Hab ich einen Virus? - Problembeschreibung

Rap01 · 30.10.2011, 21:26

Hi,

also wie der Titel schon sagt, bin ich ich mir nicht sicher (obwohl ich es zu 95% vermute) ob ich einen Virus oder ähnliches habe.

Also zum Problem: Seit einiger Zeit haben immer mehr Browser den Geist aufgegeben (Safari, IE, Firefox), was sich in der Form äußert das sie trotz Doppelklick einfach nichtmehr starten. Desweiteren habe ich jetzt festgestellt das meine Internetverbindung IMMER fast ausgelastet ist (merkt man daran das alles total lahm is und außerdem zeigt mir DUMeter das auch so an) auch wenn ich überhaupt garnichts mache, was auch nur im Entferntesten damit zutun haben könnte.

Demnach bin ich mir eigentlich ziemlich sicher das es an einem Virus oder ähnlichem liegen muss. Kann mir da jemand helfen?

EDIT: Mir wurde gesagt das es wahrscheinlich ein Vrius namens "search qu" ist, wäre das möglich? bzw. wie finde ich das raus?

cosinus · 30.10.2011, 23:57

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Rap01 · 31.10.2011, 04:10

Soooooo, hier erstma die Logs:

Mailwarebytes - aktueller log (ältere sind im Anhang zu finden!)

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8048

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

31.10.2011 03:58:10
mbam-log-2011-10-31 (03-58-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 406332
Laufzeit: 52 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Und hier noch der ESETS Log:

# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-31 01:42:58
# local_time=2011-10-31 02:42:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1486975 1486975 0 0
# compatibility_mode=5893 16776574 100 94 10976757 71650575 0 0
# compatibility_mode=8192 67108863 100 0 6080 6080 0 0
# scanned=203021
# found=11
# cleaned=0
# scan_time=4653
C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Martin\Desktop\Desktop-alt\eBay.lnk Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Martin\Downloads\icq_status_checker17(2).zip Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Martin\Downloads\icq_status_checker17.zip Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Martin\Downloads\SoftonicDownloader14191.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Martin\Downloads\SoftonicDownloader29287.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Martin\Downloads\SoftonicDownloader_fuer_free-screen-to-video.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Martin\Downloads\SoftonicDownloader_fuer_photobie(1).exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Martin\Downloads\SoftonicDownloader_fuer_photobie.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Martin\Downloads\speedupmypc.exe Win32/SpeedUpMyPC application (unable to clean) 00000000000000000000000000000000 I

cosinus · 31.10.2011, 10:43

Zitat:

C:\Users\Martin\Downloads\SoftonicDownloader14191.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Martin\Downloads\SoftonicDownloader29287.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Martin\Downloads\SoftonicDownloader_fuer_free-screen-to-video.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Martin\Downloads\SoftonicDownloader_fuer_photobie(1).exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Martin\Downloads\SoftonicDownloader_fuer_photobie.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I

Bitte nicht falsch verstehen, aber irgendwie hab ich den Eindruck es ist ein Volkssport geworden sich sämtlichen Kram von Softonic zu laden. Da ist immer irgendein Müll wie Toolbars oder der sinnlose Softonic Downloader drin. Warum lädst du die Software nicht von der Seite des Herstellers oder notfalls bei chip.de?

Rap01 · 31.10.2011, 13:17

Gute Frage,

hab ich bis jetz eigentlich nie so drauf geachtet. Klar lad ich nichts von iwelchen Seiten die mir nich vertrauenswürdig erscheinen etc., aber Softonic sah ich nie als schlimm an. Jetz weiß ichs besser

Können wir zum eigentlich Problem zurückkehren

?

cosinus · 31.10.2011, 13:56

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Rap01 · 31.10.2011, 14:30

Hier das Ergebnis des Scans mit OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 31.10.2011 14:16:08 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Martin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,87 Gb Total Physical Memory | 2,80 Gb Available Physical Memory | 72,48% Memory free
7,73 Gb Paging File | 6,41 Gb Available in Paging File | 82,90% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,66 Gb Total Space | 342,69 Gb Free Space | 75,54% Space Free | Partition Type: NTFS
 
