Win32.agent.fbx(trojaner anzeige),Tradedoubler, MediaPlex-Nicht löschbar.

Pukki · 05.10.2011, 05:58

Hallo,
also ich habe folgendes Problem;

Mir schmiert seit einer ewigkeit öfters mal meine Inet Verbindung ab, gerade wenn ich mich im Teamspeak aufhalte.
Und das ist natürlich ärgerlich.
Das nahm ich zum Grund um den Spyware Terminator vom PC zu schmeißen, mir den Avira wieder zu loaden + den SpywareBot . Weder der Avira noch der Spyware Terminator haben mir vorher jemals folgende meldung bzw folgende Objekte(Funde) nach einem Scan angezeigt

Zitat:

Bearshare 16 Einträge
DoubleClick 2 Einträge
Fastclick 1 Einträge
MediaPlex 3 Einträge
SweetIM 3 Einträge
Tradedoubler 3 Einträge
Win32.Agent.fbx

ls ich auf "Beheben" klickte konnten die Probleme nicht gelöscht werden und ich solle einen Admin informieren. Dadurch bekam ich Angst und habe den win32.agent.fbx gegooglet und dabei gelesen es sein ein Trojaner, da ich aber auf dem Gebiet absolut keine ahnung habe und nicht weiß was ich machen soll bzw wie ich das wegbekomme möchte ich nun hier mein Glück versuchen .

Ich habe mir die OTL.exe gezogen und alles wie angefordert gemacht,Inetverbinung gekappt,Scanner aus und das Programm laufen lassen wobei dieser Log entstand. ( Da ich es iwie nicht hinbekomme diesen als anhang zu packen muss ich den leider so Posten -.- Ich hoffe es kann mir trotzdem jemand helfen, ich bin halt mehr ein Laie in sowas und bin absolut verzweifelt grad

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.10.2011 20:10:37 - Run 2
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\XXX\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 62,70% Memory free
3,74 Gb Paging File | 2,85 Gb Available in Paging File | 76,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,37 Gb Total Space | 21,12 Gb Free Space | 28,40% Space Free | Partition Type: NTFS
Drive E: | 73,21 Gb Total Space | 67,95 Gb Free Space | 92,81% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\ProgramData\DatacardService\DCService.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - c:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - c:\Programme\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\tsnp2std.exe ()
PRC - C:\Windows\vsnp2std.exe (Sonix)
PRC - C:\Windows\FixCamera.exe ()
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\tsnp2std.exe ()
MOD - C:\Windows\FixCamera.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe ()
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (TempoMonitoringService) -- C:\Program Files\Toshiba TEMPRO\TempoSVC.exe (Toshiba Europe GmbH)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TNaviSrv) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TosCoSrv) -- c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA SMART Log Service) -- c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SPC530) -- C:\Windows\System32\drivers\SPC530.sys (                                                            )
DRV - (SPC530m) -- C:\Windows\System32\drivers\SPC530m.sys (                                                            )
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation                           )
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\Windows\System32\drivers\snp2sxp.sys ()
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (MRV6X32U) -- C:\Windows\System32\drivers\MRVW23B.sys (Bluemedia)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.jappy.de/"
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.7.1
FF - prefs.js..extensions.enabledItems: {7E77F5DF-8022-40e3-9122-F03DEBEFC43B}:1.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\XXX\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\XXX\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\XXX\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.08 02:34:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.21 02:11:34 | 000,000,000 | ---D | M]
 
[2009.01.15 17:30:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2011.09.25 20:05:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions
[2010.04.27 09:46:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.06 20:53:08 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.04.04 19:37:56 | 000,000,000 | ---D | M] ("PsicoTSI") -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}
[2011.06.09 04:46:26 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.06.09 04:46:28 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2010.09.22 14:19:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.02.01 00:22:29 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.06.09 04:46:29 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\engine@conduit.com
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-10.xml
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-11.xml
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-12.xml
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-2.xml
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-3.xml
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-4.xml
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-5.xml
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-6.xml
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-7.xml
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-8.xml
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-9.xml
[2011.09.29 20:22:39 | 000,000,822 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin.xml
[2011.09.25 20:05:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.01.15 18:58:16 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.05.05 11:19:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.06 15:21:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.03.16 19:30:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.01.12 11:19:40 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2009.01.26 10:29:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.03.25 13:59:49 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.09.10 17:51:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.11.23 09:15:19 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.04.01 12:11:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.05.05 11:19:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.06 15:21:27 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.03.16 19:30:05 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.01.12 11:19:40 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\QUICKSTORES@QUICKSTORES.DE
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.29 20:22:39 | 000,001,400 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 20:22:39 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 20:22:39 | 000,006,818 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.20 01:46:01 | 000,001,272 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 20:22:39 | 000,000,903 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\TimoF1\AppData\Local\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\XXX\AppData\Local\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\TimoF1\AppData\Local\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: BitTorrent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\XXX\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\XXX\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Star Gazer = C:\Users\XXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblmlcbknbnfebdfjnolmcapmdofhmme\1.1_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2std] C:\Windows\vsnp2std.exe (Sonix)
O4 - HKLM..\Run: [tsnp2std] C:\Windows\tsnp2std.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\TimoF1\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - Amazon.de: Günstige Preise bei Elektronik & Foto, DVD, Musik, Bücher, Games, Spielzeug & mehr File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: CabBuilder hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DACC1AB2-63AB-4A89-9607-B17496CE76C4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1A14B54-FDEA-4D36-B4BF-5CCBA037D3B7}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1478f9f4-aa73-11e0-b8cb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1478f9f4-aa73-11e0-b8cb-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{6de362c8-f728-11de-a230-cf40e21dd416}\Shell - "" = AutoRun
O33 - MountPoints2\{6de362c8-f728-11de-a230-cf40e21dd416}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6de362ca-f728-11de-a230-97ebfdbb4c5c}\Shell - "" = AutoRun
O33 - MountPoints2\{6de362ca-f728-11de-a230-97ebfdbb4c5c}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6de362cb-f728-11de-a230-c21f936b4dc8}\Shell - "" = AutoRun
O33 - MountPoints2\{6de362cb-f728-11de-a230-c21f936b4dc8}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7c434e32-7ad9-11e0-9612-d12759e963c7}\Shell - "" = AutoRun
O33 - MountPoints2\{7c434e32-7ad9-11e0-9612-d12759e963c7}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{7c434e63-7ad9-11e0-9612-f6306ce76e31}\Shell - "" = AutoRun
O33 - MountPoints2\{7c434e63-7ad9-11e0-9612-f6306ce76e31}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c5bfab1c-62b0-11de-97ef-8c5b947565c5}\Shell - "" = AutoRun
O33 - MountPoints2\{c5bfab1c-62b0-11de-97ef-8c5b947565c5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^XXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk - C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe - (TOSHIBA Europe)
MsConfig - StartUpReg: 00TCrdMain - hkey= - key= -  File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: avgnt - hkey= - key= -  File not found
MsConfig - StartUpReg: AVP - hkey= - key= -  File not found
MsConfig - StartUpReg: cfFncEnabler.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: mcagent_exe - hkey= - key= -  File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NDSTray.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: Ocs_SM - hkey= - key= - C:\Users\XXX\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
MsConfig - StartUpReg: SmoothView - hkey= - key= -  File not found
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= -  File not found
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= -  File not found
MsConfig - StartUpReg: topi - hkey= - key= - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
MsConfig - StartUpReg: Toshiba Registration - hkey= - key= - C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
MsConfig - StartUpReg: Toshiba TEMPO - hkey= - key= - C:\Programme\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe (Toshiba Europe GmbH)
MsConfig - StartUpReg: TPwrMain - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.04 15:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.10.04 15:14:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.10.04 15:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.10.04 03:01:09 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Avira
[2011.10.03 02:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.6
[2011.10.03 02:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.6
[2011.09.29 21:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.09.29 20:59:34 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2011.09.29 20:59:20 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.09.29 20:59:20 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011.09.29 20:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.09.29 20:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.09.29 20:22:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO
[2011.09.10 11:26:38 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoft
[2011.09.10 11:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simfy
[2011.09.10 11:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\simfy
[2011.09.05 06:57:55 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Facebook
[2009.12.25 02:39:10 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll
[2009.12.25 02:39:10 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
[2009.11.07 11:54:23 | 000,007,680 | ---- | C] (                                                            ) -- C:\Windows\System32\drivers\SPC530m.sys
[2009.11.07 11:54:22 | 000,486,912 | ---- | C] (                                                            ) -- C:\Windows\System32\drivers\SPC530.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.04 20:15:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-279534257-4243095250-1252865368-1000UA.job
[2011.10.04 20:10:00 | 000,001,194 | ---- | M] () -- C:\Users\XXX\Desktop\OTL - Verknüpfung.lnk
[2011.10.04 20:02:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.04 20:02:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.04 20:01:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.04 20:01:18 | 1876,783,104 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.04 19:51:08 | 000,000,000 | ---- | M] () -- C:\Users\XXX\defogger_reenable
[2011.10.04 19:50:27 | 000,000,548 | ---- | M] () -- C:\Users\XXX\Desktop\Defogger.exe - Verknüpfung.lnk
[2011.10.04 19:03:14 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-279534257-4243095250-1252865368-1000UA.job
[2011.10.04 15:14:53 | 000,001,060 | ---- | M] () -- C:\Users\XXX\Desktop\Spybot - Search & Destroy.lnk
[2011.10.04 00:15:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-279534257-4243095250-1252865368-1000Core.job
[2011.10.03 07:03:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-279534257-4243095250-1252865368-1000Core.job
[2011.10.03 02:25:05 | 000,001,614 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.6.lnk
[2011.10.02 04:12:13 | 000,002,052 | ---- | M] () -- C:\Users\XXX\Desktop\Google Chrome.lnk
[2011.09.30 04:17:06 | 000,000,736 | ---- | M] () -- C:\Users\XXX\Documents\cc_20110930_041654.reg
[2011.09.30 04:16:14 | 000,000,082 | ---- | M] () -- C:\Users\XXX\Documents\cc_20110930_041611.reg
[2011.09.29 21:00:07 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.09.21 02:11:39 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2011.09.13 10:33:31 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.13 10:33:31 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.13 10:33:31 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.13 10:33:31 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.10 11:27:58 | 000,001,037 | ---- | M] () -- C:\Users\XXX\Desktop\DVDVideoSoft Free Studio.lnk
[2011.09.10 11:03:17 | 000,000,719 | ---- | M] () -- C:\Users\Public\Desktop\simfy.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.10.04 20:09:57 | 000,001,194 | ---- | C] () -- C:\Users\XXX\Desktop\OTL - Verknüpfung.lnk
[2011.10.04 19:51:08 | 000,000,000 | ---- | C] () -- C:\Users\XXX\defogger_reenable
[2011.10.04 19:50:05 | 000,000,548 | ---- | C] () -- C:\Users\XXX\Desktop\Defogger.exe - Verknüpfung.lnk
[2011.10.04 15:14:53 | 000,001,060 | ---- | C] () -- C:\Users\XXX\Desktop\Spybot - Search & Destroy.lnk
[2011.10.03 02:25:05 | 000,001,614 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.6.lnk
[2011.09.30 04:17:01 | 000,000,736 | ---- | C] () -- C:\Users\XXX\Documents\cc_20110930_041654.reg
[2011.09.30 04:16:14 | 000,000,082 | ---- | C] () -- C:\Users\XXX\Documents\cc_20110930_041611.reg
[2011.09.29 21:00:07 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.09.05 06:58:20 | 000,000,932 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-279534257-4243095250-1252865368-1000UA.job
[2011.09.05 06:58:13 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-279534257-4243095250-1252865368-1000Core.job
[2010.08.26 23:28:22 | 000,000,208 | ---- | C] () -- C:\Windows\ACROREAD.INI
[2010.08.26 23:26:50 | 000,088,576 | ---- | C] () -- C:\Windows\RAUNINST.EXE
[2010.07.27 20:27:36 | 000,000,000 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\wklnhst.dat
[2010.06.29 05:08:23 | 000,214,720 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009.12.28 08:54:37 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009.12.25 02:39:19 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2009.12.25 02:39:16 | 000,270,336 | ---- | C] () -- C:\Windows\tsnp2std.exe
[2009.12.25 02:39:16 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2009.12.25 02:39:15 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2009.12.25 02:39:12 | 012,179,584 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2009.12.10 04:26:13 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.21 08:31:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.10.21 08:31:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.17 02:30:51 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2009.07.17 02:30:51 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2009.07.12 19:27:13 | 000,367,957 | ---- | C] () -- C:\Users\XXX\AppData\Local\ciqkg_nav.dat
[2009.07.12 19:26:42 | 000,001,460 | ---- | C] () -- C:\Users\XXX\AppData\Local\ciqkg_navps.dat
[2009.07.12 19:26:42 | 000,000,089 | ---- | C] () -- C:\Users\XXX\AppData\Local\ciqkg.bat
[2009.07.12 19:26:41 | 000,003,589 | ---- | C] () -- C:\Users\XXX\AppData\Local\ciqkg.dat
[2009.05.25 05:49:29 | 000,000,680 | ---- | C] () -- C:\Users\XXX\AppData\Local\d3d9caps.dat
[2009.03.27 17:42:15 | 000,024,206 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\UserTile.png
[2009.01.19 00:56:09 | 000,055,808 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.15 17:30:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.01.15 16:38:55 | 000,131,072 | ---- | C] () -- C:\Windows\System32\EnumDevLib.dll
[2009.01.15 16:36:43 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2009.01.15 16:36:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2009.01.15 16:36:43 | 000,009,480 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2009.01.15 16:36:43 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008.10.07 17:02:35 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008.10.07 17:02:35 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008.10.07 17:02:35 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008.10.07 17:02:35 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008.10.07 17:02:35 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008.10.07 17:02:35 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008.10.07 16:54:03 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008.10.07 16:43:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008.10.07 15:54:49 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.10.07 15:40:10 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.10.07 15:38:21 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008.10.07 15:38:21 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.10.07 15:38:20 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.10.07 15:38:20 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,321,376 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010.07.11 14:28:55 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\BitTorrent
[2011.09.10 11:46:59 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoft
[2011.09.10 11:29:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.07.12 19:27:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\FunkyEmoticons
[2011.03.13 00:00:12 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Hansenet
[2011.02.24 03:15:57 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\icPlus
[2011.10.04 01:13:58 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\ICQ
[2010.05.03 23:58:46 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\inkscape
[2009.10.29 03:36:44 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\LimeWire
[2010.12.18 05:54:52 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\myphotobook
[2011.01.09 20:00:58 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\OCS
[2011.01.09 20:01:24 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Opera
[2009.03.27 17:42:14 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\PeerNetworking
[2011.05.11 23:21:43 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\PhotoScape
[2011.08.17 21:01:14 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Simfy
[2010.11.27 02:58:29 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\temp
[2010.07.27 20:27:42 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Template
[2009.01.19 02:56:34 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\Toshiba
[2011.05.22 03:21:03 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TS3Client
[2009.05.24 22:35:04 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\TuneUp Software
[2011.10.03 07:03:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-279534257-4243095250-1252865368-1000Core.job
[2011.10.04 19:03:14 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-279534257-4243095250-1252865368-1000UA.job
[2011.10.04 20:00:10 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.01.15 16:39:36 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.08.26 23:28:17 | 000,000,000 | ---D | M] -- C:\Acrobat3
[2011.01.19 08:52:08 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.01.15 16:26:36 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.03.22 14:37:26 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2008.10.08 10:01:03 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.06.14 22:08:26 | 000,000,000 | ---D | M] -- C:\My Downloads
[2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.10.04 15:14:43 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.10.04 15:14:43 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.01.15 16:26:36 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.10.04 20:15:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.01.15 16:40:03 | 000,000,000 | ---D | M] -- C:\Toshiba
[2009.01.15 16:30:36 | 000,000,000 | R--D | M] -- C:\Users
[2010.08.26 23:27:43 | 000,000,000 | ---D | M] -- C:\WESTWOOD
[2011.09.30 04:12:40 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-04 09:33:03
 
