not found.
File G:\PzC-AfrikaKorps-SetupRelease-DE-v112.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ff45385-da91-11df-a05d-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ff45385-da91-11df-a05d-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ff45385-da91-11df-a05d-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ff45385-da91-11df-a05d-0025223606c8}\ not found.
File Z:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ff45389-da91-11df-a05d-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ff45389-da91-11df-a05d-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ff45389-da91-11df-a05d-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ff45389-da91-11df-a05d-0025223606c8}\ not found.
File Z:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1717fae8-d229-11df-a3da-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1717fae8-d229-11df-a3da-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1717fae8-d229-11df-a3da-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1717fae8-d229-11df-a3da-0025223606c8}\ not found.
File V:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1717fbe8-d229-11df-a3da-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1717fbe8-d229-11df-a3da-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1717fbe8-d229-11df-a3da-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1717fbe8-d229-11df-a3da-0025223606c8}\ not found.
File V:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1717fd5d-d229-11df-a3da-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1717fd5d-d229-11df-a3da-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1717fd5d-d229-11df-a3da-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1717fd5d-d229-11df-a3da-0025223606c8}\ not found.
File W:\autorun.exe -auto not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1717fd70-d229-11df-a3da-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1717fd70-d229-11df-a3da-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1717fd70-d229-11df-a3da-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1717fd70-d229-11df-a3da-0025223606c8}\ not found.
File W:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1717fdd3-d229-11df-a3da-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1717fdd3-d229-11df-a3da-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1717fdd3-d229-11df-a3da-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1717fdd3-d229-11df-a3da-0025223606c8}\ not found.
File V:\AUTOSTARTER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1892ec14-0bf5-11e1-8526-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1892ec14-0bf5-11e1-8526-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1892ec14-0bf5-11e1-8526-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1892ec14-0bf5-11e1-8526-0025223606c8}\ not found.
File M:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1892ec15-0bf5-11e1-8526-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1892ec15-0bf5-11e1-8526-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1892ec15-0bf5-11e1-8526-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1892ec15-0bf5-11e1-8526-0025223606c8}\ not found.
File M:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1892ec16-0bf5-11e1-8526-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1892ec16-0bf5-11e1-8526-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1892ec16-0bf5-11e1-8526-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1892ec16-0bf5-11e1-8526-0025223606c8}\ not found.
File M:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b0aa9c3-d67d-11df-a831-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b0aa9c3-d67d-11df-a831-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b0aa9c3-d67d-11df-a831-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b0aa9c3-d67d-11df-a831-0025223606c8}\ not found.
File X:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b0aab0b-d67d-11df-a831-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b0aab0b-d67d-11df-a831-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b0aab0b-d67d-11df-a831-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b0aab0b-d67d-11df-a831-0025223606c8}\ not found.
File Y:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26606a75-e73b-11df-a90e-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26606a75-e73b-11df-a90e-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26606a75-e73b-11df-a90e-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26606a75-e73b-11df-a90e-0025223606c8}\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26c2ba8e-21ee-11e0-9d20-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26c2ba8e-21ee-11e0-9d20-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26c2ba8e-21ee-11e0-9d20-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26c2ba8e-21ee-11e0-9d20-0025223606c8}\ not found.
File G:\setup\rsrc\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26c2ba8e-21ee-11e0-9d20-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26c2ba8e-21ee-11e0-9d20-0025223606c8}\ not found.
File G:\Directx\dxsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26c2ba98-21ee-11e0-9d20-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26c2ba98-21ee-11e0-9d20-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26c2ba98-21ee-11e0-9d20-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26c2ba98-21ee-11e0-9d20-0025223606c8}\ not found.
File H:\autoplay.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26c2baa1-21ee-11e0-9d20-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26c2baa1-21ee-11e0-9d20-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26c2baa1-21ee-11e0-9d20-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26c2baa1-21ee-11e0-9d20-0025223606c8}\ not found.
File H:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f631f90-303b-11e0-a288-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f631f90-303b-11e0-a288-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f631f90-303b-11e0-a288-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f631f90-303b-11e0-a288-0025223606c8}\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fe53a4e-eb60-11df-8d01-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fe53a4e-eb60-11df-8d01-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fe53a4e-eb60-11df-8d01-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fe53a4e-eb60-11df-8d01-0025223606c8}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{343cc8f7-dc30-11df-a4a6-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{343cc8f7-dc30-11df-a4a6-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{343cc8f7-dc30-11df-a4a6-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{343cc8f7-dc30-11df-a4a6-0025223606c8}\ not found.
File F:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{343db5d5-f080-11df-a045-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{343db5d5-f080-11df-a045-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{343db5d5-f080-11df-a045-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{343db5d5-f080-11df-a045-0025223606c8}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34863e66-2cca-11e0-8c80-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34863e66-2cca-11e0-8c80-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34863e66-2cca-11e0-8c80-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34863e66-2cca-11e0-8c80-0025223606c8}\ not found.
File J:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34863f2d-2cca-11e0-8c80-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34863f2d-2cca-11e0-8c80-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34863f2d-2cca-11e0-8c80-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34863f2d-2cca-11e0-8c80-0025223606c8}\ not found.
File K:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35ffec9e-ea78-11df-8853-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35ffec9e-ea78-11df-8853-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35ffec9e-ea78-11df-8853-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35ffec9e-ea78-11df-8853-0025223606c8}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3710d18a-f344-11e1-b20f-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3710d18a-f344-11e1-b20f-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3710d18a-f344-11e1-b20f-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3710d18a-f344-11e1-b20f-0025223606c8}\ not found.
File K:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3710d18b-f344-11e1-b20f-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3710d18b-f344-11e1-b20f-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3710d18b-f344-11e1-b20f-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3710d18b-f344-11e1-b20f-0025223606c8}\ not found.
File L:\CD_Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3710d18c-f344-11e1-b20f-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3710d18c-f344-11e1-b20f-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3710d18c-f344-11e1-b20f-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3710d18c-f344-11e1-b20f-0025223606c8}\ not found.
File K:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3aaaf57d-ed41-11df-822d-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3aaaf57d-ed41-11df-822d-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3aaaf57d-ed41-11df-822d-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3aaaf57d-ed41-11df-822d-0025223606c8}\ not found.
File G:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43a494a1-a756-11e0-bc47-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43a494a1-a756-11e0-bc47-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43a494a1-a756-11e0-bc47-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43a494a1-a756-11e0-bc47-0025223606c8}\ not found.
File J:\DNF.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44582417-0906-11e1-a30b-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44582417-0906-11e1-a30b-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44582417-0906-11e1-a30b-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44582417-0906-11e1-a30b-0025223606c8}\ not found.
File K:\OriginInstaller.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4aac0b06-fee1-11e0-9fbe-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4aac0b06-fee1-11e0-9fbe-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4aac0b06-fee1-11e0-9fbe-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4aac0b06-fee1-11e0-9fbe-0025223606c8}\ not found.
File K:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d796292-a326-11e0-9da0-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d796292-a326-11e0-9da0-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d796292-a326-11e0-9da0-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d796292-a326-11e0-9da0-0025223606c8}\ not found.
File I:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d796298-a326-11e0-9da0-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d796298-a326-11e0-9da0-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d796298-a326-11e0-9da0-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d796298-a326-11e0-9da0-0025223606c8}\ not found.
File J:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{536a3de3-2603-11e0-a8b8-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{536a3de3-2603-11e0-a8b8-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{536a3de3-2603-11e0-a8b8-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{536a3de3-2603-11e0-a8b8-0025223606c8}\ not found.
File H:\autoset.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{536a3de7-2603-11e0-a8b8-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{536a3de7-2603-11e0-a8b8-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{536a3de7-2603-11e0-a8b8-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{536a3de7-2603-11e0-a8b8-0025223606c8}\ not found.
File H:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{536a3dfa-2603-11e0-a8b8-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{536a3dfa-2603-11e0-a8b8-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{536a3dfa-2603-11e0-a8b8-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{536a3dfa-2603-11e0-a8b8-0025223606c8}\ not found.
File H:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53c2b99a-562a-11e0-8504-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53c2b99a-562a-11e0-8504-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53c2b99a-562a-11e0-8504-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53c2b99a-562a-11e0-8504-0025223606c8}\ not found.
File I:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5764886d-30f8-11e0-8da0-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5764886d-30f8-11e0-8da0-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5764886d-30f8-11e0-8da0-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5764886d-30f8-11e0-8da0-0025223606c8}\ not found.
File G:\install.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5efd0b4b-e4d1-11df-a39d-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5efd0b4b-e4d1-11df-a39d-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5efd0b4b-e4d1-11df-a39d-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5efd0b4b-e4d1-11df-a39d-0025223606c8}\ not found.
File F:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5efd0b57-e4d1-11df-a39d-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5efd0b57-e4d1-11df-a39d-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5efd0b57-e4d1-11df-a39d-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5efd0b57-e4d1-11df-a39d-0025223606c8}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5efd0bc4-e4d1-11df-a39d-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5efd0bc4-e4d1-11df-a39d-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5efd0bc4-e4d1-11df-a39d-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5efd0bc4-e4d1-11df-a39d-0025223606c8}\ not found.
File F:\METT-Program-Player.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5efd0be2-e4d1-11df-a39d-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5efd0be2-e4d1-11df-a39d-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5efd0be2-e4d1-11df-a39d-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5efd0be2-e4d1-11df-a39d-0025223606c8}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f5f12c-d751-11df-9fb8-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65f5f12c-d751-11df-9fb8-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f5f12c-d751-11df-9fb8-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65f5f12c-d751-11df-9fb8-0025223606c8}\ not found.
File Y:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f5f13a-d751-11df-9fb8-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65f5f13a-d751-11df-9fb8-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{65f5f13a-d751-11df-9fb8-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65f5f13a-d751-11df-9fb8-0025223606c8}\ not found.
File Z:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6daf07c8-d14b-11df-9578-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6daf07c8-d14b-11df-9578-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6daf07c8-d14b-11df-9578-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6daf07c8-d14b-11df-9578-0025223606c8}\ not found.
File V:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74763719-ff9c-11e0-8a17-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74763719-ff9c-11e0-8a17-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74763719-ff9c-11e0-8a17-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74763719-ff9c-11e0-8a17-0025223606c8}\ not found.
File K:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{784c994d-1509-11e1-a9b1-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{784c994d-1509-11e1-a9b1-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{784c994d-1509-11e1-a9b1-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{784c994d-1509-11e1-a9b1-0025223606c8}\ not found.
File I:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{784c9954-1509-11e1-a9b1-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{784c9954-1509-11e1-a9b1-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{784c9954-1509-11e1-a9b1-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{784c9954-1509-11e1-a9b1-0025223606c8}\ not found.
File K:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{784c9957-1509-11e1-a9b1-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{784c9957-1509-11e1-a9b1-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{784c9957-1509-11e1-a9b1-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{784c9957-1509-11e1-a9b1-0025223606c8}\ not found.
File L:\CD_Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{784c995f-1509-11e1-a9b1-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{784c995f-1509-11e1-a9b1-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{784c995f-1509-11e1-a9b1-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{784c995f-1509-11e1-a9b1-0025223606c8}\ not found.
File K:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{784c9961-1509-11e1-a9b1-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{784c9961-1509-11e1-a9b1-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{784c9961-1509-11e1-a9b1-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{784c9961-1509-11e1-a9b1-0025223606c8}\ not found.
File K:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a5a959d-d496-11df-a13a-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a5a959d-d496-11df-a13a-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a5a959d-d496-11df-a13a-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a5a959d-d496-11df-a13a-0025223606c8}\ not found.
File V:\FalloutLauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a5a95a4-d496-11df-a13a-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a5a95a4-d496-11df-a13a-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a5a95a4-d496-11df-a13a-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a5a95a4-d496-11df-a13a-0025223606c8}\ not found.
File W:\FalloutLauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a5a95a8-d496-11df-a13a-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a5a95a8-d496-11df-a13a-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a5a95a8-d496-11df-a13a-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a5a95a8-d496-11df-a13a-0025223606c8}\ not found.
File X:\DE_Fallout_3_DLC.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a5a95c5-d496-11df-a13a-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a5a95c5-d496-11df-a13a-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a5a95c5-d496-11df-a13a-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a5a95c5-d496-11df-a13a-0025223606c8}\ not found.
File X:\AUTOSTARTER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80eb2a54-f573-11df-9f0f-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80eb2a54-f573-11df-9f0f-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80eb2a54-f573-11df-9f0f-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80eb2a54-f573-11df-9f0f-0025223606c8}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{898305f5-e8cf-11df-ac70-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898305f5-e8cf-11df-ac70-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{898305f5-e8cf-11df-ac70-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898305f5-e8cf-11df-ac70-0025223606c8}\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{898305f5-e8cf-11df-ac70-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898305f5-e8cf-11df-ac70-0025223606c8}\ not found.
File G:\Support\DirectX\DXSETUP.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{898305f5-e8cf-11df-ac70-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898305f5-e8cf-11df-ac70-0025223606c8}\ not found.
File G:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89830608-e8cf-11df-ac70-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89830608-e8cf-11df-ac70-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89830608-e8cf-11df-ac70-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89830608-e8cf-11df-ac70-0025223606c8}\ not found.
File G:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89830608-e8cf-11df-ac70-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89830608-e8cf-11df-ac70-0025223606c8}\ not found.
File G:\Support\DirectX\DXSETUP.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89830608-e8cf-11df-ac70-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89830608-e8cf-11df-ac70-0025223606c8}\ not found.
File G:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89830643-e8cf-11df-ac70-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89830643-e8cf-11df-ac70-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89830643-e8cf-11df-ac70-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89830643-e8cf-11df-ac70-0025223606c8}\ not found.
File G:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a22f969-ba79-11df-8b69-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a22f969-ba79-11df-8b69-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a22f969-ba79-11df-8b69-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8a22f969-ba79-11df-8b69-806e6f6e6963}\ not found.
File move failed. D:\0data\cbs.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c6b16c0-31cd-11e0-b923-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c6b16c0-31cd-11e0-b923-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c6b16c0-31cd-11e0-b923-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c6b16c0-31cd-11e0-b923-806e6f6e6963}\ not found.
File H:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{900868d4-26d9-11e0-abf3-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{900868d4-26d9-11e0-abf3-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{900868d4-26d9-11e0-abf3-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{900868d4-26d9-11e0-abf3-0025223606c8}\ not found.
File H:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{900868f6-26d9-11e0-abf3-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{900868f6-26d9-11e0-abf3-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{900868f6-26d9-11e0-abf3-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{900868f6-26d9-11e0-abf3-0025223606c8}\ not found.
File I:\CoDMW2.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{900868f9-26d9-11e0-abf3-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{900868f9-26d9-11e0-abf3-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{900868f9-26d9-11e0-abf3-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{900868f9-26d9-11e0-abf3-0025223606c8}\ not found.
File 1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{900868fd-26d9-11e0-abf3-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{900868fd-26d9-11e0-abf3-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{900868fd-26d9-11e0-abf3-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{900868fd-26d9-11e0-abf3-0025223606c8}\ not found.
File 1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94fbcc79-cbba-11e0-88d9-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94fbcc79-cbba-11e0-88d9-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94fbcc79-cbba-11e0-88d9-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94fbcc79-cbba-11e0-88d9-0025223606c8}\ not found.
File J:\StartUp.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fd86f97-98a2-11e0-b0ae-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9fd86f97-98a2-11e0-b0ae-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9fd86f97-98a2-11e0-b0ae-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9fd86f97-98a2-11e0-b0ae-0025223606c8}\ not found.
File I:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2c8e10c-ec46-11df-bf85-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2c8e10c-ec46-11df-bf85-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a2c8e10c-ec46-11df-bf85-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2c8e10c-ec46-11df-bf85-0025223606c8}\ not found.
File G:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7584c5e-22c8-11e0-9eaa-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7584c5e-22c8-11e0-9eaa-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a7584c5e-22c8-11e0-9eaa-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a7584c5e-22c8-11e0-9eaa-0025223606c8}\ not found.
File H:\autoplay.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a752ff-2887-11e0-959e-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1a752ff-2887-11e0-959e-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a752ff-2887-11e0-959e-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1a752ff-2887-11e0-959e-0025223606c8}\ not found.
File J:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a75307-2887-11e0-959e-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1a75307-2887-11e0-959e-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a75307-2887-11e0-959e-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1a75307-2887-11e0-959e-0025223606c8}\ not found.
File J:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b99b43d5-d8e9-11df-b931-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b99b43d5-d8e9-11df-b931-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b99b43d5-d8e9-11df-b931-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b99b43d5-d8e9-11df-b931-0025223606c8}\ not found.
File Z:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be6aaa49-f5a9-11df-b009-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be6aaa49-f5a9-11df-b009-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be6aaa49-f5a9-11df-b009-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be6aaa49-f5a9-11df-b009-0025223606c8}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf78c0ff-deb1-11df-a636-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf78c0ff-deb1-11df-a636-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf78c0ff-deb1-11df-a636-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf78c0ff-deb1-11df-a636-0025223606c8}\ not found.
File F:\Autostart.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0a93676-d895-11e0-b6b1-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0a93676-d895-11e0-b6b1-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0a93676-d895-11e0-b6b1-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0a93676-d895-11e0-b6b1-0025223606c8}\ not found.
File J:\steambackup2.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c44fbbcb-0c39-11e0-a490-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c44fbbcb-0c39-11e0-a490-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c44fbbcb-0c39-11e0-a490-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c44fbbcb-0c39-11e0-a490-0025223606c8}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c44fbbcc-0c39-11e0-a490-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c44fbbcc-0c39-11e0-a490-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c44fbbcc-0c39-11e0-a490-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c44fbbcc-0c39-11e0-a490-0025223606c8}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c49228af-279e-11e0-b7aa-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c49228af-279e-11e0-b7aa-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c49228af-279e-11e0-b7aa-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c49228af-279e-11e0-b7aa-0025223606c8}\ not found.
File J:\CD_Start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cefebe40-080b-11e2-acfe-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cefebe40-080b-11e2-acfe-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cefebe40-080b-11e2-acfe-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cefebe40-080b-11e2-acfe-806e6f6e6963}\ not found.
File H:\PanzerCorpsWehrmacht-SetupRelease-v103.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf7431ba-e3d8-11df-aba6-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf7431ba-e3d8-11df-aba6-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf7431ba-e3d8-11df-aba6-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf7431ba-e3d8-11df-aba6-0025223606c8}\ not found.
File F:\Support\AutoRun\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf7431d9-e3d8-11df-aba6-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf7431d9-e3d8-11df-aba6-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf7431d9-e3d8-11df-aba6-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf7431d9-e3d8-11df-aba6-0025223606c8}\ not found.
File F:\AUTOSTARTER.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf743207-e3d8-11df-aba6-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf743207-e3d8-11df-aba6-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cf743207-e3d8-11df-aba6-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cf743207-e3d8-11df-aba6-0025223606c8}\ not found.
File F:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d62d4c66-e131-11df-9b6d-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d62d4c66-e131-11df-9b6d-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d62d4c66-e131-11df-9b6d-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d62d4c66-e131-11df-9b6d-0025223606c8}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d990bcfe-1394-11e0-8096-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d990bcfe-1394-11e0-8096-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d990bcfe-1394-11e0-8096-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d990bcfe-1394-11e0-8096-0025223606c8}\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{deea389e-0070-11e0-9d93-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{deea389e-0070-11e0-9d93-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{deea389e-0070-11e0-9d93-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{deea389e-0070-11e0-9d93-0025223606c8}\ not found.
File G:\StartHere.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1287832-6295-11e1-9141-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1287832-6295-11e1-9141-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e1287832-6295-11e1-9141-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e1287832-6295-11e1-9141-0025223606c8}\ not found.
File L:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6351052-2954-11e0-8dad-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6351052-2954-11e0-8dad-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6351052-2954-11e0-8dad-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6351052-2954-11e0-8dad-0025223606c8}\ not found.
File J:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6351053-2954-11e0-8dad-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6351053-2954-11e0-8dad-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6351053-2954-11e0-8dad-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6351053-2954-11e0-8dad-0025223606c8}\ not found.
File J:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6351054-2954-11e0-8dad-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6351054-2954-11e0-8dad-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6351054-2954-11e0-8dad-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6351054-2954-11e0-8dad-0025223606c8}\ not found.
File J:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd64aaec-e652-11df-a6a5-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd64aaec-e652-11df-a6a5-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd64aaec-e652-11df-a6a5-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd64aaec-e652-11df-a6a5-0025223606c8}\ not found.
File G:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe1a5ef3-3b09-11e0-add5-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe1a5ef3-3b09-11e0-add5-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe1a5ef3-3b09-11e0-add5-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fe1a5ef3-3b09-11e0-add5-0025223606c8}\ not found.
File I:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fff1b05e-2db9-11e0-b238-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fff1b05e-2db9-11e0-b238-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fff1b05e-2db9-11e0-b238-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fff1b05e-2db9-11e0-b238-0025223606c8}\ not found.
File K:\autorun.exe -auto not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fff1b060-2db9-11e0-b238-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fff1b060-2db9-11e0-b238-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fff1b060-2db9-11e0-b238-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fff1b060-2db9-11e0-b238-0025223606c8}\ not found.
File K:\autorun.exe -auto not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fff1b061-2db9-11e0-b238-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fff1b061-2db9-11e0-b238-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fff1b061-2db9-11e0-b238-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fff1b061-2db9-11e0-b238-0025223606c8}\ not found.
File L:\autorun.exe -auto not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fff1b068-2db9-11e0-b238-0025223606c8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fff1b068-2db9-11e0-b238-0025223606c8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fff1b068-2db9-11e0-b238-0025223606c8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fff1b068-2db9-11e0-b238-0025223606c8}\ not found.
File L:\autorun.exe -auto not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockIES deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\zASRockInstantBoot deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56466 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: ***
->Flash cache emptied: 81281 bytes