<           >

< End of report >

--- --- ---

Nach diesem Log habe ich auch den defogger laufen lassen, alles neugestartet. Der SpyBot zeigte es nach einem erneuten Scan(ohne bestehende Inet verbindung) weiterhin wie vorher an.

Ich wäre um eine antowort/hilfe echt mehr als froh,sonst bleibt mir nichts anderes ausser alles platt zu machen

Liebe grüße

cosinus · 05.10.2011, 16:57

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Pukki · 06.10.2011, 22:19

So ich habe es dann mal geschafft beide Scans wie gewünscht auszuführen...

Eset Scan

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=fdc22d7346e9c7469122c24665994b64
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-06 08:55:04
# local_time=2011-10-06 10:55:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 0 54458845 66088 0
# compatibility_mode=5892 16776573 100 100 26402 155459710 0 0
# compatibility_mode=8192 67108863 100 0 161 161 0 0
# scanned=160825
# found=5
# cleaned=0
# scan_time=7521
C:\Users\XXX\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\58fe4034-2522542d a variant of Java/Agent.BR trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\XXX\Downloads\SoftonicDownloader_fuer_photoscape.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\XXX\Downloads\SoftonicDownloader_fuer_teamspeak.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\FixCamera.exe a variant of Win32/KillProc.A application (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/KillProc.A application 00000000000000000000000000000000 I

Malwarebytesscan alt

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6571

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

14.05.2011 13:01:10
mbam-log-2011-05-14 (13-01-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 296497
Laufzeit: 2 Stunde(n), 28 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Und der neueste Log von MalwareBytes

Zitat:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7882

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

06.10.2011 02:15:19
mbam-log-2011-10-06 (02-15-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 318280
Laufzeit: 1 Stunde(n), 34 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Ich hoffe das reicht aus damit mir geholfen werden kann

Habe alles erledigt wie es sein sollte, Firewall, Avira, alles deaktiviert während der Scans .

Ich danke schonmal für die Mühen

Beste Grüße

cosinus · 07.10.2011, 15:52

Zitat:

OTL logfile created on: 04.10.2011 20:10:37 - Run 2

Run2 - wieso hast du OTL 2x scannen lassen? Wo ist das erste Log?

Pukki · 09.10.2011, 20:24

Ich weiß nun gar nicht ob ich das absichtlich 2 mal hab laufen lassen ^^
Ich bin aber fast der meinung das ich beim ersten mal den Avira noch aktiv hatte und deshalb einen 2ten Scan gemacht habe .

Hier ist der erste Log, den habe ich eben gefunden
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 04.10.2011 19:17:50 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\TimoF1\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 52,77% Memory free
3,74 Gb Paging File | 2,59 Gb Available in Paging File | 69,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,37 Gb Total Space | 21,10 Gb Free Space | 28,37% Space Free | Partition Type: NTFS
Drive E: | 73,21 Gb Total Space | 67,95 Gb Free Space | 92,81% Space Free | Partition Type: NTFS
 
Computer Name: XXX-PC | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2024D4CE-00C9-4AD0-BB1A-C1E61A0A66EB}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{301E1D61-4B0B-4036-9561-78BCD5A26BE7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3E892467-15A8-4320-99AB-0B231DB95FF2}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{46222659-095F-4955-AAAA-5677E4871DEF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{48807EB4-8A81-40FC-B206-555017302378}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{4F4C6F1F-855E-4E76-A211-E60789DD12DD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5905049F-EC80-42BB-8C91-66A1AEEEF332}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{594B4E35-6128-4F2F-8DEF-C102576E58B7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5A2E1346-6680-4926-8687-9FFB9121E652}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6BA59138-36BE-4FFD-B8BA-FFF22B169723}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6DAD20C2-2EAB-458D-AEFF-A53127B2ABE0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{76F0A2FC-AB4D-449D-A16A-1DE73F599A37}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{85E99414-4B92-4778-A2FD-1493878EA91F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8CFFAABC-A8C5-4985-98DF-593CBCDA11F9}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{90A5E64C-99CF-4DFB-A846-A7C4EC79D473}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B85B0D53-46C5-45E4-8134-9DC71B34E25F}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{C48A151B-0CF1-45C4-BA1D-9FB203C9C0BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ED2B0828-2147-48BD-8625-1C5F48F30C74}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0598FC24-4BEA-4A46-90CE-AC983052A420}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{095CE881-52ED-45D1-ABB1-7D22AED1EEEC}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{0A44C334-547D-4C4C-8871-92F0F098F3AB}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{157FB36F-8F9F-40A6-A101-DBB5A6A069F3}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{15F376E8-165A-40E0-9389-BFA68DAFB2B8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1633FD37-47E2-476F-BC30-5E7544CA8EFE}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{165BE4DE-D24D-422C-B3AF-30290C454FE7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{193C126D-9BD5-48AB-BA97-AAA580D8E52B}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{1BE9CC11-AB36-4DDA-98FE-25C9FB9CA22D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{211DD0B4-9B62-4905-90F5-16F90E29EF4D}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{2937E82E-86B5-43C4-8B09-100010955C4E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{2A65E37A-02CB-4D4C-AD96-FB982843DB21}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{2B811D88-0318-4FF1-86B8-E0C63C71E8C1}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{3C64FBCA-C389-4D6B-8C4A-408B92B2CEB5}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{4BFB7EFA-E1DE-4373-B79C-70028E8330F8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{53DBF5C1-1C7C-40D2-B311-A83E966EF560}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{58F018E8-E8CF-41BB-9FC8-C6C5DA5A060B}" = protocol=17 | dir=in | app=c:\program files\icq away reader\icq away reader.exe | 
"{60E09560-D31A-4C16-9FFA-BDDF8C108118}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{721C1A71-B6B8-4FBF-97AD-5708CE3985D2}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{7686B66D-AFA3-43C9-9CA8-3497D8E50BD6}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{7975E1D6-5AF7-4C9B-A95F-3EBB9F93807D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7B2F3597-0F6B-4911-837E-13BF7AB048E6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{8B296912-D6F9-4965-8808-E33A37FC280D}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{8D985CDE-18ED-4FCD-8624-3BF6F20680D0}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{99D5D4EC-4C5B-4056-BD58-3B635DD49D79}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{AB6D3AF2-76CA-443F-A76E-03747D43D3F9}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{B7B54087-F95F-4023-9503-B6DCA3FC1626}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{B8F885DD-CB41-420E-9175-0D56A1AAF9B9}" = protocol=6 | dir=in | app=c:\program files\icq away reader\icq away reader.exe | 
"{B97511E8-A7BB-4242-A7C0-4D12D3102038}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{C335F124-C3AB-4379-AC54-85DB4890495C}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{CCD06996-0D96-4686-B0B0-1620055BB991}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{CE58A90D-9356-41D7-9DD3-7BBE0D1F3ADA}" = dir=in | app=c:\users\timof1\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{D44118AF-0B4D-4FFF-B5A3-82E71E728595}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{D50F7DDD-055E-4432-BAA3-C1AF7BFCA217}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{E98E89AB-4B70-46B5-B043-E3010CCB7B8C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{EF1E46AD-8420-4ED1-8AB2-FFC0DCA3BFED}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{F34566CE-834E-4E0F-8D2C-8E633426FD46}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{FD524CF4-69F1-45AB-B745-64F5A8F26976}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"TCP Query User{0B93E498-5620-4243-B216-B9D9D2EB1EC9}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{20AE7BA8-E758-4290-85CD-3DC939481740}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{286EFB5A-A6C1-4EF3-8676-1A662BBBB768}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe | 
"TCP Query User{3B12F41B-389D-4C69-97FC-984371A8D724}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{6274AD98-F4BE-4FCD-A5E4-6C39AEE1FC6D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{772D889A-3829-44BF-87EF-6D7AC95BE631}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{8E65C468-9BBC-41BD-89BC-6BBE63E3EE5C}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
"TCP Query User{90B30534-3BB7-476F-91E6-C36E49F9FFFA}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"TCP Query User{D08535BC-9348-485E-BDFA-B36C0F2B8796}C:\program files\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare\bearshare.exe | 
"TCP Query User{D828563E-DF90-4CDB-83F6-37461AC59208}C:\users\timof1\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\XXX\program files\dna\btdna.exe | 
"TCP Query User{DAF4050A-EF06-41D0-B43A-24ADAF6506E4}C:\users\timof1\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\XXX\program files\dna\btdna.exe | 
"TCP Query User{DF12BD7B-91BB-425C-AD00-5B77B9DFE51C}C:\program files\anstoss 3\anstoss3.exe" = protocol=6 | dir=in | app=c:\program files\anstoss 3\anstoss3.exe | 
"TCP Query User{E831983F-044F-4FE3-A49F-7DF3698D9828}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"TCP Query User{F96C86F4-37BE-46F1-9A28-34CC3E413FD3}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{1E3432F8-6320-419A-95F0-33F3A6CE745D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{25BF37CB-1DA7-407B-AFDC-850F5ABE21C5}C:\users\XXX\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\timof1\program files\dna\btdna.exe | 
"UDP Query User{4E3627FA-721A-4ECA-A5E5-C3311C77FE3C}C:\users\XXX\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\timof1\program files\dna\btdna.exe | 
"UDP Query User{564AB866-692C-4B70-97FF-A5F6B65668E9}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"UDP Query User{581D7F7C-848C-436A-A8AD-3C9DBF7EF7A6}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{6B105358-2740-416D-9471-67EFC0BE910C}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{7D9CBA04-2D43-4B98-A9C2-68F6AFF3DFF7}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe | 
"UDP Query User{9294738E-26CB-49C6-9448-0F5A649C0FCC}C:\program files\anstoss 3\anstoss3.exe" = protocol=17 | dir=in | app=c:\program files\anstoss 3\anstoss3.exe | 
"UDP Query User{969BD404-55E2-473A-93BE-233C2EF30FDC}C:\program files\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare\bearshare.exe | 
"UDP Query User{B2635770-B52D-4774-85B9-F19CD2D6FAEC}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{B6172AD8-2308-42D8-B513-417901BDEB2C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{C455AD41-DC4B-426C-9C34-2D1480F25549}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"UDP Query User{DA6C17F2-2AB7-4BA0-B959-55DDFB863CD9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{EFFCFE69-F734-4916-A5EF-E0289A2D3136}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02CA24DD-C8B0-4280-BE53-7862869C2EB1}" = Realtek WiFi Protected Setup Library
"{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}" = Toshiba TEMPRO
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07C9627A-CA0B-2AA2-062E-204359DF7BA1}" = Catalyst Control Center Core Implementation
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0D3CECCA-A589-ECCA-EC0B-2F98F2789F60}" = simfy
"{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}" = TOSHIBA ConfigFree
"{0EFB2016-41D2-5F30-8F60-25250F6DABDD}" = CCC Help Thai
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1C971EE3-B4C4-4367-9676-57549919C6CE}" = TOSHIBA Benutzerhandbücher
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{1E57A11B-AB65-C6D1-F999-B3B37AB2298E}" = Catalyst Control Center Localization Japanese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{27265B80-303E-EFFF-6052-B11F91B634C3}" = Catalyst Control Center Localization Italian
"{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup
"{2920435D-CE92-5024-1694-DFD43A5FF074}" = Catalyst Control Center Localization Greek
"{2CD6D3D2-1EFC-F0B4-1761-FD4FA7F8750F}" = CCC Help Finnish
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{358004B9-3A16-87FF-4487-4D6F0C70E52F}" = Catalyst Control Center Localization Russian
"{38A3E884-313A-7AE0-11BC-482DE0C8766A}" = CCC Help Czech
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3BB12DBC-0A8E-ECE2-F179-D06B99B8CD02}" = Catalyst Control Center Localization Czech
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E0E28DC-DA90-1BA2-FA36-AA3C2E4FB74A}" = Catalyst Control Center Graphics Previews Vista
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1E87C3-00DE-4898-8E39-E390AAEF2391}" = TOSHIBA Supervisor Password
"{4C90501F-864B-5AC4-867D-6AC35BE50721}" = ccc-utility
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{55398A75-13E0-570F-BD16-2EE5D9E5523D}" = Catalyst Control Center Localization Norwegian
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F131988-3326-AD64-1817-D76A2FE3C2D3}" = CCC Help Chinese Traditional
"{5FBF37CD-B7F9-564C-BDFC-73D970CF7AF2}" = CCC Help Italian
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{61C63422-E5E2-8576-2B82-0E01F5AD2538}" = CCC Help English
"{61F90A4F-AD49-7FFB-F027-5B2CB64F0A70}" = Catalyst Control Center Graphics Light
"{629044C7-745A-64B8-467F-2F93ED50008B}" = CCC Help Chinese Standard
"{65BF23C0-4EF9-27CC-7B6F-190F4008A569}" = Catalyst Control Center Localization Polish
"{65D602E4-DCDE-0743-6A0A-F1A203449F47}" = CCC Help German
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69E5255D-9D43-4CFF-8984-843ABD7753B7}" = Catalyst Control Center - Branding
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B4874CA-13CF-2477-B697-B448201B56B6}" = CCC Help Norwegian
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6EB0B23B-AA51-6F4E-C94C-C1015ED61EEC}" = CCC Help Japanese
"{70495081-1DC8-AD4B-C197-12138B8FBC9E}" = CCC Help Danish
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71B929E2-3556-93DB-DEC0-FD56D3EFB473}" = Catalyst Control Center Localization Chinese Traditional
"{71C47830-182D-79FA-0790-0366E6E2C2EB}" = Catalyst Control Center Localization Spanish
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = hama PC-Webcam RW-250
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"{77CAD946-C573-6647-B222-B6870C072932}" = CCC Help Korean
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E83516C-931B-870F-5CDF-01FDF9A4AEF0}" = Catalyst Control Center Localization Turkish
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86728841-C151-B8E4-43C6-DD289DE570B6}" = Catalyst Control Center Localization Swedish
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86DBA852-5D5E-1856-D828-620E792EDC0D}" = Catalyst Control Center Localization Chinese Standard
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{88BA2601-8A62-7AB7-DB8A-7AA2840B7C87}" = Catalyst Control Center Localization Thai
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B587895-7716-1B99-5D85-3CA4AAF8A0F4}" = Catalyst Control Center Localization Dutch
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9244F321-0BBD-9D4A-C1FB-6437E3D0550D}" = Catalyst Control Center Localization German
"{93F3EBDD-4007-C233-7320-977AC0941054}" = CCC Help Turkish
"{94AB6CE0-DB26-7048-2A5B-4647EA1FC693}" = ccc-core-static
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E012857-0B5E-40A0-A36A-36751966A79B}_is1" = ICQ Status Checker 1.8
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A103C127-2168-4493-8D01-4BF180BED12C}" = CCC Help Portuguese
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7F27ADB-3C56-0F2B-6B4B-0B8E02A49186}" = ATI Catalyst Install Manager
"{AC2EE52D-05CD-8140-5D29-5AA29590971E}" = CCC Help French
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{AD0DEE39-3B26-4AFB-9B26-0A4D21497390}" = Facebook Video Calling 1.0.0.8526
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B02A78AE-EA3B-8261-AEBC-8221E22DCC1E}" = CCC Help Polish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1D67B62-35A8-A9A1-AA74-F6A495C8271A}" = Catalyst Control Center Localization Danish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC2EA92A-A5A9-A137-5204-F150EDB05DB3}" = CCC Help Hungarian
"{BC713970-8C3C-852B-4139-636F21114B7F}" = CCC Help Dutch
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4BE99A4-D1C7-46CC-9E06-B901A4BC7854}_is1" = ICQ Password Hasher 1.2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5F1A9C4-C041-2E95-5D7E-EF56CED2B522}" = Skins
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7CC05AF-067D-0D1A-1E4D-9DCBCDCC2D41}" = Catalyst Control Center Graphics Full New
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0FC3A5D-CF52-ABA7-92EF-D9794F372121}" = Catalyst Control Center Graphics Full Existing
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"{EA7D1919-A6BF-979A-E3A2-F753E23D45FA}" = Catalyst Control Center Localization Hungarian
"{ED2BC5D9-20EE-FBB6-8483-240F19EFCAA5}" = CCC Help Swedish
"{F0345A2F-1D78-0AEA-7CBB-CEF48622EB44}" = Catalyst Control Center Localization Portuguese
"{F0646787-1A2F-34E9-A61D-9DAD69F606F8}" = CCC Help Spanish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F50E4D66-5280-FDF8-7F55-2E47FCF23E7D}" = Catalyst Control Center Localization Korean
"{F67E6AE5-F87B-025F-2D6B-26491304393F}" = CCC Help Russian
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9DAAC4B-5E3F-1D39-9D4B-6998664EF402}" = Catalyst Control Center Localization Finnish
"{F9F66B99-C1B3-ACEA-1F80-404CC4DD96BF}" = Catalyst Control Center Localization French
"{FA493449-3E34-4E05-8CA7-26A42E9F180E}" = CCC Help Greek
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"7-Zip" = 7-Zip 4.65
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat Reader 3.01" = Adobe Acrobat Reader 3.01
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alarmstufe Rot" = Alarmstufe Rot Windows 95
"Alice Software" = Alice Software 4.10.0
"ANSTOSS 3_is1" = ANSTOSS 3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"ciqkg" = Favorit
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_14F10000" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 5.2.0
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FUSSBALL MANAGER 08" = FUSSBALL MANAGER 08
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQSpamblocker" = ICQSpamblocker
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TRDCReminder
"InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}" = TRORDCLauncher
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"myphotobook" = myphotobook 3.6
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Simfy" = simfy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.06.2010 20:21:11 | Computer Name = XXX-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 17.06.2010 09:57:16 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.06.2010 11:59:25 | Computer Name = XXX-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 17.06.2010 14:21:45 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.06.2010 16:41:35 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.06.2010 08:45:37 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.06.2010 10:44:31 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 19.06.2010 17:26:44 | Computer Name = XXX-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 19.06.2010 17:30:06 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.06.2010 07:51:04 | Computer Name = XXX-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 27.11.2009 18:17:04 | Computer Name = XXX-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
 
[ OSession Events ]
Error - 27.07.2010 14:32:34 | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 26
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 27.07.2010 14:33:40 | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.07.2010 07:46:08 | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 28.07.2010 08:37:58 | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 12.05.2011 00:07:21 | Computer Name = XXX-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 03.10.2011 16:45:22 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 03.10.2011 16:46:35 | Computer Name = XXX-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 03.10.2011 16:46:38 | Computer Name = XXX-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 03.10.2011 16:46:52 | Computer Name = XXX-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 03.10.2011 19:17:01 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 03.10.2011 22:05:56 | Computer Name = XXX-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 03.10.2011 22:06:22 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 04.10.2011 11:13:38 | Computer Name = XXX-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 04.10.2011 11:13:49 | Computer Name = XXX-PC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
Error - 04.10.2011 11:13:59 | Computer Name = XXXPC | Source = ipnathlp | ID = 31004
Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet
 werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner 
Fehler ist im Speicher-Manager aufgetreten.
 