User: Public

User: Spiele

User: UpdatusUser
->Flash cache emptied: 41620 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ***
->Temp folder emptied: 132934397 bytes
->Temporary Internet Files folder emptied: 4173786 bytes
->Java cache emptied: 30344373 bytes
->FireFox cache emptied: 445438927 bytes
->Google Chrome cache emptied: 6240368 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Spiele

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1869672 bytes
%systemroot%\System32 .tmp files removed: 3238240 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 91081917 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 682,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01102013_185726

Files\Folders moved on Reboot...
File move failed. D:\0data\cbs.exe scheduled to be moved on reboot.
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

markusg 10.01.2013 19:08
Hi
ist ja auch quatsch, sich viele sicherheitsprogramme zu instalieren, bei ner vernünftigen Konfig reicht 1 aus.
bisher siehts nach Adware aus.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

Welsper 10.01.2013 19:19
Ok, also ich habe das jetzt genau so gemacht.
Allerdings hieß die Option bei mir " Verify file digital signatures " anstatt Driver.

So hier das Log:

19:12:22.0936 1352 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:12:23.0186 1352 ============================================================
19:12:23.0186 1352 Current date / time: 2013/01/10 19:12:23.0186
19:12:23.0186 1352 SystemInfo:
19:12:23.0186 1352
19:12:23.0186 1352 OS Version: 6.1.7601 ServicePack: 1.0
19:12:23.0186 1352 Product type: Workstation
19:12:23.0186 1352 ComputerName: ***-PC
19:12:23.0186 1352 UserName: ***
19:12:23.0186 1352 Windows directory: C:\Windows
19:12:23.0186 1352 System windows directory: C:\Windows
19:12:23.0186 1352 Processor architecture: Intel x86
19:12:23.0186 1352 Number of processors: 4
19:12:23.0186 1352 Page size: 0x1000
19:12:23.0186 1352 Boot type: Normal boot
19:12:23.0186 1352 ============================================================
19:12:24.0657 1352 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0x38080, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000050
19:12:24.0657 1352 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C0F00000 (1863.01 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:12:25.0047 1352 ============================================================
19:12:25.0047 1352 \Device\Harddisk0\DR0:
19:12:25.0141 1352 MBR partitions:
19:12:25.0141 1352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:12:25.0141 1352 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31D800
19:12:25.0141 1352 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x2E035000
19:12:25.0141 1352 \Device\Harddisk1\DR1:
19:12:25.0141 1352 MBR partitions:
19:12:25.0141 1352 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07000
19:12:25.0141 1352 ============================================================
19:12:25.0219 1352 C: <-> \Device\Harddisk0\DR0\Partition2
19:12:25.0313 1352 E: <-> \Device\Harddisk0\DR0\Partition3
19:12:25.0360 1352 F: <-> \Device\Harddisk1\DR1\Partition1
19:12:25.0360 1352 ============================================================
19:12:25.0360 1352 Initialize success
19:12:25.0360 1352 ============================================================
19:13:43.0149 2908 ============================================================
19:13:43.0149 2908 Scan started
19:13:43.0149 2908 Mode: Manual; SigCheck; TDLFS;
19:13:43.0149 2908 ============================================================
19:13:44.0104 2908 ================ Scan system memory ========================
19:13:44.0104 2908 System memory - ok
19:13:44.0104 2908 ================ Scan services =============================
19:13:44.0229 2908 1394hub - ok
19:13:44.0260 2908 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:13:44.0338 2908 1394ohci - ok
19:13:44.0401 2908 [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11 C:\Windows\system32\drivers\acedrv11.sys
19:13:44.0416 2908 acedrv11 - ok
19:13:44.0448 2908 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:13:44.0463 2908 ACPI - ok
19:13:44.0495 2908 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:13:44.0510 2908 AcpiPmi - ok
19:13:44.0526 2908 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:13:44.0541 2908 adp94xx - ok
19:13:44.0557 2908 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:13:44.0573 2908 adpahci - ok
19:13:44.0588 2908 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:13:44.0588 2908 adpu320 - ok
19:13:44.0620 2908 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:13:44.0651 2908 AeLookupSvc - ok
19:13:44.0713 2908 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
19:13:44.0729 2908 AFD - ok
19:13:44.0760 2908 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
19:13:44.0760 2908 agp440 - ok
19:13:44.0776 2908 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
19:13:44.0776 2908 aic78xx - ok
19:13:44.0839 2908 [ C3E7AC2EB8B1BAA98BC4E5DBCF934964 ] aksfridge C:\Windows\system32\drivers\aksfridge.sys
19:13:44.0855 2908 aksfridge - ok
19:13:44.0886 2908 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
19:13:44.0902 2908 ALG - ok
19:13:44.0933 2908 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
19:13:44.0933 2908 aliide - ok
19:13:44.0996 2908 ALSysIO - ok
19:13:45.0027 2908 [ 6F7E2797E9E61A8541FAC7C0AE04186A ] AMBFilt C:\Windows\system32\drivers\AMBFilt.sys
19:13:45.0042 2908 Suspicious file (Forged): C:\Windows\system32\drivers\AMBFilt.sys. Real md5: 6F7E2797E9E61A8541FAC7C0AE04186A, Fake md5: 51D8841FB826C4450B36350882EF8F4F
19:13:45.0042 2908 AMBFilt ( ForgedFile.Multi.Generic ) - warning
19:13:45.0042 2908 AMBFilt - detected ForgedFile.Multi.Generic (1)
19:13:45.0074 2908 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:13:45.0074 2908 amdagp - ok
19:13:45.0089 2908 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
19:13:45.0105 2908 amdide - ok
19:13:45.0136 2908 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:13:45.0152 2908 AmdK8 - ok
19:13:45.0199 2908 [ AD8FA28D8ED0D0A689A0559085CE0F18 ] AmdLLD C:\Windows\system32\DRIVERS\AmdLLD.sys
19:13:45.0199 2908 AmdLLD - ok
19:13:45.0230 2908 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:13:45.0246 2908 AmdPPM - ok
19:13:45.0292 2908 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:13:45.0292 2908 amdsata - ok
19:13:45.0308 2908 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:13:45.0324 2908 amdsbs - ok
19:13:45.0339 2908 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:13:45.0355 2908 amdxata - ok
19:13:45.0386 2908 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
19:13:45.0417 2908 AppID - ok
19:13:45.0433 2908 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:13:45.0449 2908 AppIDSvc - ok
19:13:45.0480 2908 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
19:13:45.0496 2908 Appinfo - ok
19:13:45.0574 2908 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:13:45.0589 2908 Apple Mobile Device - ok
19:13:45.0605 2908 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
19:13:45.0621 2908 arc - ok
19:13:45.0636 2908 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:13:45.0636 2908 arcsas - ok
19:13:45.0730 2908 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:13:45.0746 2908 aspnet_state - ok
19:13:45.0761 2908 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:13:45.0792 2908 AsyncMac - ok
19:13:45.0825 2908 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
19:13:45.0825 2908 atapi - ok
19:13:45.0856 2908 [ B73C832088DD54B55E04FF6F9646AD8C ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
19:13:45.0856 2908 AtiPcie - ok
19:13:45.0887 2908 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
19:13:45.0903 2908 atksgt - ok
19:13:45.0934 2908 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:13:45.0965 2908 AudioEndpointBuilder - ok
19:13:45.0965 2908 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:13:45.0997 2908 Audiosrv - ok
19:13:46.0028 2908 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:13:46.0059 2908 AxInstSV - ok
19:13:46.0075 2908 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
19:13:46.0090 2908 b06bdrv - ok
19:13:46.0106 2908 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:13:46.0122 2908 b57nd60x - ok
19:13:46.0122 2908 [ 40D011F2B2E737E51AE8D2172664C095 ] BazisVirtualCDBus C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
19:13:46.0137 2908 BazisVirtualCDBus - ok
19:13:46.0168 2908 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
19:13:46.0200 2908 BDESVC - ok
19:13:46.0215 2908 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
19:13:46.0247 2908 Beep - ok
19:13:46.0278 2908 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
19:13:46.0325 2908 BFE - ok
19:13:46.0512 2908 [ 9DFFCB249663AA3C2ECB67202280054E ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130107.001\BHDrvx86.sys
19:13:46.0528 2908 BHDrvx86 - ok
19:13:46.0575 2908 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
19:13:46.0606 2908 BITS - ok
19:13:46.0606 2908 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:13:46.0622 2908 blbdrive - ok
19:13:46.0653 2908 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:13:46.0653 2908 bowser - ok
19:13:46.0668 2908 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:13:46.0684 2908 BrFiltLo - ok
19:13:46.0700 2908 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:13:46.0731 2908 BrFiltUp - ok
19:13:46.0762 2908 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
19:13:46.0778 2908 Browser - ok
19:13:46.0793 2908 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:13:46.0809 2908 Brserid - ok
19:13:46.0826 2908 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:13:46.0857 2908 BrSerWdm - ok
19:13:46.0857 2908 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:13:46.0873 2908 BrUsbMdm - ok
19:13:46.0888 2908 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:13:46.0888 2908 BrUsbSer - ok
19:13:46.0904 2908 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:13:46.0919 2908 BTHMODEM - ok
19:13:46.0966 2908 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
19:13:46.0982 2908 bthserv - ok
19:13:47.0076 2908 [ 1277AD8F053CC60C17CAFAB411F3CF40 ] ccSet_NIS C:\Windows\system32\drivers\NIS\1402000.013\ccSetx86.sys
19:13:47.0076 2908 ccSet_NIS - ok
19:13:47.0091 2908 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:13:47.0123 2908 cdfs - ok
19:13:47.0154 2908 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:13:47.0169 2908 cdrom - ok
19:13:47.0201 2908 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
19:13:47.0232 2908 CertPropSvc - ok
19:13:47.0248 2908 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:13:47.0263 2908 circlass - ok
19:13:47.0279 2908 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
19:13:47.0294 2908 CLFS - ok
19:13:47.0341 2908 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:13:47.0357 2908 clr_optimization_v2.0.50727_32 - ok
19:13:47.0404 2908 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:13:47.0419 2908 clr_optimization_v4.0.30319_32 - ok
19:13:47.0419 2908 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:13:47.0435 2908 CmBatt - ok
19:13:47.0451 2908 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:13:47.0466 2908 cmdide - ok
19:13:47.0498 2908 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
19:13:47.0513 2908 CNG - ok
19:13:47.0529 2908 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:13:47.0529 2908 Compbatt - ok
19:13:47.0576 2908 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:13:47.0591 2908 CompositeBus - ok
19:13:47.0607 2908 COMSysApp - ok
19:13:47.0623 2908 cpuz130 - ok
19:13:47.0638 2908 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:13:47.0654 2908 crcdisk - ok
19:13:47.0701 2908 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:13:47.0716 2908 CryptSvc - ok
19:13:47.0748 2908 [ D491F164E6D5EBACBB73E0F85D47E9D9 ] CTL511Plus C:\Windows\system32\DRIVERS\webc3vid.sys
19:13:47.0779 2908 CTL511Plus - ok
19:13:47.0810 2908 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
19:13:47.0842 2908 DcomLaunch - ok
19:13:47.0858 2908 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
19:13:47.0921 2908 defragsvc - ok
19:13:47.0953 2908 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:13:47.0968 2908 DfsC - ok
19:13:48.0015 2908 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
19:13:48.0046 2908 Dhcp - ok
19:13:48.0062 2908 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
19:13:48.0093 2908 discache - ok
19:13:48.0109 2908 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:13:48.0125 2908 Disk - ok
19:13:48.0140 2908 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:13:48.0171 2908 Dnscache - ok
19:13:48.0203 2908 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
19:13:48.0218 2908 dot3svc - ok
19:13:48.0250 2908 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
19:13:48.0281 2908 DPS - ok
19:13:48.0312 2908 [ 5F6B9858815DA69146A0249D4E83C8FD ] DragonSvc C:\Program Files\Common Files\Nuance\dgnsvc.exe
19:13:48.0328 2908 DragonSvc - ok
19:13:48.0359 2908 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:13:48.0375 2908 drmkaud - ok
19:13:48.0406 2908 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:13:48.0421 2908 DXGKrnl - ok
19:13:48.0437 2908 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
19:13:48.0468 2908 EapHost - ok
19:13:48.0515 2908 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
19:13:48.0578 2908 ebdrv - ok
19:13:48.0625 2908 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
19:13:48.0640 2908 eeCtrl - ok
19:13:48.0671 2908 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
19:13:48.0687 2908 EFS - ok
19:13:48.0750 2908 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:13:48.0765 2908 ehRecvr - ok
19:13:48.0781 2908 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
19:13:48.0796 2908 ehSched - ok
19:13:48.0843 2908 [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
19:13:48.0843 2908 ElbyCDIO - ok
19:13:48.0875 2908 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:13:48.0891 2908 elxstor - ok
19:13:48.0922 2908 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
19:13:48.0938 2908 EraserUtilRebootDrv - ok
19:13:48.0954 2908 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:13:48.0969 2908 ErrDev - ok
19:13:49.0000 2908 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
19:13:49.0047 2908 EventSystem - ok
19:13:49.0047 2908 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
19:13:49.0079 2908 exfat - ok
19:13:49.0094 2908 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:13:49.0110 2908 fastfat - ok
19:13:49.0157 2908 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
19:13:49.0188 2908 Fax - ok
19:13:49.0188 2908 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:13:49.0204 2908 fdc - ok
19:13:49.0204 2908 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
19:13:49.0235 2908 fdPHost - ok
19:13:49.0250 2908 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
19:13:49.0282 2908 FDResPub - ok
19:13:49.0297 2908 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:13:49.0297 2908 FileInfo - ok
19:13:49.0313 2908 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:13:49.0344 2908 Filetrace - ok
19:13:49.0407 2908 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:13:49.0422 2908 FLEXnet Licensing Service - ok
19:13:49.0438 2908 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:13:49.0454 2908 flpydisk - ok
19:13:49.0469 2908 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:13:49.0485 2908 FltMgr - ok
19:13:49.0516 2908 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
19:13:49.0547 2908 FontCache - ok
19:13:49.0594 2908 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:13:49.0594 2908 FontCache3.0.0.0 - ok
19:13:49.0610 2908 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:13:49.0625 2908 FsDepends - ok
19:13:49.0657 2908 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:13:49.0657 2908 Fs_Rec - ok
19:13:49.0704 2908 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:13:49.0719 2908 fvevol - ok
19:13:49.0735 2908 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:13:49.0750 2908 gagp30kx - ok
19:13:49.0766 2908 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
19:13:49.0797 2908 gpsvc - ok
19:13:49.0923 2908 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:13:49.0923 2908 gupdate - ok
19:13:49.0939 2908 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:13:49.0939 2908 gupdatem - ok
19:13:49.0970 2908 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
19:13:49.0986 2908 hamachi - ok
19:13:50.0033 2908 [ 506097D91E96AEE4BAD61800782E8FB6 ] hardlock C:\Windows\system32\drivers\hardlock.sys
19:13:50.0048 2908 hardlock - ok
19:13:50.0048 2908 hasplms - ok
19:13:50.0048 2908 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:13:50.0064 2908 hcw85cir - ok
19:13:50.0095 2908 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:13:50.0126 2908 HdAudAddService - ok
19:13:50.0142 2908 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:13:50.0173 2908 HDAudBus - ok
19:13:50.0189 2908 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:13:50.0205 2908 HidBatt - ok
19:13:50.0220 2908 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:13:50.0236 2908 HidBth - ok
19:13:50.0251 2908 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:13:50.0283 2908 HidIr - ok
19:13:50.0298 2908 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
19:13:50.0330 2908 hidserv - ok
19:13:50.0345 2908 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:13:50.0361 2908 HidUsb - ok
19:13:50.0392 2908 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:13:50.0423 2908 hkmsvc - ok
19:13:50.0470 2908 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:13:50.0486 2908 HomeGroupListener - ok
19:13:50.0517 2908 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:13:50.0548 2908 HomeGroupProvider - ok
19:13:50.0642 2908 [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
19:13:50.0658 2908 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
19:13:50.0658 2908 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
19:13:50.0673 2908 [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
19:13:50.0689 2908 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
19:13:50.0689 2908 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