 
< End of report >

--- --- ---

cosinus · 10.10.2011, 12:20

Hast du noch das OTL.txt Log vom ersten Durchlauf? Die Extras sind weniger wichtig.

Pukki · 10.10.2011, 16:46

Also ich hab jetzt mal nachgeschaut, das ist so ziemlich alles was ich noch habe =( Soll ich vllt noch einen Scan machen, weiß auch nicht mehr was ich da gemacht habe

cosinus · 10.10.2011, 17:20

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.jappy.de/"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
[2011.06.09 04:46:26 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.02.01 00:22:29 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2011.06.09 04:46:29 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\engine@conduit.com
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-10.xml
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-11.xml
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-12.xml
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-2.xml
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-3.xml
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-4.xml
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-5.xml
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-6.xml
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-7.xml
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-8.xml
[2011.09.29 20:22:39 | 000,000,828 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-9.xml
[2011.09.29 20:22:39 | 000,000,822 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin.xml
[2009.01.15 18:58:16 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.01.12 11:19:40 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2011.01.12 11:19:40 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\QUICKSTORES@QUICKSTORES.DE
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - Amazon.de: Günstige Preise bei Elektronik & Foto, DVD, Musik, Bücher, Games, Spielzeug & mehr File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1478f9f4-aa73-11e0-b8cb-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1478f9f4-aa73-11e0-b8cb-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{6de362c8-f728-11de-a230-cf40e21dd416}\Shell - "" = AutoRun
O33 - MountPoints2\{6de362c8-f728-11de-a230-cf40e21dd416}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6de362ca-f728-11de-a230-97ebfdbb4c5c}\Shell - "" = AutoRun
O33 - MountPoints2\{6de362ca-f728-11de-a230-97ebfdbb4c5c}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6de362cb-f728-11de-a230-c21f936b4dc8}\Shell - "" = AutoRun
O33 - MountPoints2\{6de362cb-f728-11de-a230-c21f936b4dc8}\Shell\AutoRun\command - "" = D:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7c434e32-7ad9-11e0-9612-d12759e963c7}\Shell - "" = AutoRun
O33 - MountPoints2\{7c434e32-7ad9-11e0-9612-d12759e963c7}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{7c434e63-7ad9-11e0-9612-f6306ce76e31}\Shell - "" = AutoRun
O33 - MountPoints2\{7c434e63-7ad9-11e0-9612-f6306ce76e31}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c5bfab1c-62b0-11de-97ef-8c5b947565c5}\Shell - "" = AutoRun
O33 - MountPoints2\{c5bfab1c-62b0-11de-97ef-8c5b947565c5}\Shell\AutoRun\command - "" = G:\LaunchU3.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Pukki · 12.10.2011, 04:06

Guten Morgen,

also ich habe es wie angewiesen getan : Alle Programme die offen waren geschlossen, Avira ausgeschaltet,Firewall deaktiviert und dann den Text dort eingefügt und Fixen geklickt

auch hat der Neustart wie angesagt stattgefunden ^^
Hier der gewünschte Log

Zitat:

All processes killed
========== OTL ==========
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: false removed from browser.search.update
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.jappy.de/" removed from browser.startup.homepage
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from keyword.URL
Prefs.js: "ICQ Search" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\searchplugin folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\META-INF folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\lib folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\defaults folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\chrome folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\aggjj9u6.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\aggjj9u6.default\searchplugins\icqplugin.xml moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de folder moved successfully.
Folder C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\QUICKSTORES@QUICKSTORES.DE\ not found.
C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer not found.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{76577871-04EC-495E-A12B-91F7C3600AFA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76577871-04EC-495E-A12B-91F7C3600AFA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A918C1D-E123-4E36-B562-5C1519E434CE}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1478f9f4-aa73-11e0-b8cb-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1478f9f4-aa73-11e0-b8cb-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1478f9f4-aa73-11e0-b8cb-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1478f9f4-aa73-11e0-b8cb-806e6f6e6963}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6de362c8-f728-11de-a230-cf40e21dd416}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6de362c8-f728-11de-a230-cf40e21dd416}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6de362c8-f728-11de-a230-cf40e21dd416}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6de362c8-f728-11de-a230-cf40e21dd416}\ not found.
File D:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6de362ca-f728-11de-a230-97ebfdbb4c5c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6de362ca-f728-11de-a230-97ebfdbb4c5c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6de362ca-f728-11de-a230-97ebfdbb4c5c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6de362ca-f728-11de-a230-97ebfdbb4c5c}\ not found.
File D:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6de362cb-f728-11de-a230-c21f936b4dc8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6de362cb-f728-11de-a230-c21f936b4dc8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6de362cb-f728-11de-a230-c21f936b4dc8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6de362cb-f728-11de-a230-c21f936b4dc8}\ not found.
File D:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c434e32-7ad9-11e0-9612-d12759e963c7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c434e32-7ad9-11e0-9612-d12759e963c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c434e32-7ad9-11e0-9612-d12759e963c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c434e32-7ad9-11e0-9612-d12759e963c7}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c434e63-7ad9-11e0-9612-f6306ce76e31}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c434e63-7ad9-11e0-9612-f6306ce76e31}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7c434e63-7ad9-11e0-9612-f6306ce76e31}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c434e63-7ad9-11e0-9612-f6306ce76e31}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5bfab1c-62b0-11de-97ef-8c5b947565c5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c5bfab1c-62b0-11de-97ef-8c5b947565c5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c5bfab1c-62b0-11de-97ef-8c5b947565c5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c5bfab1c-62b0-11de-97ef-8c5b947565c5}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\AutoRun.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: XXX
->Temp folder emptied: 15503562 bytes
->Temporary Internet Files folder emptied: 26773574 bytes
->Java cache emptied: 127965650 bytes
->FireFox cache emptied: 42577326 bytes
->Google Chrome cache emptied: 300582266 bytes
->Flash cache emptied: 120091 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 295000 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1101184 bytes
RecycleBin emptied: 1467291671 bytes

Total Files Cleaned = 1.890,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 10122011_044604

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Was heißt das denn nun genau alles

Wie gesagt bin auf dem Gebiet wirklich nen kleinen dummkopf^^

cosinus · 12.10.2011, 16:50

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Pukki · 16.10.2011, 19:09

Hallo und sorry das es etwas gedauert hat, habe viel um den Ohren...

Habe es so ausgeführt aber iwie hab ich wohl einen Fehler begangen...
Ich habe den "reboot computer" geklickt ohne den Report gespeichert zu haben -.-
Habe den report button erst danach gesehen.

Der Scan hat einen fund ergeben und dieser wurde entfernt :´(
Ich habe einen 2ten Scan gemacht...ich hoffe der Fehler ist nun nicht allzu schlimm ?=(

Zitat:

20:07:52.0340 4032 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
20:07:52.0559 4032 ============================================================
20:07:52.0559 4032 Current date / time: 2011/10/16 20:07:52.0559
20:07:52.0559 4032 SystemInfo:
20:07:52.0559 4032
20:07:52.0559 4032 OS Version: 6.0.6002 ServicePack: 2.0
20:07:52.0559 4032 Product type: Workstation
20:07:52.0559 4032 ComputerName: xxx-PC
20:07:52.0574 4032 UserName: xxx
20:07:52.0574 4032 Windows directory: C:\Windows
20:07:52.0574 4032 System windows directory: C:\Windows
20:07:52.0574 4032 Processor architecture: Intel x86
20:07:52.0574 4032 Number of processors: 2
20:07:52.0574 4032 Page size: 0x1000
20:07:52.0574 4032 Boot type: Normal boot
20:07:52.0574 4032 ============================================================
20:07:55.0166 4032 Initialize success
20:08:01.0380 4584 ============================================================
20:08:01.0380 4584 Scan started
20:08:01.0380 4584 Mode: Manual; SigCheck; TDLFS;
20:08:01.0381 4584 ============================================================
20:08:03.0466 4584 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:08:03.0672 4584 ACPI - ok
20:08:03.0767 4584 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:08:03.0813 4584 adp94xx - ok
20:08:03.0924 4584 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:08:03.0956 4584 adpahci - ok
20:08:04.0009 4584 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:08:04.0033 4584 adpu160m - ok
20:08:04.0099 4584 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:08:04.0124 4584 adpu320 - ok
20:08:04.0270 4584 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:08:04.0333 4584 AFD - ok
20:08:04.0395 4584 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:08:04.0417 4584 agp440 - ok
20:08:04.0518 4584 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:08:04.0569 4584 aic78xx - ok
20:08:04.0616 4584 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:08:04.0632 4584 aliide - ok
20:08:04.0678 4584 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:08:04.0710 4584 amdagp - ok
20:08:04.0788 4584 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:08:04.0803 4584 amdide - ok
20:08:04.0897 4584 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:08:04.0944 4584 AmdK7 - ok
20:08:04.0990 4584 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:08:05.0037 4584 AmdK8 - ok
20:08:05.0106 4584 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:08:05.0129 4584 arc - ok
20:08:05.0189 4584 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:08:05.0212 4584 arcsas - ok
20:08:05.0316 4584 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:08:05.0368 4584 AsyncMac - ok
20:08:05.0440 4584 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:08:05.0460 4584 atapi - ok
20:08:05.0622 4584 atikmdag (a2b6478963451a99c28da8133b648142) C:\Windows\system32\DRIVERS\atikmdag.sys
20:08:05.0830 4584 atikmdag - ok
20:08:05.0941 4584 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
20:08:05.0962 4584 AtiPcie - ok
20:08:06.0038 4584 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
20:08:06.0185 4584 avgntflt - ok
20:08:06.0232 4584 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
20:08:06.0248 4584 avipbb - ok
20:08:06.0419 4584 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:08:06.0466 4584 Beep - ok
20:08:06.0528 4584 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:08:06.0591 4584 blbdrive - ok
20:08:06.0680 4584 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:08:06.0707 4584 bowser - ok
20:08:06.0781 4584 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:08:06.0823 4584 BrFiltLo - ok
20:08:06.0865 4584 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:08:06.0903 4584 BrFiltUp - ok
20:08:06.0995 4584 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:08:07.0090 4584 Brserid - ok
20:08:07.0133 4584 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:08:07.0228 4584 BrSerWdm - ok
20:08:07.0356 4584 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:08:07.0471 4584 BrUsbMdm - ok
20:08:07.0513 4584 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:08:07.0605 4584 BrUsbSer - ok
20:08:07.0631 4584 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:08:07.0755 4584 BTHMODEM - ok
20:08:07.0833 4584 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:08:07.0880 4584 cdfs - ok
20:08:07.0927 4584 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:08:07.0974 4584 cdrom - ok
20:08:08.0021 4584 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:08:08.0067 4584 circlass - ok
20:08:08.0130 4584 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:08:08.0161 4584 CLFS - ok
20:08:08.0243 4584 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:08:08.0298 4584 CmBatt - ok
20:08:08.0333 4584 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:08:08.0353 4584 cmdide - ok
20:08:08.0384 4584 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:08:08.0404 4584 Compbatt - ok
20:08:08.0447 4584 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:08:08.0467 4584 crcdisk - ok
20:08:08.0568 4584 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:08:08.0621 4584 Crusoe - ok
20:08:08.0718 4584 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:08:08.0745 4584 DfsC - ok
20:08:08.0872 4584 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:08:08.0893 4584 disk - ok
20:08:08.0953 4584 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:08:08.0991 4584 drmkaud - ok
20:08:09.0068 4584 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:08:09.0124 4584 DXGKrnl - ok
20:08:09.0247 4584 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:08:09.0309 4584 E1G60 - ok
20:08:09.0371 4584 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:08:09.0387 4584 Ecache - ok
20:08:09.0512 4584 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:08:09.0543 4584 elxstor - ok
20:08:09.0590 4584 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:08:09.0637 4584 ErrDev - ok
20:08:09.0762 4584 ewusbnet (921878114f48949cfae9abe6fc4c4cc3) C:\Windows\system32\DRIVERS\ewusbnet.sys
20:08:09.0812 4584 ewusbnet - ok
20:08:09.0935 4584 ew_hwusbdev (e98a64c7f106740a38fb2b78197816f8) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
20:08:09.0974 4584 ew_hwusbdev - ok
20:08:10.0042 4584 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:08:10.0069 4584 exfat - ok
20:08:10.0174 4584 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:08:10.0216 4584 fastfat - ok
20:08:10.0259 4584 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:08:10.0317 4584 fdc - ok
20:08:10.0366 4584 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:08:10.0386 4584 FileInfo - ok
20:08:10.0485 4584 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:08:10.0547 4584 Filetrace - ok
20:08:10.0578 4584 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:08:10.0635 4584 flpydisk - ok
20:08:10.0692 4584 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:08:10.0725 4584 FltMgr - ok
20:08:10.0847 4584 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:08:10.0894 4584 Fs_Rec - ok
20:08:10.0956 4584 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
20:08:10.0972 4584 FwLnk - ok
20:08:11.0003 4584 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:08:11.0034 4584 gagp30kx - ok
20:08:11.0097 4584 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
20:08:11.0190 4584 HdAudAddService - ok
20:08:11.0299 4584 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:08:11.0329 4584 HDAudBus - ok
20:08:11.0396 4584 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:08:11.0491 4584 HidBth - ok
20:08:11.0577 4584 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:08:11.0670 4584 HidIr - ok
20:08:11.0738 4584 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:08:11.0777 4584 HidUsb - ok
20:08:11.0851 4584 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:08:11.0871 4584 HpCISSs - ok
20:08:11.0947 4584 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:08:12.0005 4584 HSFHWAZL - ok
20:08:12.0099 4584 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:08:12.0152 4584 HSF_DPV - ok
20:08:12.0257 4584 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:08:12.0283 4584 HSXHWAZL - ok
20:08:12.0369 4584 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:08:12.0401 4584 HTTP - ok
20:08:12.0463 4584 huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
20:08:12.0494 4584 huawei_enumerator - ok
20:08:12.0619 4584 hwdatacard (0b3957226ec94b1ecb7b9348bb535a23) C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:08:12.0650 4584 hwdatacard - ok
20:08:12.0697 4584 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:08:12.0713 4584 i2omp - ok
20:08:12.0775 4584 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:08:12.0822 4584 i8042prt - ok
20:08:12.0870 4584 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:08:12.0889 4584 iaStorV - ok
20:08:12.0927 4584 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:08:12.0946 4584 iirsp - ok
20:08:13.0065 4584 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
20:08:13.0170 4584 IntcAzAudAddService - ok
20:08:13.0275 4584 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:08:13.0293 4584 intelide - ok
20:08:13.0328 4584 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:08:13.0382 4584 intelppm - ok
20:08:13.0423 4584 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:08:13.0476 4584 IpFilterDriver - ok
20:08:13.0499 4584 IpInIp - ok
20:08:13.0537 4584 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:08:13.0591 4584 IPMIDRV - ok
20:08:13.0687 4584 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:08:13.0742 4584 IPNAT - ok
20:08:13.0767 4584 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:08:13.0818 4584 IRENUM - ok
20:08:13.0855 4584 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:08:13.0894 4584 isapnp - ok
20:08:13.0956 4584 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:08:13.0987 4584 iScsiPrt - ok
20:08:14.0081 4584 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:08:14.0097 4584 iteatapi - ok
20:08:14.0128 4584 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:08:14.0143 4584 iteraid - ok
20:08:14.0175 4584 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:08:14.0190 4584 kbdclass - ok
20:08:14.0221 4584 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
20:08:14.0268 4584 kbdhid - ok
20:08:14.0377 4584 KLIM6 (91c8a1dcb82386ce6bbdb65bbf6ea51b) C:\Windows\system32\DRIVERS\klim6.sys
20:08:14.0393 4584 KLIM6 - ok
20:08:14.0454 4584 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
20:08:14.0493 4584 KSecDD - ok
20:08:14.0593 4584 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:08:14.0653 4584 lltdio - ok
20:08:14.0704 4584 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:08:14.0725 4584 LSI_FC - ok
20:08:14.0759 4584 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:08:14.0781 4584 LSI_SAS - ok
20:08:14.0868 4584 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:08:14.0889 4584 LSI_SCSI - ok
20:08:14.0946 4584 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:08:15.0000 4584 luafv - ok
20:08:15.0105 4584 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
20:08:15.0126 4584 MBAMProtector - ok
20:08:15.0187 4584 MBAMSwissArmy - ok
20:08:15.0234 4584 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:08:15.0255 4584 mdmxsdk - ok
20:08:15.0344 4584 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:08:15.0364 4584 megasas - ok
20:08:15.0412 4584 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:08:15.0469 4584 MegaSR - ok
20:08:15.0516 4584 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:08:15.0563 4584 Modem - ok
20:08:15.0594 4584 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:08:15.0641 4584 monitor - ok
20:08:15.0734 4584 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:08:15.0750 4584 mouclass - ok
20:08:15.0843 4584 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:08:15.0890 4584 mouhid - ok
20:08:15.0937 4584 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:08:15.0953 4584 MountMgr - ok
20:08:15.0972 4584 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:08:15.0995 4584 mpio - ok
20:08:16.0053 4584 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:08:16.0095 4584 mpsdrv - ok
20:08:16.0151 4584 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:08:16.0172 4584 Mraid35x - ok
20:08:16.0233 4584 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:08:16.0261 4584 MRxDAV - ok
20:08:16.0331 4584 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:08:16.0357 4584 mrxsmb - ok
20:08:16.0460 4584 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:08:16.0490 4584 mrxsmb10 - ok
20:08:16.0569 4584 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:08:16.0596 4584 mrxsmb20 - ok
20:08:16.0679 4584 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
20:08:16.0700 4584 msahci - ok
20:08:16.0746 4584 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:08:16.0770 4584 msdsm - ok
20:08:16.0833 4584 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:08:16.0891 4584 Msfs - ok
20:08:16.0991 4584 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:08:17.0007 4584 msisadrv - ok
20:08:17.0085 4584 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:08:17.0132 4584 MSKSSRV - ok
20:08:17.0163 4584 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:08:17.0210 4584 MSPCLOCK - ok
20:08:17.0257 4584 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:08:17.0303 4584 MSPQM - ok
20:08:17.0366 4584 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:08:17.0397 4584 MsRPC - ok
20:08:17.0459 4584 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:08:17.0475 4584 mssmbios - ok
20:08:17.0514 4584 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:08:17.0565 4584 MSTEE - ok
20:08:17.0649 4584 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:08:17.0672 4584 Mup - ok