19:13:50.0736 2908 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:13:50.0751 2908 HpSAMD - ok
19:13:50.0783 2908 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:13:50.0814 2908 HTTP - ok
19:13:50.0830 2908 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:13:50.0845 2908 hwpolicy - ok
19:13:50.0876 2908 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:13:50.0909 2908 i8042prt - ok
19:13:50.0940 2908 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:13:50.0956 2908 iaStorV - ok
19:13:50.0987 2908 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:13:51.0018 2908 idsvc - ok
19:13:51.0096 2908 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130109.001\IDSvix86.sys
19:13:51.0112 2908 IDSVix86 - ok
19:13:51.0127 2908 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:13:51.0143 2908 iirsp - ok
19:13:51.0174 2908 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
19:13:51.0206 2908 IKEEXT - ok
19:13:51.0221 2908 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
19:13:51.0237 2908 intelide - ok
19:13:51.0237 2908 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:13:51.0284 2908 intelppm - ok
19:13:51.0299 2908 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:13:51.0315 2908 IPBusEnum - ok
19:13:51.0331 2908 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:13:51.0362 2908 IpFilterDriver - ok
19:13:51.0393 2908 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:13:51.0409 2908 iphlpsvc - ok
19:13:51.0440 2908 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:13:51.0440 2908 IPMIDRV - ok
19:13:51.0456 2908 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:13:51.0487 2908 IPNAT - ok
19:13:51.0502 2908 [ 9F7E491FB0BA0F9E370163834FC1FE31 ] irda C:\Windows\system32\DRIVERS\irda.sys
19:13:51.0518 2908 irda - ok
19:13:51.0534 2908 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:13:51.0549 2908 IRENUM - ok
19:13:51.0549 2908 [ 4220D2F03D5C4226D0A1AA4B84025E45 ] Irmon C:\Windows\System32\irmon.dll
19:13:51.0565 2908 Irmon - ok
19:13:51.0581 2908 [ 5896B5FF6332AB2BE1582523E9656A67 ] irsir C:\Windows\system32\DRIVERS\irsir.sys
19:13:51.0596 2908 irsir - ok
19:13:51.0627 2908 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:13:51.0643 2908 isapnp - ok
19:13:51.0643 2908 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:13:51.0659 2908 iScsiPrt - ok
19:13:51.0690 2908 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:13:51.0690 2908 kbdclass - ok
19:13:51.0721 2908 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
19:13:51.0737 2908 kbdhid - ok
19:13:51.0752 2908 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
19:13:51.0768 2908 KeyIso - ok
19:13:51.0784 2908 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:13:51.0799 2908 KSecDD - ok
19:13:51.0831 2908 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:13:51.0846 2908 KSecPkg - ok
19:13:51.0862 2908 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
19:13:51.0910 2908 KtmRm - ok
19:13:51.0941 2908 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
19:13:51.0989 2908 LanmanServer - ok
19:13:51.0989 2908 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:13:52.0020 2908 LanmanWorkstation - ok
19:13:52.0036 2908 [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:13:52.0051 2908 LHidFilt - ok
19:13:52.0083 2908 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
19:13:52.0098 2908 lirsgt - ok
19:13:52.0129 2908 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:13:52.0161 2908 lltdio - ok
19:13:52.0176 2908 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:13:52.0192 2908 lltdsvc - ok
19:13:52.0208 2908 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
19:13:52.0223 2908 lmhosts - ok
19:13:52.0223 2908 [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:13:52.0239 2908 LMouFilt - ok
19:13:52.0254 2908 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:13:52.0270 2908 LSI_FC - ok
19:13:52.0270 2908 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:13:52.0286 2908 LSI_SAS - ok
19:13:52.0301 2908 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:13:52.0301 2908 LSI_SAS2 - ok
19:13:52.0317 2908 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:13:52.0333 2908 LSI_SCSI - ok
19:13:52.0348 2908 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
19:13:52.0379 2908 luafv - ok
19:13:52.0411 2908 [ A3E700D78EEC390F1208098CDCA5C6B6 ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus.sys
19:13:52.0426 2908 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
19:13:52.0426 2908 MarvinBus - detected UnsignedFile.Multi.Generic (1)
19:13:52.0473 2908 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:13:52.0473 2908 Mcx2Svc - ok
19:13:52.0489 2908 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:13:52.0504 2908 megasas - ok
19:13:52.0504 2908 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:13:52.0520 2908 MegaSR - ok
19:13:52.0551 2908 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
19:13:52.0567 2908 MMCSS - ok
19:13:52.0583 2908 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
19:13:52.0614 2908 Modem - ok
19:13:52.0645 2908 [ 23C13A9579D4CC04B41CFA2A22213E77 ] MonFilt C:\Windows\system32\drivers\MonFilt.sys
19:13:52.0645 2908 Suspicious file (Forged): C:\Windows\system32\drivers\MonFilt.sys. Real md5: 23C13A9579D4CC04B41CFA2A22213E77, Fake md5: 27AE46A9E30F50A6BFA6198E51000357
19:13:52.0645 2908 MonFilt ( ForgedFile.Multi.Generic ) - warning
19:13:52.0645 2908 MonFilt - detected ForgedFile.Multi.Generic (1)
19:13:52.0676 2908 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:13:52.0692 2908 monitor - ok
19:13:52.0739 2908 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:13:52.0739 2908 mouclass - ok
19:13:52.0754 2908 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:13:52.0754 2908 mouhid - ok
19:13:52.0786 2908 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:13:52.0801 2908 mountmgr - ok
19:13:52.0848 2908 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:13:52.0848 2908 MozillaMaintenance - ok
19:13:52.0879 2908 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
19:13:52.0895 2908 mpio - ok
19:13:52.0911 2908 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:13:52.0943 2908 mpsdrv - ok
19:13:52.0974 2908 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:13:53.0021 2908 MpsSvc - ok
19:13:53.0052 2908 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:13:53.0068 2908 MRxDAV - ok
19:13:53.0115 2908 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:13:53.0130 2908 mrxsmb - ok
19:13:53.0162 2908 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:13:53.0177 2908 mrxsmb10 - ok
19:13:53.0193 2908 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:13:53.0193 2908 mrxsmb20 - ok
19:13:53.0208 2908 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
19:13:53.0224 2908 msahci - ok
19:13:53.0240 2908 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:13:53.0240 2908 msdsm - ok
19:13:53.0271 2908 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
19:13:53.0287 2908 MSDTC - ok
19:13:53.0302 2908 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:13:53.0333 2908 Msfs - ok
19:13:53.0333 2908 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:13:53.0349 2908 mshidkmdf - ok
19:13:53.0380 2908 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:13:53.0396 2908 msisadrv - ok
19:13:53.0412 2908 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:13:53.0443 2908 MSiSCSI - ok
19:13:53.0443 2908 msiserver - ok
19:13:53.0474 2908 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:13:53.0505 2908 MSKSSRV - ok
19:13:53.0521 2908 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:13:53.0552 2908 MSPCLOCK - ok
19:13:53.0568 2908 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:13:53.0583 2908 MSPQM - ok
19:13:53.0615 2908 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:13:53.0630 2908 MsRPC - ok
19:13:53.0646 2908 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:13:53.0662 2908 mssmbios - ok
19:13:53.0662 2908 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:13:53.0693 2908 MSTEE - ok
19:13:53.0693 2908 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:13:53.0708 2908 MTConfig - ok
19:13:53.0708 2908 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
19:13:53.0724 2908 Mup - ok
19:13:53.0755 2908 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
19:13:53.0771 2908 napagent - ok
19:13:53.0802 2908 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:13:53.0818 2908 NativeWifiP - ok
19:13:53.0912 2908 [ 8E4C77AD9BB279900C00F870CC0C674B ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130109.040\NAVENG.SYS
19:13:53.0912 2908 NAVENG - ok
19:13:53.0975 2908 [ 826F699B69E88A3920C70F344DD42D88 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130109.040\NAVEX15.SYS
19:13:54.0006 2908 NAVEX15 - ok
19:13:54.0038 2908 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:13:54.0069 2908 NDIS - ok
19:13:54.0069 2908 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:13:54.0100 2908 NdisCap - ok
19:13:54.0131 2908 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:13:54.0147 2908 NdisTapi - ok
19:13:54.0194 2908 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:13:54.0209 2908 Ndisuio - ok
19:13:54.0241 2908 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:13:54.0272 2908 NdisWan - ok
19:13:54.0288 2908 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:13:54.0319 2908 NDProxy - ok
19:13:54.0350 2908 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:13:54.0366 2908 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:13:54.0366 2908 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:13:54.0381 2908 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:13:54.0397 2908 NetBIOS - ok
19:13:54.0444 2908 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:13:54.0475 2908 NetBT - ok
19:13:54.0491 2908 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
19:13:54.0491 2908 Netlogon - ok
19:13:54.0522 2908 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
19:13:54.0569 2908 Netman - ok
19:13:54.0600 2908 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:13:54.0600 2908 NetMsmqActivator - ok
19:13:54.0600 2908 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:13:54.0616 2908 NetPipeActivator - ok
19:13:54.0647 2908 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
19:13:54.0678 2908 netprofm - ok
19:13:54.0678 2908 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:13:54.0694 2908 NetTcpActivator - ok
19:13:54.0694 2908 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:13:54.0709 2908 NetTcpPortSharing - ok
19:13:54.0725 2908 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:13:54.0725 2908 nfrd960 - ok
19:13:54.0803 2908 [ 4A9258B9597A31DB68EC9740F3A8A70B ] NIS C:\Program Files\Norton Internet Security CBE\Engine\20.2.0.19\ccSvcHst.exe
19:13:54.0819 2908 NIS - ok
19:13:54.0850 2908 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
19:13:54.0866 2908 NlaSvc - ok
19:13:54.0897 2908 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:13:54.0913 2908 Npfs - ok
19:13:54.0928 2908 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
19:13:54.0944 2908 nsi - ok
19:13:54.0961 2908 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:13:54.0993 2908 nsiproxy - ok
19:13:55.0040 2908 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:13:55.0055 2908 Ntfs - ok
19:13:55.0071 2908 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
19:13:55.0102 2908 Null - ok
19:13:55.0133 2908 [ 77F9F9A199B87FE3F852E12F5419240B ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
19:13:55.0149 2908 NVHDA - ok
19:13:55.0305 2908 [ 0A1B502CBC8230DA74BEFBAADDB58916 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:13:55.0430 2908 nvlddmkm - ok
19:13:55.0477 2908 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:13:55.0477 2908 nvraid - ok
19:13:55.0524 2908 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:13:55.0540 2908 nvstor - ok
19:13:55.0586 2908 [ EB5A13F9139F20AD71ADF4BF79C3AA29 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:13:55.0618 2908 nvsvc - ok
19:13:55.0665 2908 [ 61FF84F865B4414EFDC11856BF5757AD ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:13:55.0696 2908 nvUpdatusService - ok
19:13:55.0727 2908 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:13:55.0727 2908 nv_agp - ok
19:13:55.0758 2908 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:13:55.0790 2908 ohci1394 - ok
19:13:55.0805 2908 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:13:55.0821 2908 p2pimsvc - ok
19:13:55.0836 2908 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
19:13:55.0852 2908 p2psvc - ok
19:13:55.0868 2908 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:13:55.0899 2908 Parport - ok
19:13:55.0915 2908 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:13:55.0930 2908 partmgr - ok
19:13:55.0946 2908 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
19:13:55.0961 2908 Parvdm - ok
19:13:55.0961 2908 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:13:55.0994 2908 PcaSvc - ok
19:13:56.0026 2908 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
19:13:56.0041 2908 pci - ok
19:13:56.0041 2908 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
19:13:56.0057 2908 pciide - ok
19:13:56.0073 2908 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:13:56.0088 2908 pcmcia - ok
19:13:56.0088 2908 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
19:13:56.0104 2908 pcw - ok
19:13:56.0120 2908 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:13:56.0166 2908 PEAUTH - ok
19:13:56.0213 2908 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
19:13:56.0260 2908 pla - ok
19:13:56.0291 2908 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:13:56.0323 2908 PlugPlay - ok
19:13:56.0354 2908 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:13:56.0370 2908 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:13:56.0370 2908 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:13:56.0401 2908 [ A1DD33D16F277CE34124EE52AB2C0F14 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
19:13:56.0416 2908 PnkBstrA - ok
19:13:56.0432 2908 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:13:56.0463 2908 PNRPAutoReg - ok
19:13:56.0463 2908 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:13:56.0479 2908 PNRPsvc - ok
19:13:56.0495 2908 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:13:56.0526 2908 PolicyAgent - ok
19:13:56.0557 2908 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
19:13:56.0573 2908 Power - ok
19:13:56.0588 2908 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:13:56.0620 2908 PptpMiniport - ok
19:13:56.0620 2908 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:13:56.0635 2908 Processor - ok
19:13:56.0651 2908 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
19:13:56.0666 2908 ProfSvc - ok
19:13:56.0666 2908 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:13:56.0682 2908 ProtectedStorage - ok
19:13:56.0682 2908 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:13:56.0713 2908 Psched - ok
19:13:56.0745 2908 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:13:56.0776 2908 ql2300 - ok
19:13:56.0791 2908 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:13:56.0807 2908 ql40xx - ok
19:13:56.0807 2908 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
19:13:56.0838 2908 QWAVE - ok
19:13:56.0854 2908 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:13:56.0870 2908 QWAVEdrv - ok
19:13:56.0885 2908 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:13:56.0901 2908 RasAcd - ok
19:13:56.0916 2908 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:13:56.0948 2908 RasAgileVpn - ok
19:13:56.0948 2908 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
19:13:56.0963 2908 RasAuto - ok
19:13:56.0979 2908 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:13:57.0011 2908 Rasl2tp - ok
19:13:57.0042 2908 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
19:13:57.0074 2908 RasMan - ok
19:13:57.0074 2908 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:13:57.0089 2908 RasPppoe - ok
19:13:57.0121 2908 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:13:57.0136 2908 RasSstp - ok
19:13:57.0167 2908 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:13:57.0199 2908 rdbss - ok
19:13:57.0199 2908 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:13:57.0214 2908 rdpbus - ok
19:13:57.0246 2908 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:13:57.0277 2908 RDPCDD - ok
19:13:57.0292 2908 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:13:57.0324 2908 RDPENCDD - ok
19:13:57.0324 2908 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:13:57.0355 2908 RDPREFMP - ok
19:13:57.0371 2908 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:13:57.0402 2908 RDPWD - ok
19:13:57.0433 2908 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:13:57.0449 2908 rdyboost - ok
19:13:57.0464 2908 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
19:13:57.0496 2908 RemoteAccess - ok
19:13:57.0511 2908 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:13:57.0542 2908 RemoteRegistry - ok
19:13:57.0605 2908 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
19:13:57.0636 2908 RichVideo ( UnsignedFile.Multi.Generic ) - warning
19:13:57.0636 2908 RichVideo - detected UnsignedFile.Multi.Generic (1)
19:13:57.0652 2908 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:13:57.0683 2908 RpcEptMapper - ok
19:13:57.0714 2908 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
19:13:57.0714 2908 RpcLocator - ok
19:13:57.0730 2908 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
19:13:57.0746 2908 RpcSs - ok
19:13:57.0777 2908 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:13:57.0792 2908 rspndr - ok
19:13:57.0824 2908 [ 6465166DD9B2F841DABAD16ABDADBE98 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
19:13:57.0855 2908 RTL8167 - ok
19:13:57.0855 2908 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
19:13:57.0871 2908 SamSs - ok
19:13:57.0902 2908 [ 1FBD21895B768CD40E83B86C18E6454F ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
19:13:57.0917 2908 SbieDrv - ok
19:13:57.0933 2908 [ D5D875D6662F30C7FBF5F6879452B12B ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
19:13:57.0933 2908 SbieSvc - ok
19:13:57.0964 2908 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:13:57.0980 2908 sbp2port - ok
19:13:58.0059 2908 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
19:13:58.0075 2908 SBSDWSCService - ok
19:13:58.0106 2908 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:13:58.0122 2908 SCardSvr - ok
19:13:58.0153 2908 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:13:58.0168 2908 scfilter - ok
19:13:58.0200 2908 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
19:13:58.0231 2908 Schedule - ok
19:13:58.0262 2908 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:13:58.0278 2908 SCPolicySvc - ok
19:13:58.0309 2908 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:13:58.0340 2908 SDRSVC - ok
19:13:58.0356 2908 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:13:58.0387 2908 secdrv - ok
19:13:58.0387 2908 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
19:13:58.0403 2908 seclogon - ok
19:13:58.0418 2908 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
19:13:58.0450 2908 SENS - ok
19:13:58.0465 2908 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:13:58.0481 2908 SensrSvc - ok
19:13:58.0497 2908 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:13:58.0512 2908 Serenum - ok
19:13:58.0528 2908 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:13:58.0543 2908 Serial - ok
19:13:58.0575 2908 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:13:58.0606 2908 sermouse - ok
19:13:58.0622 2908 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
19:13:58.0637 2908 SessionEnv - ok
19:13:58.0653 2908 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:13:58.0668 2908 sffdisk - ok
19:13:58.0668 2908 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:13:58.0700 2908 sffp_mmc - ok
19:13:58.0715 2908 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:13:58.0731 2908 sffp_sd - ok
19:13:58.0731 2908 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:13:58.0762 2908 sfloppy - ok
19:13:58.0793 2908 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:13:58.0825 2908 SharedAccess - ok
19:13:58.0840 2908 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:13:58.0872 2908 ShellHWDetection - ok
19:13:58.0872 2908 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:13:58.0887 2908 sisagp - ok
19:13:58.0903 2908 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:13:58.0918 2908 SiSRaid2 - ok
19:13:58.0934 2908 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:13:58.0934 2908 SiSRaid4 - ok
19:13:59.0044 2908 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:13:59.0107 2908 Skype C2C Service - ok
19:13:59.0154 2908 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:13:59.0154 2908 SkypeUpdate - ok
19:13:59.0169 2908 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:13:59.0201 2908 Smb - ok
19:13:59.0216 2908 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:13:59.0232 2908 SNMPTRAP - ok
19:13:59.0248 2908 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
19:13:59.0248 2908 spldr - ok
19:13:59.0279 2908 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
19:13:59.0294 2908 Spooler - ok
19:13:59.0357 2908 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
19:13:59.0404 2908 sppsvc - ok
19:13:59.0435 2908 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:13:59.0466 2908 sppuinotify - ok
19:13:59.0513 2908 [ 0022CFFF1A41E5CE3A764050A7DDF22A ] sptd C:\Windows\System32\Drivers\sptd.sys
19:13:59.0529 2908 sptd - ok
19:13:59.0607 2908 [ 26C1B59C80FEF94B025DF5C3C1B791A7 ] SRTSP C:\Windows\System32\Drivers\NIS\1402000.013\SRTSP.SYS
19:13:59.0623 2908 SRTSP - ok
19:13:59.0669 2908 [ 21AC3AE81E8263061624C4ED3B11509A ] SRTSPX C:\Windows\system32\drivers\NIS\1402000.013\SRTSPX.SYS
19:13:59.0685 2908 SRTSPX - ok
19:13:59.0716 2908 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:13:59.0732 2908 srv - ok
19:13:59.0748 2908 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:13:59.0779 2908 srv2 - ok
19:13:59.0779 2908 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:13:59.0794 2908 srvnet - ok
19:13:59.0810 2908 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:13:59.0857 2908 SSDPSRV - ok
19:13:59.0857 2908 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:13:59.0904 2908 SstpSvc - ok
19:13:59.0935 2908 Steam Client Service - ok
19:13:59.0998 2908 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:14:00.0013 2908 Stereo Service - ok
19:14:00.0029 2908 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:14:00.0045 2908 stexstor - ok
19:14:00.0093 2908 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
19:14:00.0125 2908 StiSvc - ok
19:14:00.0156 2908 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
19:14:00.0156 2908 swenum - ok
19:14:00.0171 2908 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
19:14:00.0187 2908 swprv - ok
19:14:00.0234 2908 [ FB69A67FEEE3026C7F99774A1C405326 ] SymDS C:\Windows\system32\drivers\NIS\1402000.013\SYMDS.SYS
19:14:00.0250 2908 SymDS - ok
19:14:00.0281 2908 [ 28C5FAFA7FD1C522B8DCD59694D39412 ] SymEFA C:\Windows\system32\drivers\NIS\1402000.013\SYMEFA.SYS
19:14:00.0312 2908 SymEFA - ok
19:14:00.0328 2908 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
19:14:00.0343 2908 SymEvent - ok
19:14:00.0375 2908 [ 8C9B9036E301A9965CF15BEC91C58A12 ] SymIRON C:\Windows\system32\drivers\NIS\1402000.013\Ironx86.SYS
19:14:00.0390 2908 SymIRON - ok
19:14:00.0406 2908 [ 21698476A90ACAA056B8CFE09A82785F ] SymNetS C:\Windows\System32\Drivers\NIS\1402000.013\SYMNETS.SYS
19:14:00.0406 2908 SymNetS - ok
19:14:00.0468 2908 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
19:14:00.0484 2908 SysMain - ok
19:14:00.0515 2908 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:14:00.0546 2908 TabletInputService - ok
19:14:00.0562 2908 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
19:14:00.0578 2908 taphss - ok
19:14:00.0609 2908 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
19:14:00.0625 2908 TapiSrv - ok
19:14:00.0656 2908 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
19:14:00.0671 2908 TBS - ok
19:14:00.0718 2908 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:14:00.0750 2908 Tcpip - ok
19:14:00.0796 2908 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:14:00.0812 2908 TCPIP6 - ok
19:14:00.0843 2908 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:14:00.0859 2908 tcpipreg - ok
19:14:00.0875 2908 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:14:00.0890 2908 TDPIPE - ok
19:14:00.0906 2908 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:14:00.0937 2908 TDTCP - ok
19:14:00.0968 2908 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:14:00.0984 2908 tdx - ok
19:14:01.0015 2908 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:14:01.0015 2908 TermDD - ok
19:14:01.0046 2908 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
19:14:01.0079 2908 TermService - ok
19:14:01.0094 2908 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
19:14:01.0110 2908 Themes - ok
19:14:01.0125 2908 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
19:14:01.0141 2908 THREADORDER - ok
19:14:01.0172 2908 [ 5815AE5EF8519066F19E575D67F6F191 ] TPkd C:\Windows\system32\drivers\TPkd.sys
19:14:01.0204 2908 TPkd ( UnsignedFile.Multi.Generic ) - warning
19:14:01.0204 2908 TPkd - detected UnsignedFile.Multi.Generic (1)
19:14:01.0219 2908 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
19:14:01.0250 2908 TrkWks - ok
19:14:01.0297 2908 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:14:01.0313 2908 TrustedInstaller - ok
19:14:01.0344 2908 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:14:01.0375 2908 tssecsrv - ok
19:14:01.0422 2908 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:14:01.0438 2908 TsUsbFlt - ok
19:14:01.0469 2908 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:14:01.0500 2908 tunnel - ok
19:14:01.0516 2908 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:14:01.0532 2908 uagp35 - ok
19:14:01.0547 2908 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:14:01.0579 2908 udfs - ok
19:14:01.0594 2908 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:14:01.0625 2908 UI0Detect - ok
19:14:01.0657 2908 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:14:01.0657 2908 uliagpkx - ok
19:14:01.0688 2908 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
19:14:01.0704 2908 umbus - ok
19:14:01.0704 2908 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:14:01.0735 2908 UmPass - ok
19:14:01.0813 2908 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
19:14:01.0813 2908 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
19:14:01.0813 2908 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
19:14:01.0829 2908 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
19:14:01.0860 2908 upnphost - ok
19:14:01.0907 2908 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
19:14:01.0922 2908 usbaudio - ok
19:14:01.0938 2908 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:14:01.0954 2908 usbccgp - ok
19:14:01.0969 2908 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:14:01.0985 2908 usbcir - ok
19:14:02.0016 2908 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:14:02.0016 2908 usbehci - ok
19:14:02.0047 2908 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:14:02.0080 2908 usbhub - ok
19:14:02.0095 2908 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:14:02.0111 2908 usbohci - ok
19:14:02.0142 2908 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:14:02.0142 2908 usbprint - ok
19:14:02.0173 2908 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:14:02.0205 2908 usbscan - ok
19:14:02.0220 2908 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:14:02.0220 2908 USBSTOR - ok
19:14:02.0236 2908 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:14:02.0251 2908 usbuhci - ok
19:14:02.0267 2908 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
19:14:02.0283 2908 UxSms - ok
19:14:02.0283 2908 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
19:14:02.0298 2908 VaultSvc - ok
19:14:02.0330 2908 [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
19:14:02.0345 2908 VClone - ok
19:14:02.0376 2908 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:14:02.0392 2908 vdrvroot - ok
19:14:02.0423 2908 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
19:14:02.0455 2908 vds - ok
19:14:02.0470 2908 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:14:02.0486 2908 vga - ok
19:14:02.0486 2908 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
19:14:02.0517 2908 VgaSave - ok
19:14:02.0533 2908 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:14:02.0548 2908 vhdmp - ok
19:14:02.0564 2908 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:14:02.0564 2908 viaagp - ok
19:14:02.0580 2908 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
19:14:02.0595 2908 ViaC7 - ok
19:14:02.0642 2908 [ F27C1D81ED7DACA5B1A539745A4EF710 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
19:14:02.0673 2908 VIAHdAudAddService - ok
19:14:02.0705 2908 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
19:14:02.0705 2908 viaide - ok
19:14:02.0736 2908 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:14:02.0751 2908 volmgr - ok
19:14:02.0751 2908 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:14:02.0767 2908 volmgrx - ok
19:14:02.0798 2908 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:14:02.0814 2908 volsnap - ok
19:14:02.0830 2908 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:14:02.0845 2908 vsmraid - ok
19:14:02.0876 2908 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
19:14:02.0908 2908 VSS - ok
19:14:02.0908 2908 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
19:14:02.0939 2908 vwifibus - ok
19:14:02.0955 2908 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
19:14:02.0986 2908 W32Time - ok
19:14:02.0986 2908 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:14:03.0017 2908 WacomPen - ok
19:14:03.0048 2908 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:14:03.0064 2908 WANARP - ok
19:14:03.0064 2908 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:14:03.0096 2908 Wanarpv6 - ok
19:14:03.0127 2908 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
19:14:03.0159 2908 wbengine - ok
19:14:03.0174 2908 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:14:03.0190 2908 WbioSrvc - ok
19:14:03.0221 2908 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:14:03.0252 2908 wcncsvc - ok
19:14:03.0268 2908 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:14:03.0284 2908 WcsPlugInService - ok
19:14:03.0284 2908 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:14:03.0299 2908 Wd - ok
19:14:03.0346 2908 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:14:03.0362 2908 Wdf01000 - ok
19:14:03.0362 2908 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:14:03.0377 2908 WdiServiceHost - ok
19:14:03.0377 2908 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:14:03.0393 2908 WdiSystemHost - ok
19:14:03.0440 2908 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
19:14:03.0440 2908 WebClient - ok
19:14:03.0456 2908 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:14:03.0471 2908 Wecsvc - ok
19:14:03.0487 2908 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:14:03.0502 2908 wercplsupport - ok
19:14:03.0518 2908 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
19:14:03.0549 2908 WerSvc - ok
19:14:03.0565 2908 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:14:03.0581 2908 WfpLwf - ok
19:14:03.0596 2908 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:14:03.0612 2908 WIMMount - ok
19:14:03.0659 2908 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:14:03.0674 2908 WinDefend - ok
19:14:03.0690 2908 WinHttpAutoProxySvc - ok
19:14:03.0737 2908 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:14:03.0768 2908 Winmgmt - ok
19:14:03.0815 2908 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
19:14:03.0846 2908 WinRM - ok
19:14:03.0877 2908 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:14:03.0924 2908 Wlansvc - ok
19:14:04.0002 2908 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:14:04.0034 2908 wlidsvc - ok
19:14:04.0065 2908 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:14:04.0081 2908 WmiAcpi - ok
19:14:04.0081 2908 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:14:04.0096 2908 wmiApSrv - ok
19:14:04.0145 2908 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:14:04.0177 2908 WMPNetworkSvc - ok
19:14:04.0193 2908 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:14:04.0193 2908 WPCSvc - ok
19:14:04.0224 2908 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:14:04.0240 2908 WPDBusEnum - ok
19:14:04.0271 2908 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:14:04.0287 2908 ws2ifsl - ok
19:14:04.0302 2908 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
19:14:04.0318 2908 wscsvc - ok
19:14:04.0333 2908 WSearch - ok
19:14:04.0380 2908 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:14:04.0412 2908 wuauserv - ok
19:14:04.0443 2908 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:14:04.0443 2908 WudfPf - ok
19:14:04.0474 2908 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:14:04.0505 2908 WUDFRd - ok
19:14:04.0537 2908 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:14:04.0552 2908 wudfsvc - ok
19:14:04.0568 2908 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
19:14:04.0599 2908 WwanSvc - ok
19:14:04.0615 2908 ================ Scan global ===============================
19:14:04.0646 2908 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
19:14:04.0677 2908 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
19:14:04.0677 2908 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
19:14:04.0708 2908 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
19:14:04.0740 2908 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
19:14:04.0740 2908 [Global] - ok
19:14:04.0740 2908 ================ Scan MBR ==================================
19:14:04.0755 2908 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:14:05.0052 2908 \Device\Harddisk0\DR0 - ok
19:14:05.0052 2908 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
19:14:05.0647 2908 \Device\Harddisk1\DR1 - ok
19:14:05.0647 2908 ================ Scan VBR ==================================
19:14:05.0663 2908 [ 64133C8D6F7DFDCB25D34AFA6AC38656 ] \Device\Harddisk0\DR0\Partition1
19:14:05.0663 2908 \Device\Harddisk0\DR0\Partition1 - ok
19:14:05.0663 2908 [ EE3B49BED8BD61D8183BD7641F760B55 ] \Device\Harddisk0\DR0\Partition2
19:14:05.0663 2908 \Device\Harddisk0\DR0\Partition2 - ok
19:14:05.0678 2908 [ B9ED8A40D7AFD1CEA8E473FCDCD5F337 ] \Device\Harddisk0\DR0\Partition3
19:14:05.0678 2908 \Device\Harddisk0\DR0\Partition3 - ok
19:14:05.0678 2908 [ B3EA4AB46D4EB995CFA25CAE86580424 ] \Device\Harddisk1\DR1\Partition1
19:14:05.0694 2908 \Device\Harddisk1\DR1\Partition1 - ok
19:14:05.0694 2908 ============================================================
19:14:05.0694 2908 Scan finished
19:14:05.0694 2908 ============================================================
19:14:05.0694 3784 Detected object count: 10
19:14:05.0694 3784 Actual detected object count: 10
19:14:18.0506 3784 AMBFilt ( ForgedFile.Multi.Generic ) - skipped by user
19:14:18.0506 3784 AMBFilt ( ForgedFile.Multi.Generic ) - User select action: Skip
19:14:18.0506 3784 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:18.0506 3784 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:18.0506 3784 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:18.0506 3784 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:18.0506 3784 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:18.0506 3784 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:18.0506 3784 MonFilt ( ForgedFile.Multi.Generic ) - skipped by user
19:14:18.0506 3784 MonFilt ( ForgedFile.Multi.Generic ) - User select action: Skip
19:14:18.0506 3784 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:18.0506 3784 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:18.0506 3784 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:18.0506 3784 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:18.0506 3784 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:18.0506 3784 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:18.0506 3784 TPkd ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:18.0506 3784 TPkd ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:18.0506 3784 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:18.0506 3784 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg 10.01.2013 19:24
Hi,
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Welsper 10.01.2013 19:59
So, ich starte jetzt dann erstmal den Rechner neu.
In der Zwischenzeit hier mal das neue Log:

Combofix Logfile:
Code:
ComboFix 13-01-08.01 - *** 10.01.2013  19:33:20.1.4 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3327.1812 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Norton Internet Security CBE *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security CBE *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security CBE *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\***\4.0
c:\users\***\AppData\Roaming\convert\convert.exe
c:\users\***\AppData\Roaming\Microsoft\Windows\Templates\install_flash_player_32bit.exe
c:\users\Public\sdelevURL.tmp
c:\windows\IsUn0407.exe
c:\windows\system32\roboot.exe
c:\windows\unin0407.exe
E:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-12-10 bis 2013-01-10  ))))))))))))))))))))))))))))))
.
.
2013-01-10 18:45 . 2013-01-10 18:45        --------        d-----w-        c:\users\***\AppData\Local\temp
2013-01-10 18:45 . 2013-01-10 18:45        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-01-10 18:45 . 2013-01-10 18:45        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-01-10 17:57 . 2013-01-10 17:57        --------        d-----w-        C:\_OTL
2013-01-10 11:58 . 2013-01-10 11:58        --------        d-----w-        c:\users\***\AppData\Local\Programs
2013-01-10 11:44 . 2013-01-10 14:18        --------        d-----w-        c:\program files\Browse To Save Removal Tool
2013-01-09 22:26 . 1993-08-24 17:32        12800        ----a-w-        c:\windows\system32\WING32.DLL
2013-01-09 05:57 . 2012-12-07 12:26        308736        ----a-w-        c:\windows\system32\Wpc.dll
2013-01-07 17:47 . 2013-01-07 17:47        --------        d-----w-        c:\users\***\AppData\Roaming\Doomsday
2013-01-06 19:25 . 2013-01-06 19:25        --------        d-----w-        c:\programdata\Particles
2013-01-06 19:25 . 2013-01-06 19:26        --------        d-----w-        c:\users\***\AppData\Local\Murder on the Titanic
2013-01-06 19:08 . 2013-01-06 19:08        --------        d-----w-        c:\users\***\AppData\Roaming\NevoSoft Games
2013-01-05 08:00 . 2013-01-05 08:02        --------        d-----w-        c:\programdata\Intenium
2013-01-05 07:59 . 2013-01-05 08:01        --------        d-----w-        c:\program files\DEUTSCHLAND SPIELT
2013-01-05 07:58 . 2013-01-05 07:58        --------        d-----w-        c:\program files\OXXOGames
2013-01-05 07:50 . 2013-01-05 07:50        --------        d-----w-        c:\users\***\AppData\Roaming\DieselPuppet
2013-01-05 07:46 . 2013-01-05 07:46        --------        d-----w-        c:\programdata\Premium
2013-01-05 07:44 . 2013-01-05 07:44        --------        d-----w-        c:\programdata\Browse2save
2013-01-05 07:44 . 2013-01-05 07:50        --------        d-----w-        c:\programdata\AlawarWrapper
2013-01-05 07:42 . 2013-01-05 07:51        --------        d-----w-        c:\program files\Alawar
2013-01-05 07:27 . 2013-01-05 07:46        --------        d-----w-        c:\programdata\InstallMate
2013-01-05 07:25 . 2013-01-05 07:25        --------        d-----w-        c:\users\***\AppData\Roaming\AlawarEntertainment
2013-01-02 12:32 . 2013-01-02 12:32        --------        d-----w-        c:\program files\Common Files\Java
2013-01-01 19:25 . 2013-01-01 19:25        --------        d-----w-        c:\users\***\AppData\Roaming\onOne Software
2013-01-01 19:21 . 2013-01-01 19:25        --------        d-----w-        c:\programdata\onOne Software
2012-12-31 20:07 . 2012-12-31 20:07        --------        d-----w-        c:\users\***\AppData\Roaming\SourceTec
2012-12-31 20:07 . 2012-12-31 20:07        --------        d-----w-        c:\program files\LAV Filters
2012-12-31 20:06 . 2012-12-31 20:07        --------        d-----w-        c:\program files\Sothink Video Converter
2012-12-31 20:06 . 2012-12-31 20:06        --------        d-----w-        c:\program files\Common Files\SourceTec
2012-12-31 20:06 . 2012-07-26 12:47        1283584        ----a-w-        c:\windows\system32\VSFilter.dll
2012-12-22 02:01 . 2012-12-16 14:13        295424        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-22 02:01 . 2012-12-16 14:13        34304        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-20 16:30 . 2012-12-20 16:30        --------        d-----w-        c:\users\***\AppData\Roaming\Artifex Mundi
2012-12-20 16:22 . 2012-12-20 16:22        --------        d-----w-        c:\users\***\AppData\Roaming\LeeGT-Games
2012-12-17 03:54 . 2012-12-17 03:54        --------        d-----w-        c:\users\***\AppData\Local\InstallShare
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 07:07 . 2010-10-13 10:24        109080        ----a-w-        c:\windows\system32\OpenAL32.dll
2013-01-02 12:31 . 2012-07-07 06:17        637848        ----a-w-        c:\windows\system32\npdeployJava1.dll
2013-01-02 12:31 . 2011-05-31 16:00        567184        ----a-w-        c:\windows\system32\deployJava1.dll
2012-12-17 03:24 . 2012-10-28 09:51        73656        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-17 03:24 . 2012-10-28 09:51        697272        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-12-14 15:49 . 2012-11-07 23:50        21104        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-11-13 20:29 . 2012-11-13 20:29        354216        ----a-w-        c:\windows\system32\DivXControlPanelApplet.cpl
2012-11-08 10:29 . 2012-11-08 10:29        1402312        ----a-w-        c:\windows\system32\msxml4.dll
2012-11-05 15:32 . 2012-11-05 15:32        715038        ----a-w-        c:\windows\unins000.exe
2012-10-31 09:36 . 2012-10-31 09:36        142496        ----a-w-        c:\windows\system32\drivers\SYMEVENT.SYS
2012-10-25 02:12 . 2012-10-25 02:12        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12        69632        ----a-w-        c:\windows\system32\QuickTime.qts
2012-10-18 11:33 . 2012-10-18 11:33        38520        ----a-w-        c:\windows\system32\RGBAcodec.dll
2012-10-17 15:37 . 2010-09-14 21:18        397312        ----a-w-        c:\windows\system32\TubeFinder.exe
2012-10-16 07:39 . 2012-11-27 18:19        561664        ----a-w-        c:\windows\apppatch\AcLayers.dll
2012-12-05 20:44 . 2012-10-27 08:09        262112        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06        163328        --sha-r-        c:\windows\System32\flvDX.dll
2007-02-21 11:47        31232        --sha-r-        c:\windows\System32\msfDX.dll
2008-03-16 13:30        216064        --sha-r-        c:\windows\System32\nbDX.dll
2010-01-06 22:00        107520        --sha-r-        c:\windows\System32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26        3908192        ----a-w-        c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 14:45        2355224        ----a-w-        c:\program files\Winload\tbWinl.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF0D7BA7-2A75-9534-3D50-855D8141DBD3}]
2013-01-05 07:45        118272        ----a-w-        c:\programdata\Browse2save\50e7da3064f4b.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
2010-10-18 10:26        3908192        ----a-w-        c:\program files\AF-HSS\tbAF-H.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
"{f0381dbd-e018-4e07-ae40-d96ab15083f0}"= "c:\program files\AF-HSS\tbAF-H.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]
"{F0381DBD-E018-4E07-AE40-D96AB15083F0}"= "c:\program files\AF-HSS\tbAF-H.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
.
[HKEY_CLASSES_ROOT\clsid\{f0381dbd-e018-4e07-ae40-d96ab15083f0}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Personal ID"="c:\progra~1\COOLSP~1\PERSON~1\PID.EXE" [2011-02-01 1132984]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-03-27 1686528]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetpointII.exe [2009-7-21 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\BROWSE~1\25976~1.107\{C16C1~1\mngr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VideoBrowser Camera Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\VideoBrowser Camera Monitor.lnk
backup=c:\windows\pss\VideoBrowser Camera Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00        919008        ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20        38872        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 20:56        59280        ----a-w-        c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-11 09:54        3672384        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2012-11-30 02:06        1263512        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
2007-04-16 06:33        259624        ----a-w-        c:\program files\Nuance\NaturallySpeaking11\Ereg\Ereg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dradio-RecorderTimer]
2010-11-23 18:26        39936        ----a-w-        c:\program files\dradio-Recorder\phonostarTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-07-18 13:35        116648        ----atw-        c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2009-09-21 10:40        1681408        ----a-r-        c:\program files\VIA\VIAudioi\VDeck\VDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18        133432        ----a-w-        c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2010-07-29 04:37        222496        ----a-w-        c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Linkury Chrome Smartbar]
2011-10-27 19:14        103224        ----a-w-        c:\program files\Linkury\Linkury.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-12-14 15:49        824232        ----a-w-        c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2012-03-08 16:50        4280184        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-06-17 07:51        466704        ----a-w-        c:\program files\Sandboxie\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-12-04 20:24        1354736        ----a-w-        c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51        17408        ----a-w-        c:\program files\Unlocker\UnlockerAssistant.exe
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [x]
R3 ALSysIO;ALSysIO;c:\users\***\AppData\Local\Temp\ALSysIO.sys [x]
R3 AMBFilt;AMBFilt;c:\windows\system32\drivers\AMBFilt.sys [x]
R3 cpuz130;cpuz130;c:\users\***\AppData\Local\Temp\cpuz130\cpuz_x32.sys [x]
R3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);c:\windows\system32\DRIVERS\webc3vid.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1402000.013\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1402000.013\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130107.001\BHDrvx86.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NIS\1402000.013\ccSetx86.sys [x]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130109.001\IDSvix86.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1402000.013\Ironx86.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1402000.013\SYMNETS.SYS [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 DragonSvc;Dragon Service;c:\program files\Common Files\Nuance\dgnsvc.exe [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe  -run [x]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security CBE\Engine\20.2.0.19\ccSvcHst.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 61072394
*Deregistered* - 61072394
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-13 04:01]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-13 04:01]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2373844148-831878903-2888449-1000Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14 13:35]
.
2013-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2373844148-831878903-2888449-1000UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-14 13:35]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mj7a9djq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109727&tt=4812_8&babsrc=KW_ss&mntrId=54a93cd60000000000000025223606c8&q=
FF - ExtSQL: 2012-12-07 02:13; {58bd07eb-0ee0-4df0-8121-dc9b693373df}; c:\programdata\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=54a93cd60000000000000025223606c8&q=
FF - user.js: extensions.BabylonToolbar.id - 54a93cd60000000000000025223606c8
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15676
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.822:43
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-F-Secure Hoster (666) - c:\program files\F-Secure\fshoster32.exe
MSConfigStartUp-Messenger (Yahoo!) - c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-Skype - c:\users\***\AppData\Roaming\Skype\Phone\Skype.exe
MSConfigStartUp-USBToolTip - c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
AddRemove-WebCam Plus - c:\windows\ctdrvins.exe -uninstall usb\vid_05a9&pid_0511 -plugin webc3pin.dll
AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\Browser Manager\2.5.976.107\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
AddRemove-{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23} - c:\program files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security CBE\Engine\20.2.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security CBE\Engine\20.2.0.19\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2373844148-831878903-2888449-1000\Software\SecuROM\License information*]
"datasecu"=hex:5d,ff,77,62,88,e4,d3,27,0a,48,b6,9f,fb,bd,2e,4a,38,27,f3,3f,67,
  b9,25,51,8b,37,c6,c2,e5,fd,a8,9c,96,47,f0,a2,64,11,2c,96,e4,85,02,9a,e7,c6,\
"rkeysecu"=hex:71,86,ed,f7,8d,5d,22,62,65,c6,56,c2,97,75,b5,9a
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-10  19:54:58
ComboFix-quarantined-files.txt  2013-01-10 18:54
.
Vor Suchlauf: 13 Verzeichnis(se), 11.087.470.592 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 10.609.504.256 Bytes frei
.
- - End Of File - - B6BD454498AFDBA82A6AC3CD9E7E5C5C
--- --- ---