20:08:17.0743 4584 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:08:17.0773 4584 NativeWifiP - ok
20:08:17.0845 4584 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:08:17.0894 4584 NDIS - ok
20:08:17.0988 4584 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:08:18.0028 4584 NdisTapi - ok
20:08:18.0056 4584 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:08:18.0111 4584 Ndisuio - ok
20:08:18.0169 4584 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:08:18.0211 4584 NdisWan - ok
20:08:18.0317 4584 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:08:18.0361 4584 NDProxy - ok
20:08:18.0396 4584 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:08:18.0451 4584 NetBIOS - ok
20:08:18.0529 4584 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:08:18.0576 4584 netbt - ok
20:08:18.0685 4584 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:08:18.0717 4584 nfrd960 - ok
20:08:18.0779 4584 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:08:18.0826 4584 Npfs - ok
20:08:18.0857 4584 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:08:18.0904 4584 nsiproxy - ok
20:08:18.0997 4584 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:08:19.0060 4584 Ntfs - ok
20:08:19.0131 4584 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:08:19.0226 4584 ntrigdigi - ok
20:08:19.0277 4584 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:08:19.0328 4584 Null - ok
20:08:19.0371 4584 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:08:19.0392 4584 nvraid - ok
20:08:19.0422 4584 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:08:19.0444 4584 nvstor - ok
20:08:19.0521 4584 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:08:19.0544 4584 nv_agp - ok
20:08:19.0588 4584 NwlnkFlt - ok
20:08:19.0614 4584 NwlnkFwd - ok
20:08:19.0666 4584 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
20:08:19.0762 4584 ohci1394 - ok
20:08:19.0815 4584 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:08:19.0909 4584 Parport - ok
20:08:20.0018 4584 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:08:20.0039 4584 partmgr - ok
20:08:20.0114 4584 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:08:20.0208 4584 Parvdm - ok
20:08:20.0286 4584 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:08:20.0317 4584 pci - ok
20:08:20.0411 4584 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
20:08:20.0426 4584 pciide - ok
20:08:20.0489 4584 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:08:20.0520 4584 pcmcia - ok
20:08:20.0567 4584 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:08:20.0681 4584 PEAUTH - ok
20:08:20.0856 4584 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:08:20.0913 4584 PptpMiniport - ok
20:08:20.0944 4584 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
20:08:20.0998 4584 Processor - ok
20:08:21.0076 4584 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:08:21.0117 4584 PSched - ok
20:08:21.0200 4584 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
20:08:21.0218 4584 PxHelp20 - ok
20:08:21.0293 4584 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:08:21.0375 4584 ql2300 - ok
20:08:21.0471 4584 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:08:21.0492 4584 ql40xx - ok
20:08:21.0537 4584 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:08:21.0572 4584 QWAVEdrv - ok
20:08:21.0596 4584 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:08:21.0668 4584 RasAcd - ok
20:08:21.0777 4584 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:08:21.0824 4584 Rasl2tp - ok
20:08:21.0902 4584 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:08:21.0933 4584 RasPppoe - ok
20:08:21.0964 4584 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:08:21.0995 4584 RasSstp - ok
20:08:22.0105 4584 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:08:22.0136 4584 rdbss - ok
20:08:22.0189 4584 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:08:22.0240 4584 RDPCDD - ok
20:08:22.0291 4584 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:08:22.0351 4584 rdpdr - ok
20:08:22.0413 4584 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:08:22.0466 4584 RDPENCDD - ok
20:08:22.0532 4584 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:08:22.0576 4584 RDPWD - ok
20:08:22.0651 4584 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:08:22.0705 4584 rspndr - ok
20:08:22.0788 4584 RTHDMIAzAudService (c853ae16ccf5033c0cba0855390f5c7f) C:\Windows\system32\drivers\RtHDMIV.sys
20:08:22.0809 4584 RTHDMIAzAudService - ok
20:08:22.0846 4584 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
20:08:22.0893 4584 RTL8169 - ok
20:08:22.0944 4584 RTL8187B (b71d269b9ab5417963e986126c12b9fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
20:08:22.0975 4584 RTL8187B - ok
20:08:23.0058 4584 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
20:08:23.0076 4584 RtlProt - ok
20:08:23.0123 4584 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
20:08:23.0157 4584 RTSTOR - ok
20:08:23.0237 4584 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:08:23.0253 4584 sbp2port - ok
20:08:23.0378 4584 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:08:23.0459 4584 secdrv - ok
20:08:23.0506 4584 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:08:23.0599 4584 Serenum - ok
20:08:23.0629 4584 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:08:23.0724 4584 Serial - ok
20:08:23.0763 4584 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:08:23.0816 4584 sermouse - ok
20:08:23.0920 4584 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:08:23.0963 4584 sffdisk - ok
20:08:24.0009 4584 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:08:24.0062 4584 sffp_mmc - ok
20:08:24.0087 4584 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:08:24.0139 4584 sffp_sd - ok
20:08:24.0169 4584 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:08:24.0264 4584 sfloppy - ok
20:08:24.0375 4584 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:08:24.0396 4584 sisagp - ok
20:08:24.0432 4584 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:08:24.0451 4584 SiSRaid2 - ok
20:08:24.0482 4584 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:08:24.0502 4584 SiSRaid4 - ok
20:08:24.0573 4584 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:08:24.0614 4584 Smb - ok
20:08:25.0140 4584 SNP2STD (97b19508eb11097eac08f0c195ee948d) C:\Windows\system32\DRIVERS\snp2sxp.sys
20:08:25.0658 4584 SNP2STD - ok
20:08:25.0792 4584 SPC530 (437198c0d349b0e0d4305d3081c5e912) C:\Windows\system32\drivers\SPC530.sys
20:08:25.0929 4584 SPC530 - ok
20:08:26.0033 4584 SPC530m (92e0ce241498b483404a957e709329cc) C:\Windows\system32\drivers\SPC530m.sys
20:08:26.0055 4584 SPC530m - ok
20:08:26.0112 4584 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:08:26.0131 4584 spldr - ok
20:08:26.0187 4584 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:08:26.0219 4584 srv - ok
20:08:26.0350 4584 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:08:26.0381 4584 srv2 - ok
20:08:26.0428 4584 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:08:26.0459 4584 srvnet - ok
20:08:26.0553 4584 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
20:08:26.0584 4584 sscdbus - ok
20:08:26.0647 4584 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
20:08:26.0678 4584 sscdmdfl - ok
20:08:26.0787 4584 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
20:08:26.0803 4584 sscdmdm - ok
20:08:26.0845 4584 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:08:26.0862 4584 ssmdrv - ok
20:08:26.0944 4584 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
20:08:26.0982 4584 StillCam - ok
20:08:27.0109 4584 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:08:27.0132 4584 swenum - ok
20:08:27.0175 4584 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:08:27.0194 4584 Symc8xx - ok
20:08:27.0222 4584 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:08:27.0241 4584 Sym_hi - ok
20:08:27.0265 4584 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:08:27.0284 4584 Sym_u3 - ok
20:08:27.0349 4584 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
20:08:27.0374 4584 SynTP - ok
20:08:27.0491 4584 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
20:08:27.0550 4584 Tcpip - ok
20:08:27.0636 4584 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
20:08:27.0695 4584 Tcpip6 - ok
20:08:27.0774 4584 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:08:27.0826 4584 tcpipreg - ok
20:08:27.0857 4584 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
20:08:27.0888 4584 tdcmdpst - ok
20:08:27.0935 4584 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:08:27.0982 4584 TDPIPE - ok
20:08:28.0075 4584 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:08:28.0122 4584 TDTCP - ok
20:08:28.0169 4584 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:08:28.0216 4584 tdx - ok
20:08:28.0294 4584 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:08:28.0309 4584 TermDD - ok
20:08:28.0390 4584 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
20:08:28.0426 4584 tos_sps32 - ok
20:08:28.0518 4584 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:08:28.0571 4584 tssecsrv - ok
20:08:28.0605 4584 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:08:28.0631 4584 tunmp - ok
20:08:28.0680 4584 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:08:28.0705 4584 tunnel - ok
20:08:28.0779 4584 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
20:08:28.0795 4584 TVALZ - ok
20:08:28.0884 4584 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:08:28.0910 4584 uagp35 - ok
20:08:28.0955 4584 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:08:29.0004 4584 udfs - ok
20:08:29.0071 4584 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:08:29.0093 4584 uliagpkx - ok
20:08:29.0188 4584 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:08:29.0214 4584 uliahci - ok
20:08:29.0252 4584 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:08:29.0275 4584 UlSata - ok
20:08:29.0313 4584 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:08:29.0337 4584 ulsata2 - ok
20:08:29.0426 4584 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:08:29.0489 4584 umbus - ok
20:08:29.0582 4584 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
20:08:29.0629 4584 usbaudio - ok
20:08:29.0676 4584 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:08:29.0723 4584 usbccgp - ok
20:08:29.0785 4584 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:08:29.0894 4584 usbcir - ok
20:08:29.0921 4584 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:08:29.0962 4584 usbehci - ok
20:08:29.0999 4584 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:08:30.0046 4584 usbhub - ok
20:08:30.0090 4584 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
20:08:30.0131 4584 usbohci - ok
20:08:30.0201 4584 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
20:08:30.0293 4584 usbprint - ok
20:08:30.0365 4584 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:08:30.0405 4584 USBSTOR - ok
20:08:30.0445 4584 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:08:30.0485 4584 usbuhci - ok
20:08:30.0552 4584 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:08:30.0609 4584 usbvideo - ok
20:08:30.0679 4584 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:08:30.0733 4584 vga - ok
20:08:30.0790 4584 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:08:30.0843 4584 VgaSave - ok
20:08:30.0885 4584 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:08:30.0933 4584 viaagp - ok
20:08:31.0011 4584 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:08:31.0073 4584 ViaC7 - ok
20:08:31.0105 4584 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:08:31.0120 4584 viaide - ok
20:08:31.0183 4584 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:08:31.0198 4584 volmgr - ok
20:08:31.0261 4584 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:08:31.0292 4584 volmgrx - ok
20:08:31.0401 4584 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:08:31.0432 4584 volsnap - ok
20:08:31.0464 4584 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:08:31.0479 4584 vsmraid - ok
20:08:31.0534 4584 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:08:31.0626 4584 WacomPen - ok
20:08:31.0722 4584 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:08:31.0764 4584 Wanarp - ok
20:08:31.0781 4584 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:08:31.0822 4584 Wanarpv6 - ok
20:08:31.0873 4584 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:08:31.0892 4584 Wd - ok
20:08:31.0954 4584 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
20:08:31.0992 4584 Wdf01000 - ok
20:08:32.0169 4584 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:08:32.0242 4584 winachsf - ok
20:08:32.0409 4584 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
20:08:32.0451 4584 WmiAcpi - ok
20:08:32.0566 4584 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:08:32.0612 4584 WpdUsb - ok
20:08:32.0644 4584 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:08:32.0706 4584 ws2ifsl - ok
20:08:32.0846 4584 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:08:32.0893 4584 WUDFRd - ok
20:08:32.0956 4584 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
20:08:32.0971 4584 XAudio - ok
20:08:33.0046 4584 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:08:33.0927 4584 \Device\Harddisk0\DR0 - ok
20:08:33.0960 4584 Boot (0x1200) (d6e883c3a2a12ada76cca6908d6f8bb7) \Device\Harddisk0\DR0\Partition0
20:08:33.0962 4584 \Device\Harddisk0\DR0\Partition0 - ok
20:08:33.0994 4584 Boot (0x1200) (d58acfd0291e4fd3d38bfba78ea38ffd) \Device\Harddisk0\DR0\Partition1
20:08:33.0996 4584 \Device\Harddisk0\DR0\Partition1 - ok
20:08:33.0996 4584 ============================================================
20:08:33.0996 4584 Scan finished
20:08:33.0996 4584 ============================================================
20:08:34.0041 4892 Detected object count: 0
20:08:34.0041 4892 Actual detected object count: 0