markusg 10.01.2013 20:47
Hi
öffne bitte Malwarebytes, Logdateien, poste alle Berichte mit funden.

Welsper 10.01.2013 20:57
bei Malwwarebytes einen vollen Scan machen ?
Beim Starten hatte ich übrigends keine Fehlermeldung.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.10.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***-PC [Administrator]

10.01.2013 14:04:43
mbam-log-2013-01-10 (14-04-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 250369
Laufzeit: 3 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Also ich lass jetzt gerade Malware Bytes mal einen Vollständigen Scan der kompletten internen und der externen Festplatte machen.

Wobei der Quick Scan heute Mittag ja wie bei den anderen auch nichts ergeben hatte.

Nur Spybot Search and Destroy wollte einige Babylon Einträge entfernen.

Was hatte mein PC jetzt eigentlich ?
Und vor allem wie erkenne ich ab besten wieder ob er sowas wieder hat, wenn die Malware Scanner und der Virenscanner nichts erkennt ?

Ach ja und mein Norton Internet Security, sagt mir daß der Browser im Moment nicht so konfiguriert ist, das er betrügerische Websites erkennt und ob ich es beheben möchte.

markusg 11.01.2013 01:41
hi
steht oben nicht vollständiger scan?
dann lass norton die Konfiguration machen.
bisher nur adware.

Welsper 11.01.2013 09:29
Ok ich habe jetzt einen vollständigen Scan von allen Festplatten gemacht interne wie externe.

Hier das Log:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.11.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
*** :: ***-PC [Administrator]

11.01.2013 05:27:45
mbam-log-2013-01-11 (05-27-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|I:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 944093
Laufzeit: 3 Stunde(n), 52 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Also hatte ich quasi "nur" Adware auf dem PC ?

Was mich etwas irritiert hat, ist das Malware Bytes ja beim Scan con der C Platte vor diesen ganzen Maßnahmen auch nichts gefunden hat.

markusg 11.01.2013 16:17
Hi
da hattest du aber auch nur einen quick scan, es währe möglich gewesen, dass beim vollständigen noch was gefunden wird.

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Welsper 11.01.2013 23:27
So - Junge Junge war das eine Menge - puh

Hier die Liste:

1-abc.net Personal Diary (Remove only) 02.10.2012 notwendig
7-Zip 4.65 08.10.2010 notwendig
Acoustica MP3 To Wave Converter PLUS Acoustica, Inc. 15.12.2011 2.5 unbekannt
Active@ ISO Burner LSoft Technologies 17.09.2010 2.1.0 notwendig
Adobe AIR Adobe Systems Incorporated 19.11.2012 3.2.0.2070 unbekannt
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 16.12.2012 6,00MB 11.5.502.135 notwendig
Adobe Reader 9.5.2 - Deutsch Adobe Systems Incorporated 14.08.2012 118,5MB 9.5.2 notwendig
Advanced Combat Tracker (remove only) 10.04.2011 unnötig
AF-HSS Toolbar AF-HSS 19.09.2011 6.2.2.4 unbekannt
AIMP2 AIMP DevTeam 12.09.2010 notwendig
Alamandi INTENIUM GmbH 04.01.2013 0.0.0.0 unnötig
Any Video Converter 3.5.8 Any-Video-Converter.com 10.01.2013 106,9MB notwendig
Apple Application Support Apple Inc. 30.12.2012 65,0MB 2.3 unbekannt
Apple Mobile Device Support Apple Inc. 07.12.2011 24,3MB 4.0.0.97 unbekannt
Apple Software Update Apple Inc. 26.07.2011 2,38MB 2.1.3.127 unbekannt
Ashampoo Burning Studio 10.0.4 ashampoo GmbH & Co. KG 17.01.2011 187,3MB 10.0.4 notwendig
ASRock IES v2.0.13 14.01.2011 vermutlich notwendig wegen Motherboard
ASRock InstantBoot v1.23 09.09.2010 vermutlich notwendig wegen Motherboard
ASRock OC Tuner v2.2.96 14.01.2011 vermutlich notwendig wegen Motherboard
ATI Catalyst Install Manager ATI Technologies, Inc. 09.09.2010 13,8MB 3.0.732.0 notwendig
Audacity 1.3.12 (Unicode) Audacity Team 13.11.2010 32,6MB notwendig
AudibleManager Audible, Inc. 17.07.2011 2001558240.48.56.9309418 unnötig
AutoHotkey 1.0.48.05 Chris Mallett 28.04.2011 1.0.48.05 unnötig
Avidemux 2.5 (32-bit) 05.08.2012 2.5.6.7716 unbekannt
AviSynth 2.5 30.12.2012 unbekannt
Babylon Chrome Toolbar Babylon Ltd 01.12.2012 2,11MB 2.0.0.4 unnötig
Babylon toolbar BabylonToolbar 02.12.2012 unnötig
Bandicam Bandisoft.com 01.11.2012 notwendig
Bandisoft MPEG-1 Decoder 01.11.2012 notwendig
Best of C64 Classix Magnussoft 07.12.2012 notwendig
Browse2save BrowseToSave 04.01.2012 unnötig (vermutlich )
BurnAware Free 3.1 Burnaware Technologies 30.12.2010 21,8MB notwendig
calibre Kovid Goyal 07.10.2010 93,7MB 0.7.19 notwendig
Camtasia Studio 7 TechSmith Corporation 10.10.2011 219MB 7.0.1 notwendig
CCleaner Piriform 22.05.2012 3.19 notwendig
Celtx (2.7) Greyfirst 01.02.2011 2.7 (en-US) notwendig
Cluedo Zylom Games 01.04.2012 1.0.0 notwendig
Cogs 19.11.2012 notwendig
Comic Life 2 plasq LLC 12.07.2012 144,9MB 2.2.3.0 notwendig
ComicRack v0.9.133 cYo Soft 26.10.2010 v0.9.133 notwendig
Conduit Engine Conduit Ltd. 19.09.2011 unbekannt
Convert AVI to MP4 1.3 convertavitomp3.com 26.09.2010 unbekannt
Core Temp version 0.99.7 Arthur Liberman 09.09.2010 1,67MB 0.99.7 notwendig
CPUID CPU-Z 1.60 09.04.2012 2,95MB notwendig
CyberLink MediaEspresso CyberLink Corp. 13.11.2010 174,9MB 6.0.0722_28792 unbekannt
D-Fend Reloaded 1.2.1 (deinstallieren) Alexander Herzog 11.12.2011 1.2.1 notwendig
DAEMON Tools Lite DT Soft Ltd 25.09.2012 4.45.4.0314 notwendig
Der Exorzist INTENIUM GmbH 04.01.2013 1.0.0.0 notwendig
Desktop Icon für Amazon 01.12.2012 1.0.1 (de) unbekannt
DEUTSCHLAND SPIELT GAME CENTER INTENIUM GmbH 04.01.2013 1.0.0.46 unbekannt
DivX-Setup DivX, LLC 11.12.2012 2.6.1.22 notwendig
Downloader 29.03.2011 unbekannt
dradio-Recorder Version 3.02.0 24.02.2011 notwendig
Dragon NaturallySpeaking 11 Nuance Communications Inc. 10.11.2010 2.785MB 11.50.100 notwendig
Dual-Core Optimizer AMD 13.10.2010 86,00KB 1.1.4.0169 unbekannt
Dxtory version 2.0.119 Dxtory Software 04.11.2012 11,3MB 2.0.119 notwendig
Edna Bricht Aus - Sammler Edition Daedalic Entertainment 01.01.2013 1.2 notwendig
Ein Yankee unter Rittern INTENIUM GmbH 04.01.2013 1.0.0.0 unnötig
Eufloria HD 19.11.2012 notwendig
Europa Universalis III 16.01.2011 notwendig
Explorer Suite III 17.07.2012 unbekannt
F1 Race Stars 08.01.2013 4.290MB notwendig
Farm Craft 2 INTENIUM GmbH 04.01.2013 1.0.0.0 notwendig
ffdshow v1.2.4422 [2012-04-09] 04.11.2012 13,3MB 1.2.4422.0 unbekannt
FireJump FireJump.net 01.12.2012 4,29MB 1.0.2.5 unbekannt
FLV Player 2.0 (build 25) Martijn de Visser 16.11.2010 2.0 (build 25) notwendig
FormatFactory 2.60 Free Time 28.12.2010 2.60 notwendig
Fraps (remove only) 29.10.2012 notwendig
Free FLV Converter V 7.5.0 Koyote Soft 31.10.2012 17,7MB 7.5.0.0 notwendig
Free Screen Video Recorder version 2.5.17.602 DVDVideoSoft Limited. 04.06.2011 23,7MB unbekannt
Free Video Dub version 2.0.14.903 DVDVideoSoft Ltd. 25.09.2012 82,3MB 2.0.14.903 notwendig
Free Video to MP3 Converter version 5.0.4.1228 DVDVideoSoft Ltd. 15.01.2012 57,2MB notwendig
FreeCommander 2009.02b Marek Jasinski 17.02.2011 2009.02 notwendig
Freemake Video Converter Version 3.1.2 Ellora Assets Corporation 02.11.2012 53,8MB 3.1.2 unbekannt
FUSSBALL MANAGER 09 Electronic Arts 26.01.2011 notwendig
Futuremark SystemInfo Futuremark Corporation 10.09.2010 3.21.2.1 unbekannt
Google Chrome Google Inc. 14.09.2012 24.0.1312.52 unnötig
Google Earth Google 23.11.2011 92,7MB 6.1.0.5001 notwendig
Google Talk Plugin Google 01.11.2012 19,3MB 3.10.2.10212 unbekannt
Haali Media Splitter 30.12.2012 unbekannt
HandBrake 0.9.8 05.11.2012 0.9.8 unnötig
Harveys neue Augen Special Edition Daedalic Entertainment 01.01.2013 1.3 notwendig
HijackThis 2.0.2 TrendMicro 14.09.2010 2.0.2 notwendig
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B HP 08.04.2012 8.0 notwendig
ICQ7.2 ICQ 31.10.2010 7.2 unnötig
Inspector Magnusson: Mord auf der Titanic INTENIUM GmbH 04.01.2013 1.0.0.0 unnötig
Interlok driver setup x32 PACE Anti-Piracy 02.11.2010 0,12MB 5.8.10 unbekannt
IrfanView (remove only) Irfan Skiljan 02.07.2012 1,50MB 4.32 unbekannt
Java(TM) 6 Update 37 Oracle 06.07.2012 95,7MB 6.0.370 unbekannt
Java(TM) 7 Update 2 Oracle 01.01.2013 99,1MB 7.0.20 unbekannt
JDownloader AppWork UG (haftungsbeschränkt) 07.10.2010 0.89 notwendig
Kate's Video Cutter Web Solution Mart 17.01.2012 4.4.0 unnötig
Kate's Video Splitter 7.0 Web Solution Mart 17.01.2012 21,3MB 7.0.0 unnötig
Kodu Game Lab Microsoft Research 22.11.2012 263MB 1.2.88 unnötig
KVIrc Szymon Stefanek and The KVIrc Development Team 05.10.2012 notwendig
Lagarith Lossless Codec (1.3.27) 04.11.2012 0,88MB notwendig
Landwirtschafts Simulator 2011 GIANTS Software 02.08.2012 768MB 1.0 notwendig
LAV Filters 0.51.3 Hendrik Leppkes 30.12.2012 11,7MB 0.51.3 unbekannt
Left 4 Dead 2 Valve 04.11.2012 notwendig
Lightworks Lightworks 15.11.2012 11.0.3.0 unbekannt
Linkury Smartbar Linkury Inc. 27.11.2011 14,9MB 1.4.0.961 unbekannt
Logitech SetPoint 5.20 Logitech 09.04.2011 16,1MB 5.20 unbekannt
Lost Chronicles of Zerzura dtp 19.12.2012 unnötig
Machete Lite 3.8 MacheteSoft 30.09.2012 2,65MB 3.8.33 notwendig
Magic The Gathering Wizards of the Coast 14.11.2010 408MB 3.201 notwendig
Magic Workstation 0.94f Magic Technology 17.02.2011 notwendig
MagicTG 14.11.2010 notwendig
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 09.01.2013 18,4MB 1.70.0.1100 notwendig
Mega World Smash INTENIUM GmbH 04.01.2013 1.0.0.0 unbekannt
Microsoft .NET Compact Framework 2.0 SP1 Microsoft Corporation 30.01.2011 91,0MB 2.0.6129
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 22.10.2010 38,8MB 4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 22.10.2010 2,94MB 4.0.30319
Microsoft .NET Framework 4 Extended Microsoft Corporation 26.10.2010 52,0MB 4.0.30319
Microsoft Games for Windows - LIVE Redistributable Microsoft Corporation 26.12.2011 31,3MB 3.5.92.0
Microsoft Games for Windows Marketplace Microsoft Corporation 05.05.2011 6,04MB 3.5.50.0
Microsoft PowerPoint Viewer Microsoft Corporation 11.12.2012 197,0MB 14.0.6029.1000
Microsoft Silverlight Microsoft Corporation 13.05.2012 180,0MB 4.1.10329.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 05.08.2012 1,70MB 3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 14.09.2010 0,25MB 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.12.2011 2,38MB 8.0.59193
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 14.09.2010 0,20MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 06.01.2012 1,42MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 31.12.2012 0,22MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 11.09.2010 0,58MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 26.12.2011 0,22MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 0,59MB 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 30.09.2012 13,9MB 10.0.40219
Microsoft WSE 3.0 Runtime Microsoft Corp. 06.10.2010 0,92MB 3.0.5305.0
Microsoft XNA Framework Redistributable 3.1 Microsoft Corporation 18.11.2011 7,55MB 3.1.10527.0 " Alles von Microsoft unbekannt "
Mindjet MindManager 9 Mindjet 31.12.2010 100,0MB 9.0.246 unnötig
Monopoly Deluxe Zylom Games 28.12.2011 1.0.0 notwendig
Mord im Laufrad Mord im Laufrad 03.01.2013 11,6MB 1.00.0000 notwendig
Mozilla Firefox 18.0 (x86 de) Mozilla 10.01.2013 50,1MB 18.0 notwendig
Mozilla Maintenance Service Mozilla 10.01.2013 0,32MB 18.0 unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 17.09.2010 35,00KB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 17.09.2010 1,33MB 4.20.9876.0
MSXML 4.0 SP3 Parser Microsoft Corporation 10.12.2011 1,48MB 4.30.2100.0
MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 11.07.2012 1,53MB 4.30.2114.0
MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 09.01.2013 1,54MB 4.30.2117.0
MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 12.12.2011 1,53MB 4.30.2107.0 " Alles von MSXML unbekannt "
MTG GamePack for Magic Workstation Magic Technology 17.02.2011 notwendig
My MP4Box GUI 0.5.6.0 Matt Bodin 15.11.2012 8,10MB 0.5.6.0 unbekannt
Nebel der Elfen 2 INTENIUM GmbH 04.01.2013 1.0.0.0 unnötig
No23 Recorder No23 24.02.2011 1,22MB 2.1.0.3 notwendig
Norton Internet Security CBE Symantec Corporation 30.10.2012 20.2.0.19 notwendig
NVIDIA 3D Vision Controller-Treiber 306.23 NVIDIA Corporation 15.09.2012 306.23
NVIDIA 3D Vision Treiber 306.97 NVIDIA Corporation 17.11.2012 306.97
NVIDIA Grafiktreiber 306.97 NVIDIA Corporation 17.11.2012 306.97
NVIDIA HD-Audiotreiber 1.3.18.0 NVIDIA Corporation 15.09.2012 1.3.18.0
NVIDIA PhysX-Systemsoftware 9.12.0604 NVIDIA Corporation 14.09.2012 9.12.0604
NVIDIA Update 1.10.8 NVIDIA Corporation 15.09.2012 1.10.8 " Alles von NVidia notwendig "
OCTGN OCTGN 28.12.2011 0.9.3.2 unbekannt
OpenAL 08.01.2013 unbekannt
OpenOffice.org 3.2 OpenOffice.org 15.11.2010 363MB 3.2.9502 notwendig
Panzer Corps Wehrmacht Slitherine 08.01.2013 555MB 1.03 notwendig
Panzer General Special Edition 08.01.2013 1.030MB notwendig
Papyrus Autor 3.01 24.10.2010 notwendig
Patrizier II Gold 08.12.2011 notwendig
PDF-XChange 3 Tracker Software 31.12.2010 unbekannt
PhotoPad Image Editor NCH Software 06.02.2011 unbekannt
PhotoStage Slideshow Producer NCH Software 06.02.2011 unbekannt
Pixillion Imagedatei-Konverter NCH Software 06.02.2011 unbekannt
PlayClaw Sytexis Software 30.10.2012 2.1.0.1502 notwendig
Port Royale 3 Gaming Minds Studios GmbH 03.05.2012 4.666MB 1.0.0.0 notwendig
PowerGramo Professional Freebird 05.05.2011 5.3.0.38 notwendig
ProtectDisc Driver, Version 11 ProtectDisc Software GmbH 05.10.2010 11.0.0.14 unbekannt
PunkBuster Services Even Balance, Inc. 03.11.2010 0.988 notwendig
QuickTime Apple Inc. 30.12.2012 73,2MB 7.73.80.64 notwendig
Rapture3D 2.5.1 Game Blue Ripple Sound 08.01.2013 28,6MB unbekannt
Realtek Ethernet Controller Driver Realtek 09.09.2010 1.00.0008 notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 27.11.2011 6.0.1.6482 notwendig
Rosetta Stone Version 3 Rosetta Stone Ltd. 10.01.2011 120,4MB 3.4.5.0 notwendig
Sandboxie 3.72 (32-bit) SANDBOXIE L.T.D 12.07.2012 3.72 unnötig
Skype Click to Call Skype Technologies S.A. 01.11.2012 28,1MB 6.3.11079 notwendig
Skype™ 6.0 Skype Technologies S.A. 22.11.2012 20,3MB 6.0.126 notwendig
SmartSound Common Data SmartSound Software Inc. 16.12.2011 13,5MB 1.1.0 unbekannt
SmartSound Quicktracks 5 SmartSound Software Inc. 16.12.2011 49,2MB 5.1.6 unbekannt
SopCast 3.5.0 www.sopcast.com 24.09.2012 3.5.0 notwendig
Sothink Video Converter SourceTec Software Co., LTD 30.12.2012 45,9MB 3.6 unbekannt
Spybot - Search & Destroy Safer Networking Limited 10.10.2012 1.6.2 notwendig
Steam Valve Corporation 15.10.2010 42,3MB 1.0.0.0 notwendig
Storybook Intertec 01.02.2011 2.1.15 notwendig
Streamripper (Remove only) 24.02.2011 unbekannt
StreamTransport version: 1.0.2.2171 17.02.2012 unbekannt
SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51 eRightSoft 02.06.2012 52,6MB v2012.build.51 notwendig
System Requirements Lab CYRI Husdawg, LLC 09.04.2012 0,45MB 4.5.1.0 unbekannt
TeamSpeak 3 Client TeamSpeak Systems GmbH 02.11.2012 3.0.9.2 notwendig
The Whispered World Deep Silver 03.01.2013 1.01 notwendig
Toonstruck Windows Deutsch 1.0 31.01.2011 1.025MB notwendig
Toy Defense UIG GmbH 10.12.2012 88,4MB notwendig
TreeSize Free V2.6 JAM Software 05.02.2012 3,63MB 2.6 unbekannt
Ubisoft Game Launcher UBISOFT 30.11.2011 1.0.0.0 notwendig
Uninstall 1.0.0.1 11.11.2010 10,6MB unbekannt
Unlocker 1.9.1 Cedrick Collomb 01.03.2012 1.9.1 notwendig
Veetle TV 0.9.18 Veetle, Inc 03.02.2011 0.9.18 unnötig
Ventrilo Client Flagship Industries, Inc. 17.09.2010 4,43MB 3.0.5 unnötig
VIA Plattform-Geräte-Manager VIA Technologies, Inc. 06.09.2010 2,62MB 1.34 unbekannt
VideoBrowser PIXELA 15.12.2011 1.01.100 unbekannt
VidSplitter GeoVid 07.11.2012 unbekannt
VirtualCloneDrive Elaborate Bytes 23.02.2012 notwendig
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking Nuance Communications Inc. 10.11.2010 23,1MB 11.0.0 notwendig
VLC media player 1.0.1 VideoLAN Team 23.11.2011 1.0.1 notwendig
WEB.DE MailCheck für Mozilla Firefox 1&1 Mail & Media GmbH 13.09.2012 2.1.4.1420 unbekannt
WinCDEmu Bazis 06.10.2010 3.3 unbekannt
Windows Live Essentials Microsoft Corporation 06.08.2012 15.4.3555.0308 notwendig
Windows Media Encoder 9-Reihe 16.07.2011 unbekannt
Winload Toolbar 12.01.2011 unbekannt
WinRAR 23.09.2010 notwendig
WinUAE v0.8.8 R7 06.11.2012 notwendig
yWriter5 Spacejock Software 01.02.2011 notwendig
Zattoo4 4.0.5 Zattoo Inc. 14.09.2012 4.0.5 notwendig
Zip Motion Block Video codec (Remove Only) DOSBox Team 11.12.2011 unbekannt

markusg 13.01.2013 18:26
deinstaliere:
Acoustica
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Advanced
Alamandi
AudibleManager
AutoHotkey
Avidemux
AviSynth
Babylon : alle
Browse2save
Conduit
Convert
CyberLink
Desktop Icon
DEUTSCHLAND
Downloader
Ein
Explorer Suite
FireJump
Free Screen
Freemake
Futuremark
Google : alle
HandBrake
HijackThis : bitte nicht mehr nutzen, wird nicht mehr entwickelt und liefert falsche Ergebnisse auf neuen Systemen.
ICQ7.2
Inspector
IrfanView
Java: alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Kate's : alle
Kodu
Lightworks
Linkury
Lost
Mega
Mindjet
My MP4Box
Nebel
PDF-XChange
PhotoPad
PhotoStage
Pixillion
Sandboxie
Sothink
Spybot : kann weg, schützt kaum vor aktuellen Bedrohungen
Streamripper
TreeSize
Veetle
Ventrilo
VideoBrowser
VidSplitter
WEB.DE
WinCDEmu
Winload
Zip Motion

Öffne CCleaner, analysieren, starten, PC neustarten.
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Welsper 18.01.2013 20:42
# AdwCleaner v2.106 - Datei am 18/01/2013 um 20:40:26 erstellt
# Aktualisiert am 17/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mj7a9djq.default\bprotector_extensions.sqlite
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mj7a9djq.default\bprotector_prefs.js
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mj7a9djq.default\searchplugins\11-suche.xml
Datei Gefunden : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mj7a9djq.default\searchplugins\mngr.xml
Ordner Gefunden : C:\Program Files\AF-HSS
Ordner Gefunden : C:\Program Files\BabylonToolbar
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\ConduitEngine
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Browse2save
Ordner Gefunden : C:\ProgramData\Browser Manager
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\InstallMate
Ordner Gefunden : C:\ProgramData\Premium
Ordner Gefunden : C:\Users\***\AppData\Local\Conduit
Ordner Gefunden : C:\Users\***\AppData\LocalLow\AF-HSS
Ordner Gefunden : C:\Users\***\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\***\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\***\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\***\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\***\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\5e28fd0b76fb847
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AF-HSS
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\BabylonToolbar
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE590731-D209-43C9-B606-86714EFB7BF5}
Schlüssel Gefunden : HKCU\Software\PIP
Schlüssel Gefunden : HKCU\Software\SmartbarBackup
Schlüssel Gefunden : HKCU\Software\SmartbarLog
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\5e28fd0b76fb847
Schlüssel Gefunden : HKLM\Software\AF-HSS
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\BabylonToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\b
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FE590731-D209-43C9-B606-86714EFB7BF5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2604146
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2765711
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\Freeze.com
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D92E74B7-3753-4178-B7AE-0B058C501696}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA9D3FF9-0EC2-4E7B-BD99-914FC398D267}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Linkury Chrome Smartbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FE590731-D209-43C9-B606-86714EFB7BF5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AF-HSS Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : HKU\S-1-5-21-2373844148-831878903-2888449-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-2373844148-831878903-2888449-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-2373844148-831878903-2888449-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKU\S-1-5-21-2373844148-831878903-2888449-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gefunden : HKU\S-1-5-21-2373844148-831878903-2888449-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gefunden : HKU\S-1-5-21-2373844148-831878903-2888449-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKU\S-1-5-21-2373844148-831878903-2888449-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=109727&tt=4812_8&babsrc=NT_ss&mntrId=54a93cd60000000000000025223606c8
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com

-\\ Mozilla Firefox v18.0 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mj7a9djq.default\prefs.js

Gefunden : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=109727&tt=4812_8&babsrc=HP[...]
Gefunden : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Gefunden : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Gefunden : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gefunden : user_pref("extensions.50e7da3064e67.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Gefunden : user_pref("extensions.BabylonToolbar.admin", false);
Gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gefunden : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gefunden : user_pref("extensions.BabylonToolbar.id", "54a93cd60000000000000025223606c8");
Gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15676");
Gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.822:43:59");
Gefunden : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=109727&tt=4812_8&babsrc=KW_ss&mntrId=54a9[...]

*************************

AdwCleaner[R1].txt - [16123 octets] - [18/01/2013 20:40:26]

########## EOF - C:\AdwCleaner[R1].txt - [16184 octets] ##########

markusg 19.01.2013 18:33
Hi,

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

Neustarten bitte, testen, wie der PC läuft, auch alle instalierten Browser.

Welsper 21.01.2013 20:57
Problem - der ADWCleaner startet zwar den PC neu, öffnet sich dann aber nicht nach dem Hochfahren und macht auch ansonsten nichts.

markusg 21.01.2013 21:51
lösche deine Version mal, und lad ihn erneut runter.
und reinige erneut.

Welsper 21.01.2013 22:05
Ok jetzt hat es geklappt.

Hier das Log:

# AdwCleaner v2.107 - Datei am 21/01/2013 um 21:58:39 erstellt
# Aktualisiert am 21/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mj7a9djq.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mj7a9djq.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mj7a9djq.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mj7a9djq.default\searchplugins\mngr.xml
Ordner Gelöscht : C:\Program Files\AF-HSS
Ordner Gelöscht : C:\Program Files\BabylonToolbar
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\ConduitEngine
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Browse2save
Ordner Gelöscht : C:\ProgramData\Browser Manager
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\***\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\AF-HSS
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\***\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\5e28fd0b76fb847
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AF-HSS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE590731-D209-43C9-B606-86714EFB7BF5}
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\SmartbarBackup
Schlüssel Gelöscht : HKCU\Software\SmartbarLog
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\5e28fd0b76fb847
Schlüssel Gelöscht : HKLM\Software\AF-HSS
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\b
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE590731-D209-43C9-B606-86714EFB7BF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2604146
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2765711
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D92E74B7-3753-4178-B7AE-0B058C501696}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA9D3FF9-0EC2-4E7B-BD99-914FC398D267}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Linkury Chrome Smartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0381DBD-E018-4E07-AE40-D96AB15083F0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FE590731-D209-43C9-B606-86714EFB7BF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AF-HSS Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\PIP
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{F0381DBD-E018-4E07-AE40-D96AB15083F0}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=109727&tt=4812_8&babsrc=NT_ss&mntrId=54a93cd60000000000000025223606c8 --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mj7a9djq.default\prefs.js

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\mj7a9djq.default\user.js ... Gelöscht !

Gelöscht : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=109727&tt=4812_8&babsrc=HP[...]
Gelöscht : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gelöscht : user_pref("extensions.50e7da3064e67.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gelöscht : user_pref("extensions.BabylonToolbar.id", "54a93cd60000000000000025223606c8");
Gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15676");
Gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
Gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.822:43:59");
Gelöscht : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=109727&tt=4812_8&babsrc=KW_ss&mntrId=54a9[...]

*************************

AdwCleaner[R1].txt - [16209 octets] - [18/01/2013 20:40:26]
AdwCleaner[R2].txt - [16317 octets] - [21/01/2013 20:50:59]
AdwCleaner[R3].txt - [16378 octets] - [21/01/2013 21:58:05]
AdwCleaner[S1].txt - [15448 octets] - [21/01/2013 21:58:39]

########## EOF - C:\AdwCleaner[S1].txt - [15509 octets] ##########

markusg 22.01.2013 13:05
hi
teste, wie der PC läuft + Programme wie Internet explorer, ff und sonstige verwendete Programme.

Welsper 22.01.2013 16:34
Also bis jetzt kann ich keine Einschränkungen feststellen.
Ich muss aber auch sagen daß ich die Adware davor nicht bemerkt habe, was die Leistung von Programmen oder das Arbeiten am PC angeht.

Ich nehme mal an das er nun wieder sauber ist, oder ?

Wie kann ich denn nach Möglichkeit künftig Adware bereits im Keim ersticken ?
Ich meine mein Norton Internet Security Scan zwar jede Datei die ich runterlade aber trotzdem kam die Adware ja auf meinen PC.

markusg 22.01.2013 17:06
hi,
Öffne OTL, bereinigen, PC startet neu, löscht remover.
Lösche übriggebliebene Remover, Setups, logs, leere den Papierkorb.
Wenn du Programme instalierst, mache das nur beim Hersteller, instaliere immer benutzerdefiniert, und informiere dich zb über Google.

PC absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten

Welsper 22.01.2013 17:32
Also was mein Antivirenprogramm angeht bin ich sehr zufrieden.

Ich nutze wie gesagt Norton Internet Security.
Das einzige was ich eben noch zusätzlich bräuchte ist ein Programm das auf Adware u.s.w. spezialisiert ist, da ich das Gefühl habe das Norton eben nicht jede Adware zu 100 % erkennt.

Nun kommt es aber auch mal vor, daß die ganzen Remover etwas als Adware erkennen was keine ist - zumindest nehme ich an das es keine ist.
Ich habe ein kleines Programm, welches mit dabei hilft Videos für Let´s Play danach mit MeGui zu rendern.
Das hat er komischerweise im Zuge der Säuberungsaktion gelöscht so daß ich es mir wieder frisch laden musste.
Scheint also nicht immer so leicht zu sein richtige Adware von falscher zu unterscheiden.

Kann man eigentlich ein Programm gezielt untersuchen lassen ?

Naja ich bedanke mich in jedem Fall erstmal für die Hilfe und bin froh daß es dieses Forum gibt um Menschen die von dem allen wenig Ahnung haben zu helfen.

Mir wäre wie gesagt sehr gedient wenn ich zu meinem Securityprogramm noch eines für Adware hätte das am Besten direkt alles scannt was geladen wird so das mir nichtsmehr durchschlüpfen kann.
Denn das mit den ganzen logs und Removern war ja doch eine ziemliche Arbeit.
Das muss doch auch schneller gehen, oder ? :-)

markusg 22.01.2013 18:01
Hi
gibt da keine vernünftigen Programme die Adware erkennen.
sichere den PC ab wie beschrieben, behalte norton.
und wie du adware erkennst bzw vermeidest steht oben, eigeniniziative ist gefragt und man sollte nicht alles instalieren ohne es zu hinterfragen :-)

Welsper 22.01.2013 18:39
Ok ich danke dir nochmal herzlichst :-)

Ich werde nach einem Neustart direkt mal ein Systemabbild speichern und einen Schcerungspunkt erstellen.
Sicher ist sicher.

Ansonsten scanne ich nun eben immer mal wieder komplett und ansonsten mit Malware Bytes untersuchen.

markusg 22.01.2013 18:44
wenn du system images hast, brauchst du kein punk in der Systemwiederherstellung.
ich möchte erst mal anhand einer checkliste prüfen ob du alles hast.
- instalieren von optionalen und wichtigen updates.
- konfigurieren von windows updates.
- dep für alle prozesse aktivieren.
- sehop aktivieren.
- chrome instalieren.
- sandboxie instalieren.
- autorun deaktivieren.
- panda vaccine instalieren.
- secunia instalieren.
- file hippo instalieren.
beachte:
secunia und file hippo bieten englische updates, überall wo du auf die nutzeroberfläche zugreifst, wie zb reader, browser, etc benötigst du deutsche updates, also hier die hersteller seiten in den favoriten deines browsers speichern und wenn ein update gezeigt wird, von dort hohlen, bei java, flash quicktime, ist es egal ob deutsch oder englisch.
- backup software instalieren, backup und rettungsdvd erstellen.
hier ne kurze anleitung:
Anleitung: Systemabbild mit Paragon Drive Backup - NETZWELT

- wenn du onlinebanking machst, kann ich noch kurz was über die vorteile von card reader und banking software sagen.
- passwort manager instaliert.

Welsper 22.01.2013 19:09
Also die Windowsupdates lasse ich immer machen und zwar alle.

Google Chrome nutze ich nicht, ich nutze nur Firefox.

Sandboxie habe ich nciht drauf. Das hatte ich mal, hat aber irgendwie Probleme gemacht, da habe ich es wieder deinstalliert.

Für online Banking habe ich Chip-tan. Das ist soweit die beste Möglichkeit, da ich darauf achte keine Sammelüberweisungen zu machen und auch immer prüfe ob die Kontonummer des Empfängers angezeigt wird.
Das sind dabei die einzig bekannten Schwachstellen.

Einen Passwortmanager nutze ich noch nicht, ist aber bei Bedarf einer in Norton Security dabei.
Ich schreib mir meine Passwörter bis jetzt einfach auf einen Zettel und wichtige Passwörter gebe ich nur mit der Onscreen Tastatur ein.

Die ganzen restlichen Punkte hier sagen mir nichts:

- dep für alle prozesse aktivieren.
- sehop aktivieren.
- autorun deaktivieren.
- panda vaccine instalieren.
- secunia instalieren.
- file hippo instalieren.

markusg 22.01.2013 19:32
dann solltest du die Anleitung von oben mal lesen, da steht alles beschrieben.
schon Chrome angesehen? er bietet sicherheitsfeatures, die der ff nicht hatt, und sollte auch schneller sein.
chrome absicherung:
adblock für chrome:
http://filepony.de/download-adblock_chrome/
damit sollte das leben werbefreier von statten gehen.
ghostery um tracking zu verhindern:
http://filepony.de/download-ghostery_chrome/
HTTPS Everywhere
https://chrome.google.com/webstore/d...jekcdonpmejbdp
wählt, wenn möglich, eine sichere Verbindung
sicher surfen mit chrome:
Sicher surfen mit Google Chrome | Verbraucher sicher online


Welche Probleme hat sandboxie gemacht, instaliere es bitte noch mal.

Welsper 22.01.2013 23:09
So, ich hab nun alles gemacht, bis auf Google Chrome installiert und ein backup gemacht.

Google Chrome werde ich wohl mal testen, Sandboxie muss ich mir erstmal noch genauer durchlesen. Installiert ist es.

Alle wichtigen fehlenden Updates zu progammen habe ich installiert. Bei so Dingen wie Google Earth habe ich auf die Updates erstmal verzichtet.

Ein weiteres Konto als Standartnutzer habe ich ebenfalls eingerichtet.
Aber da muss ich auch noch daran feilen, da dort noch nicht alle Programme auf dem Desktop sind die ich so benötige.

Sandboxie und das Hippoprogramm lasse ich nciht beim Systemstart mitladen, sondern rufe sie nach Bedarf auf.

Beim Systemstart werden neu nur das Pandading geladen für den USB schutz und das andere Updatetool. Allerdings habe ich die automatischen Updates ausgeschalten da ich gerne informiert werde bevor da was passiert.

Am meisten Sorgen mache ich mir wegen dem Datenausführungsverhinderungprogramm. Ich hoffe es wird auch wenn ich es aktiviert habe noch alles laufen was laufen soll.

UAC war bereits auf der höchsten Stufe, Autorun ist deaktiviert und SEHOP habe ich wie beschrieben ebenfalls aktivieren lassen.

Du hattest geschrieben, daß das Backup Programm für Windows 7 für dessen Nutzer ganz gut funktioniert.
Ist es dann ok wenn ich damit ein Backup mache ?

markusg 23.01.2013 12:15
hi
bitte immer alle updates einspielen, auch solche programme können sicherheitslücken haben.
lies mal den link, programme für alle sichtbar machen.
bitte lasse filehippo mit laufen, sonst siehst du nicht, wenn neue Updates reinkommen, das ist wichtig, denn sicherheitslücken werden schnell ausgenutzt und müssen sofort geschlossen werden!
mache mit win7 backup ein backup, erstelle dir einen Zeitplan, damit du regelmäßig deine Sicherungen bekommst.

Welsper 24.01.2013 10:15
So, erstmal Platz gemacht auf meiner externen Festplatte.
Mache jetzt gerade ein Systemabbild von c: und den Systemdateien.
Da im Moment der PC ja frei von allem schädlichen sein sollte, lass ich dieses Abbild auf jeden Fall bestehen für den Fall, daß es mir irgendwann mal den PC zerreißt oder ich mir was wirklich böses einfangen sollte.
Ich rechne zwar nciht damit da ich immer sehr vorsichtig bin, aber der Teufel ist ja bekanntlich ein Eichhörnchen.

Filehippo und Secunia habe ich nicht im Autostart, lasse sie aber einmal am Tag nach Updates suchen.

Panda USB Vaccine ist immer am laufen, genau wie logischerweise Norton.

Dazu werde ich nun einmal die Woche mit Malware Bytes nach Adware suchen und diese ggf. gleich entfernen lassen.

mit dem SEHOP und Def für alle Prozesse, sollte mein PC nun aber auch etwas besser geschützt sein gegen Sachen die sich einschleichen wollen.

Google Chrome werde ich mal testen und mit Sandboxie muss ich mich erst noch vertraut machen.
Was mich da besonders beschäftigt, ist das ich die Daten die ich runterlade wärend ich Sandboxie anhabe, nicht beim schließen von Sandboxie wieder verliere, denn in der Regel möchte ich ja das haben was ich runterlade ^^

Ansonsten wäre es vielleicht nicht schlecht in dieses Forum jedes halbe Jahr mal zur Vorsorge zu gehen und mit otl schauen zu lasssen ob man was hat :-)

markusg 24.01.2013 12:17
hi
die Daten verlierst du nicht, du kannst für vordefinierte ordner die wiederherstellung bzw schnelle wiederherstellung aktivieren, sodass du immer nach einem Download bzw bei schließen der Sandbox informiert wirst, und die Dateien aus der sandbox in einen ordner außerhalb wiederherstellen kannst


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:55 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19