cosinus · 16.10.2011, 19:31

Schau bitte dirkt auf C: nach, da speichert der TDSS-Killer alle Logs.

Pukki · 26.10.2011, 21:19

Entschuldigung das es solang gedauert hat, aber inet war gekappt

Ich hatte aber nichtmals die möglichkeit iwie bescheid zu geben

Ich habe den log gefunden

er ist auch von datum und uhrzeit der erste

Zitat:

19:38:27.0062 4600 TDSS rootkit removing tool 2.6.9.0 Oct 14 2011 11:33:24
19:38:27.0336 4600 ============================================================
19:38:27.0336 4600 Current date / time: 2011/10/16 19:38:27.0336
19:38:27.0336 4600 SystemInfo:
19:38:27.0336 4600
19:38:27.0337 4600 OS Version: 6.0.6002 ServicePack: 2.0
19:38:27.0337 4600 Product type: Workstation
19:38:27.0337 4600 ComputerName: XXX-PC
19:38:27.0337 4600 UserName: XXX
19:38:27.0337 4600 Windows directory: C:\Windows
19:38:27.0337 4600 System windows directory: C:\Windows
19:38:27.0337 4600 Processor architecture: Intel x86
19:38:27.0337 4600 Number of processors: 2
19:38:27.0338 4600 Page size: 0x1000
19:38:27.0338 4600 Boot type: Normal boot
19:38:27.0338 4600 ============================================================
19:38:31.0392 4600 Initialize success
19:38:57.0980 5008 ============================================================
19:38:57.0980 5008 Scan started
19:38:57.0980 5008 Mode: Manual; SigCheck; TDLFS;
19:38:57.0980 5008 ============================================================
19:39:01.0647 5008 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:39:01.0940 5008 ACPI - ok
19:39:02.0196 5008 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:39:02.0290 5008 adp94xx - ok
19:39:03.0230 5008 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:39:03.0278 5008 adpahci - ok
19:39:03.0571 5008 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:39:03.0611 5008 adpu160m - ok
19:39:04.0117 5008 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:39:04.0189 5008 adpu320 - ok
19:39:04.0584 5008 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:39:05.0114 5008 AFD - ok
19:39:05.0364 5008 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:39:05.0395 5008 agp440 - ok
19:39:05.0442 5008 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:39:05.0489 5008 aic78xx - ok
19:39:05.0692 5008 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:39:05.0723 5008 aliide - ok
19:39:05.0770 5008 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:39:05.0801 5008 amdagp - ok
19:39:05.0848 5008 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:39:05.0879 5008 amdide - ok
19:39:05.0941 5008 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:39:06.0191 5008 AmdK7 - ok
19:39:06.0409 5008 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:39:06.0518 5008 AmdK8 - ok
19:39:06.0674 5008 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:39:06.0706 5008 arc - ok
19:39:06.0784 5008 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:39:06.0815 5008 arcsas - ok
19:39:06.0893 5008 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:39:07.0018 5008 AsyncMac - ok
19:39:07.0127 5008 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:39:07.0158 5008 atapi - ok
19:39:07.0642 5008 atikmdag (a2b6478963451a99c28da8133b648142) C:\Windows\system32\DRIVERS\atikmdag.sys
19:39:07.0969 5008 atikmdag - ok
19:39:08.0203 5008 AtiPcie (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
19:39:08.0281 5008 AtiPcie - ok
19:39:08.0500 5008 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
19:39:08.0609 5008 avgntflt - ok
19:39:08.0890 5008 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
19:39:08.0921 5008 avipbb - ok
19:39:09.0124 5008 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:39:09.0217 5008 Beep - ok
19:39:09.0436 5008 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:39:09.0514 5008 blbdrive - ok
19:39:09.0685 5008 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:39:09.0779 5008 bowser - ok
19:39:09.0919 5008 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:39:10.0044 5008 BrFiltLo - ok
19:39:10.0200 5008 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:39:10.0278 5008 BrFiltUp - ok
19:39:10.0528 5008 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:39:10.0824 5008 Brserid - ok
19:39:10.0933 5008 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:39:11.0105 5008 BrSerWdm - ok
19:39:11.0370 5008 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:39:11.0479 5008 BrUsbMdm - ok
19:39:11.0729 5008 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:39:11.0869 5008 BrUsbSer - ok
19:39:12.0119 5008 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:39:12.0244 5008 BTHMODEM - ok
19:39:12.0587 5008 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:39:12.0680 5008 cdfs - ok
19:39:12.0914 5008 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:39:12.0977 5008 cdrom - ok
19:39:13.0102 5008 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:39:13.0195 5008 circlass - ok
19:39:13.0398 5008 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:39:13.0429 5008 CLFS - ok
19:39:13.0585 5008 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:39:13.0663 5008 CmBatt - ok
19:39:13.0866 5008 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:39:13.0928 5008 cmdide - ok
19:39:14.0147 5008 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:39:14.0162 5008 Compbatt - ok
19:39:14.0240 5008 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:39:14.0256 5008 crcdisk - ok
19:39:14.0303 5008 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:39:14.0381 5008 Crusoe - ok
19:39:14.0506 5008 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:39:14.0584 5008 DfsC - ok
19:39:14.0693 5008 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:39:14.0724 5008 disk - ok
19:39:14.0786 5008 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:39:14.0864 5008 drmkaud - ok
19:39:15.0176 5008 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:39:15.0457 5008 DXGKrnl - ok
19:39:15.0894 5008 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:39:15.0988 5008 E1G60 - ok
19:39:16.0253 5008 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:39:16.0284 5008 Ecache - ok
19:39:16.0612 5008 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:39:16.0674 5008 elxstor - ok
19:39:16.0783 5008 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:39:16.0846 5008 ErrDev - ok
19:39:16.0970 5008 ewusbnet (921878114f48949cfae9abe6fc4c4cc3) C:\Windows\system32\DRIVERS\ewusbnet.sys
19:39:17.0080 5008 ewusbnet - ok
19:39:17.0204 5008 ew_hwusbdev (e98a64c7f106740a38fb2b78197816f8) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
19:39:17.0282 5008 ew_hwusbdev - ok
19:39:17.0392 5008 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:39:17.0548 5008 exfat - ok
19:39:17.0719 5008 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:39:17.0797 5008 fastfat - ok
19:39:17.0828 5008 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:39:17.0906 5008 fdc - ok
19:39:18.0000 5008 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:39:18.0016 5008 FileInfo - ok
19:39:18.0047 5008 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:39:18.0125 5008 Filetrace - ok
19:39:18.0172 5008 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:39:18.0265 5008 flpydisk - ok
19:39:18.0499 5008 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:39:18.0530 5008 FltMgr - ok
19:39:18.0702 5008 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:39:18.0796 5008 Fs_Rec - ok
19:39:19.0014 5008 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
19:39:19.0092 5008 FwLnk - ok
19:39:19.0154 5008 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:39:19.0201 5008 gagp30kx - ok
19:39:19.0451 5008 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:39:19.0591 5008 HdAudAddService - ok
19:39:20.0621 5008 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:39:20.0777 5008 HDAudBus - ok
19:39:21.0401 5008 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:39:21.0510 5008 HidBth - ok
19:39:22.0150 5008 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:39:22.0274 5008 HidIr - ok
19:39:22.0430 5008 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:39:22.0555 5008 HidUsb - ok
19:39:23.0335 5008 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:39:23.0351 5008 HpCISSs - ok
19:39:23.0881 5008 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:39:23.0975 5008 HSFHWAZL - ok
19:39:25.0316 5008 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:39:25.0504 5008 HSF_DPV - ok
19:39:25.0800 5008 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:39:25.0862 5008 HSXHWAZL - ok
19:39:26.0128 5008 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:39:26.0252 5008 HTTP - ok
19:39:26.0393 5008 huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
19:39:26.0455 5008 huawei_enumerator - ok
19:39:26.0564 5008 hwdatacard (0b3957226ec94b1ecb7b9348bb535a23) C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:39:26.0658 5008 hwdatacard - ok
19:39:26.0767 5008 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:39:26.0798 5008 i2omp - ok
19:39:27.0173 5008 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:39:27.0235 5008 i8042prt - ok
19:39:27.0313 5008 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:39:27.0376 5008 iaStorV - ok
19:39:27.0500 5008 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:39:27.0516 5008 iirsp - ok
19:39:28.0015 5008 IntcAzAudAddService (b9cbd3dea7ca02868621173bf7a2af9f) C:\Windows\system32\drivers\RTKVHDA.sys
19:39:28.0249 5008 IntcAzAudAddService - ok
19:39:28.0499 5008 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:39:28.0546 5008 intelide - ok
19:39:28.0795 5008 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:39:28.0873 5008 intelppm - ok
19:39:29.0060 5008 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:39:29.0154 5008 IpFilterDriver - ok
19:39:29.0294 5008 IpInIp - ok
19:39:29.0372 5008 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:39:29.0450 5008 IPMIDRV - ok
19:39:29.0591 5008 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:39:29.0669 5008 IPNAT - ok
19:39:29.0903 5008 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:39:29.0981 5008 IRENUM - ok
19:39:30.0121 5008 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:39:30.0152 5008 isapnp - ok
19:39:30.0418 5008 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:39:30.0464 5008 iScsiPrt - ok
19:39:30.0558 5008 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:39:30.0589 5008 iteatapi - ok
19:39:30.0652 5008 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:39:30.0683 5008 iteraid - ok
19:39:30.0886 5008 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:39:30.0901 5008 kbdclass - ok
19:39:31.0057 5008 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
19:39:31.0135 5008 kbdhid - ok
19:39:31.0338 5008 KLIM6 (91c8a1dcb82386ce6bbdb65bbf6ea51b) C:\Windows\system32\DRIVERS\klim6.sys
19:39:31.0385 5008 KLIM6 - ok
19:39:31.0588 5008 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
19:39:31.0634 5008 KSecDD - ok
19:39:31.0806 5008 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:39:31.0900 5008 lltdio - ok
19:39:32.0118 5008 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:39:32.0149 5008 LSI_FC - ok
19:39:32.0212 5008 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:39:32.0243 5008 LSI_SAS - ok
19:39:32.0290 5008 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:39:32.0336 5008 LSI_SCSI - ok
19:39:32.0414 5008 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:39:32.0492 5008 luafv - ok
19:39:32.0633 5008 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
19:39:32.0664 5008 MBAMProtector - ok
19:39:32.0773 5008 MBAMSwissArmy - ok
19:39:32.0851 5008 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:39:32.0882 5008 mdmxsdk - ok
19:39:32.0992 5008 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:39:33.0023 5008 megasas - ok
19:39:33.0085 5008 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:39:33.0148 5008 MegaSR - ok
19:39:33.0319 5008 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:39:33.0428 5008 Modem - ok
19:39:33.0506 5008 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:39:33.0584 5008 monitor - ok
19:39:33.0647 5008 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:39:33.0662 5008 mouclass - ok
19:39:33.0772 5008 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:39:33.0865 5008 mouhid - ok
19:39:33.0912 5008 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:39:33.0943 5008 MountMgr - ok
19:39:34.0208 5008 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:39:34.0302 5008 mpio - ok
19:39:34.0411 5008 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:39:34.0489 5008 mpsdrv - ok
19:39:34.0676 5008 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:39:34.0708 5008 Mraid35x - ok
19:39:34.0942 5008 MRV6X32U (dc4656b88285a65e1169b9750d2a7c04) C:\Windows\system32\DRIVERS\MRVW23B.sys
19:39:34.0988 5008 MRV6X32U ( UnsignedFile.Multi.Generic ) - warning
19:39:34.0988 5008 MRV6X32U - detected UnsignedFile.Multi.Generic (1)
19:39:35.0222 5008 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:39:35.0316 5008 MRxDAV - ok
19:39:35.0472 5008 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:39:35.0581 5008 mrxsmb - ok
19:39:35.0768 5008 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:39:35.0831 5008 mrxsmb10 - ok
19:39:35.0987 5008 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:39:36.0018 5008 mrxsmb20 - ok
19:39:36.0065 5008 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
19:39:36.0096 5008 msahci - ok
19:39:36.0330 5008 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:39:36.0377 5008 msdsm - ok
19:39:36.0564 5008 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:39:36.0658 5008 Msfs - ok
19:39:36.0845 5008 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:39:36.0860 5008 msisadrv - ok
19:39:37.0079 5008 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:39:37.0141 5008 MSKSSRV - ok
19:39:37.0282 5008 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:39:37.0375 5008 MSPCLOCK - ok
19:39:37.0562 5008 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:39:37.0625 5008 MSPQM - ok
19:39:37.0921 5008 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:39:37.0952 5008 MsRPC - ok
19:39:38.0108 5008 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:39:38.0140 5008 mssmbios - ok
19:39:38.0296 5008 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:39:38.0358 5008 MSTEE - ok
19:39:38.0623 5008 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:39:38.0654 5008 Mup - ok
19:39:38.0748 5008 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:39:38.0826 5008 NativeWifiP - ok
19:39:39.0138 5008 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:39:39.0263 5008 NDIS - ok
19:39:39.0341 5008 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:39:39.0403 5008 NdisTapi - ok
19:39:39.0434 5008 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:39:39.0512 5008 Ndisuio - ok
19:39:39.0575 5008 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:39:39.0653 5008 NdisWan - ok
19:39:39.0762 5008 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:39:39.0809 5008 NDProxy - ok
19:39:39.0856 5008 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:39:39.0934 5008 NetBIOS - ok
19:39:39.0996 5008 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:39:40.0090 5008 netbt - ok
19:39:40.0246 5008 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:39:40.0277 5008 nfrd960 - ok
19:39:40.0339 5008 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:39:40.0386 5008 Npfs - ok
19:39:40.0433 5008 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:39:40.0511 5008 nsiproxy - ok
19:39:41.0088 5008 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:39:41.0182 5008 Ntfs - ok
19:39:41.0291 5008 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:39:41.0416 5008 ntrigdigi - ok
19:39:41.0540 5008 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:39:41.0634 5008 Null - ok
19:39:41.0821 5008 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:39:41.0852 5008 nvraid - ok
19:39:42.0055 5008 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:39:42.0086 5008 nvstor - ok
19:39:42.0258 5008 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:39:42.0305 5008 nv_agp - ok
19:39:42.0383 5008 NwlnkFlt - ok
19:39:42.0430 5008 NwlnkFwd - ok
19:39:42.0523 5008 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
19:39:42.0648 5008 ohci1394 - ok
19:39:43.0007 5008 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:39:43.0147 5008 Parport - ok
19:39:43.0303 5008 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:39:43.0319 5008 partmgr - ok
19:39:43.0428 5008 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:39:43.0568 5008 Parvdm - ok
19:39:44.0052 5008 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:39:44.0068 5008 pci - ok
19:39:44.0239 5008 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
19:39:44.0255 5008 pciide - ok
19:39:44.0348 5008 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:39:44.0411 5008 pcmcia - ok
19:39:44.0723 5008 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:39:44.0926 5008 PEAUTH - ok
19:39:45.0191 5008 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:39:45.0269 5008 PptpMiniport - ok
19:39:45.0409 5008 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
19:39:45.0487 5008 Processor - ok
19:39:45.0643 5008 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:39:45.0690 5008 PSched - ok
19:39:45.0799 5008 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
19:39:45.0815 5008 PxHelp20 - ok
19:39:45.0986 5008 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:39:46.0111 5008 ql2300 - ok
19:39:46.0298 5008 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:39:46.0330 5008 ql40xx - ok
19:39:46.0376 5008 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:39:46.0470 5008 QWAVEdrv - ok
19:39:46.0548 5008 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:39:46.0610 5008 RasAcd - ok
19:39:46.0673 5008 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:39:46.0751 5008 Rasl2tp - ok
19:39:46.0876 5008 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:39:47.0016 5008 RasPppoe - ok
19:39:47.0094 5008 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:39:47.0141 5008 RasSstp - ok
19:39:47.0250 5008 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:39:47.0312 5008 rdbss - ok
19:39:47.0406 5008 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:39:47.0484 5008 RDPCDD - ok
19:39:47.0593 5008 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:39:47.0671 5008 rdpdr - ok
19:39:47.0749 5008 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:39:47.0812 5008 RDPENCDD - ok
19:39:47.0905 5008 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:39:47.0999 5008 RDPWD - ok
19:39:48.0202 5008 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:39:48.0264 5008 rspndr - ok
19:39:48.0373 5008 RTHDMIAzAudService (c853ae16ccf5033c0cba0855390f5c7f) C:\Windows\system32\drivers\RtHDMIV.sys
19:39:48.0420 5008 RTHDMIAzAudService - ok
19:39:48.0482 5008 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:39:48.0576 5008 RTL8169 - ok
19:39:48.0794 5008 RTL8187B (b71d269b9ab5417963e986126c12b9fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
19:39:48.0872 5008 RTL8187B - ok
19:39:48.0966 5008 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
19:39:49.0028 5008 RtlProt - ok
19:39:49.0075 5008 RTSTOR (9ff7d9cf3a5f296613588b0e8db83afe) C:\Windows\system32\drivers\RTSTOR.SYS
19:39:49.0153 5008 RTSTOR - ok
19:39:49.0247 5008 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:39:49.0294 5008 sbp2port - ok
19:39:49.0372 5008 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:39:49.0528 5008 secdrv - ok
19:39:49.0777 5008 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:39:49.0886 5008 Serenum - ok
19:39:50.0011 5008 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:39:50.0120 5008 Serial - ok
19:39:50.0261 5008 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:39:50.0323 5008 sermouse - ok
19:39:50.0542 5008 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
19:39:50.0588 5008 sffdisk - ok
19:39:50.0682 5008 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:39:50.0760 5008 sffp_mmc - ok
19:39:50.0791 5008 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
19:39:50.0869 5008 sffp_sd - ok
19:39:50.0963 5008 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:39:51.0150 5008 sfloppy - ok
19:39:51.0337 5008 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:39:51.0368 5008 sisagp - ok
19:39:51.0493 5008 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:39:51.0587 5008 SiSRaid2 - ok
19:39:51.0618 5008 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:39:51.0680 5008 SiSRaid4 - ok
19:39:51.0914 5008 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:39:51.0977 5008 Smb - ok
19:39:52.0601 5008 SNP2STD (97b19508eb11097eac08f0c195ee948d) C:\Windows\system32\DRIVERS\snp2sxp.sys
19:39:53.0365 5008 SNP2STD - ok
19:39:53.0490 5008 SPC530 (437198c0d349b0e0d4305d3081c5e912) C:\Windows\system32\drivers\SPC530.sys
19:39:53.0599 5008 SPC530 - ok
19:39:53.0693 5008 SPC530m (92e0ce241498b483404a957e709329cc) C:\Windows\system32\drivers\SPC530m.sys
19:39:53.0740 5008 SPC530m - ok
19:39:53.0786 5008 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:39:53.0818 5008 spldr - ok
19:39:53.0880 5008 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:39:53.0974 5008 srv - ok
19:39:54.0083 5008 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:39:54.0145 5008 srv2 - ok
19:39:54.0223 5008 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:39:54.0270 5008 srvnet - ok
19:39:54.0348 5008 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
19:39:54.0410 5008 sscdbus - ok
19:39:54.0520 5008 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
19:39:54.0582 5008 sscdmdfl - ok
19:39:54.0660 5008 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
19:39:54.0707 5008 sscdmdm - ok
19:39:54.0816 5008 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:39:54.0832 5008 ssmdrv - ok
19:39:54.0925 5008 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
19:39:54.0988 5008 StillCam - ok
19:39:55.0081 5008 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:39:55.0112 5008 swenum - ok
19:39:55.0190 5008 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:39:55.0237 5008 Symc8xx - ok
19:39:55.0284 5008 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:39:55.0300 5008 Sym_hi - ok
19:39:55.0331 5008 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:39:55.0362 5008 Sym_u3 - ok
19:39:55.0409 5008 SynTP (55f6e55cc2430ca8713387106fa79817) C:\Windows\system32\DRIVERS\SynTP.sys
19:39:55.0471 5008 SynTP - ok
19:39:55.0627 5008 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
19:39:55.0705 5008 Tcpip - ok
19:39:55.0752 5008 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
19:39:55.0814 5008 Tcpip6 - ok
19:39:55.0924 5008 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:39:56.0048 5008 tcpipreg - ok
19:39:56.0126 5008 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
19:39:56.0220 5008 tdcmdpst - ok
19:39:56.0314 5008 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:39:56.0392 5008 TDPIPE - ok
19:39:56.0423 5008 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:39:56.0485 5008 TDTCP - ok
19:39:56.0548 5008 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:39:56.0626 5008 tdx - ok
19:39:56.0735 5008 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:39:56.0766 5008 TermDD - ok
19:39:56.0875 5008 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
19:39:56.0922 5008 tos_sps32 - ok
19:39:57.0031 5008 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:39:57.0094 5008 tssecsrv - ok
19:39:57.0125 5008 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:39:57.0203 5008 tunmp - ok
19:39:57.0296 5008 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:39:57.0343 5008 tunnel - ok
19:39:57.0421 5008 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
19:39:57.0437 5008 TVALZ - ok
19:39:57.0515 5008 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:39:57.0546 5008 uagp35 - ok
19:39:57.0593 5008 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:39:57.0655 5008 udfs - ok
19:39:57.0718 5008 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:39:57.0749 5008 uliagpkx - ok
19:39:57.0811 5008 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:39:57.0858 5008 uliahci - ok
19:39:57.0936 5008 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:39:57.0983 5008 UlSata - ok
19:39:58.0045 5008 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:39:58.0092 5008 ulsata2 - ok
19:39:58.0139 5008 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:39:58.0217 5008 umbus - ok
19:39:58.0342 5008 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
19:39:58.0420 5008 usbaudio - ok
19:39:58.0482 5008 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:39:58.0544 5008 usbccgp - ok
19:39:58.0638 5008 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:39:58.0763 5008 usbcir - ok
19:39:58.0841 5008 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:39:58.0903 5008 usbehci - ok
19:39:58.0950 5008 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:39:59.0012 5008 usbhub - ok
19:39:59.0075 5008 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
19:39:59.0153 5008 usbohci - ok
19:39:59.0215 5008 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
19:39:59.0340 5008 usbprint - ok
19:39:59.0434 5008 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:39:59.0480 5008 USBSTOR - ok
19:39:59.0527 5008 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:39:59.0605 5008 usbuhci - ok
19:39:59.0652 5008 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:39:59.0746 5008 usbvideo - ok
19:39:59.0839 5008 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:39:59.0917 5008 vga - ok
19:39:59.0964 5008 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:40:00.0042 5008 VgaSave - ok
19:40:00.0073 5008 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:40:00.0104 5008 viaagp - ok
19:40:00.0198 5008 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:40:00.0276 5008 ViaC7 - ok
19:40:00.0323 5008 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:40:00.0354 5008 viaide - ok
19:40:00.0416 5008 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:40:00.0432 5008 volmgr - ok
19:40:00.0541 5008 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:40:00.0572 5008 volmgrx - ok
19:40:00.0682 5008 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:40:00.0713 5008 volsnap - ok
19:40:00.0806 5008 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:40:00.0838 5008 vsmraid - ok
19:40:00.0884 5008 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:40:01.0025 5008 WacomPen - ok
19:40:01.0134 5008 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:40:01.0196 5008 Wanarp - ok
19:40:01.0212 5008 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:40:01.0259 5008 Wanarpv6 - ok
19:40:01.0306 5008 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:40:01.0337 5008 Wd - ok
19:40:01.0399 5008 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:40:01.0446 5008 Wdf01000 - ok
19:40:01.0618 5008 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:40:01.0696 5008 winachsf - ok
19:40:01.0930 5008 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
19:40:01.0976 5008 WmiAcpi - ok
19:40:02.0070 5008 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:40:02.0164 5008 WpdUsb - ok
19:40:02.0257 5008 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:40:02.0304 5008 ws2ifsl - ok
19:40:02.0366 5008 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:40:02.0460 5008 WUDFRd - ok
19:40:02.0522 5008 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
19:40:02.0569 5008 XAudio - ok
19:40:02.0678 5008 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:40:03.0568 5008 \Device\Harddisk0\DR0 - ok
19:40:03.0599 5008 Boot (0x1200) (d6e883c3a2a12ada76cca6908d6f8bb7) \Device\Harddisk0\DR0\Partition0
19:40:03.0614 5008 \Device\Harddisk0\DR0\Partition0 - ok
19:40:03.0646 5008 Boot (0x1200) (d58acfd0291e4fd3d38bfba78ea38ffd) \Device\Harddisk0\DR0\Partition1
19:40:03.0646 5008 \Device\Harddisk0\DR0\Partition1 - ok
19:40:03.0646 5008 ============================================================
19:40:03.0646 5008 Scan finished
19:40:03.0646 5008 ============================================================
19:40:03.0677 5064 Detected object count: 1
19:40:03.0677 5064 Actual detected object count: 1
19:41:06.0202 5064 HKLM\SYSTEM\ControlSet001\services\MRV6X32U - will be deleted on reboot
19:41:06.0295 5064 HKLM\SYSTEM\ControlSet003\services\MRV6X32U - will be deleted on reboot
19:41:06.0311 5064 C:\Windows\system32\DRIVERS\MRVW23B.sys - will be deleted on reboot
19:41:06.0311 5064 MRV6X32U ( UnsignedFile.Multi.Generic ) - User select action: Delete
19:42:22.0298 5508 Deinitialize success

cosinus · 27.10.2011, 08:06

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

10.10.2011, 12:20	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Win32.agent.fbx(trojaner anzeige),Tradedoubler, MediaPlex-Nicht löschbar. Hast du noch das OTL.txt Log vom ersten Durchlauf? Die Extras sind weniger wichtig. __________________ --> Win32.agent.fbx(trojaner anzeige),Tradedoubler, MediaPlex-Nicht löschbar.

16.10.2011, 19:31	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Win32.agent.fbx(trojaner anzeige),Tradedoubler, MediaPlex-Nicht löschbar. Schau bitte dirkt auf C: nach, da speichert der TDSS-Killer alle Logs. __________________ Logfiles bitte immer in CODE-Tags posten

Win32.agent.fbx(trojaner anzeige),Tradedoubler, MediaPlex-Nicht löschbar.

Log-Analyse und Auswertung: Win32.agent.fbx(trojaner anzeige),Tradedoubler, MediaPlex-Nicht löschbar.