Computer Name: ABC-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.30 20:43:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.09 19:54:18 | 001,599,888 | ---- | M] (Bandoo Media, inc) -- C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2011.08.02 07:37:54 | 003,630,936 | ---- | M] () -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe
PRC - [2009.10.29 12:31:00 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009.10.13 20:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.10.13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.09.30 13:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 13:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.09.17 07:50:14 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2009.04.07 08:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009.02.03 13:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2008.12.08 15:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.03.12 14:45:32 | 000,135,168 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SCANEN~1.DLL
MOD - [2008.11.21 12:58:42 | 000,057,344 | ---- | M] () -- C:\PROGRA~2\EPSONS~1\EVENTM~1\ASSIST~1\SCANAS~1\SATWAIN.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.11.24 15:17:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.11.02 12:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.31 18:15:16 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Users\Martin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2011.08.02 07:37:54 | 003,630,936 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2010.11.04 11:45:14 | 000,186,368 | ---- | M] (MAGIX AG) [Auto | Stopped] -- C:\Program Files (x86)\MAGIX\PC_Check_Tuning_Free_2011\MXSAS.exe -- (MAGIX StartUp Analyze Service)
SRV - [2010.03.25 17:50:28 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.10.29 12:31:00 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.10.29 11:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.10.13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009.09.30 13:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.09.30 13:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.08.29 02:05:56 | 000,044,312 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009.08.28 10:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.07.28 21:25:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.03 13:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.12.08 15:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008.08.07 09:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2007.12.17 23:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007.01.11 23:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.26 11:50:46 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.09.26 11:50:46 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.11.24 15:52:16 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.11.06 05:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.11.02 12:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.10.23 06:27:12 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.10.13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.10.12 12:00:52 | 000,151,040 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.10.05 08:49:34 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.09.17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.08.05 21:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.24 11:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.06 01:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 01:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008.06.16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009.11.11 16:46:50 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/25 18:02:11] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009.09.02 02:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.01.01 19:57:08 | 000,021,504 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\NDNdisprot.sys -- (NDNdisprot)
DRV - [2002.10.08 01:07:38 | 000,011,376 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273606105235l0444z1l5f4522x543
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273606105235l0444z1l5f4522x543
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273606105235l0444z1l5f4522x543
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273606105235l0444z1l5f4522x543
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=cqde&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273606105235l0444z1l5f4522x543
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/417
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=cqde"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4}:3.2.5.2
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {5b1fdac4-a239-4933-9c52-b65a2a720b75}:2.3
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.12 06:35:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.17 17:32:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files (x86)\Mein Gutscheincode Finder\Firefox [2011.06.28 16:35:22 | 000,000,000 | ---D | M]
 
[2011.09.11 18:38:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2011.10.29 20:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions
[2011.03.10 18:42:46 | 000,000,000 | ---D | M] (Picnik) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{5b1fdac4-a239-4933-9c52-b65a2a720b75}
[2011.10.29 20:35:40 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2011.10.22 15:42:18 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.10.22 15:45:26 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.09.11 18:38:10 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.10.29 20:35:41 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011.01.02 18:22:51 | 000,000,000 | ---D | M] (kikin plugin (murb.com Edition)) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2010.08.25 15:40:09 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.22 15:45:38 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.03.24 19:19:21 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\engine@conduit.com
[2011.04.05 21:11:26 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com
[2011.08.31 18:10:15 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@Facemoods.com
[2011.10.29 20:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\staged
[2011.01.30 22:49:46 | 000,002,810 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\askcom.xml
[2011.08.31 18:04:52 | 000,001,125 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\conduit.xml
[2011.01.30 22:49:46 | 000,001,097 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\icqplugin-1.xml
[2011.08.31 18:04:52 | 000,001,180 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\icqplugin.xml
[2011.09.11 18:38:00 | 000,002,503 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\SearchResults.xml
[2011.01.30 22:49:46 | 000,001,864 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\{0E76172C-BCDC-43AB-8917-02435FCCFD58}.xml
[2011.01.30 22:49:46 | 000,002,071 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\{249296CA-CA3D-4529-A7FF-1C7DAF50AA10}.xml
[2011.01.30 22:49:46 | 000,002,182 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\{7721236D-A24E-4FD7-9AAA-602DB71602D8}.xml
[2011.01.30 22:51:12 | 000,001,088 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\{C5DF0265-6C1C-499F-AA64-D122A8296734}.xml
[2011.09.11 18:38:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.06.28 16:35:22 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\PROGRAM FILES (X86)\MEIN GUTSCHEINCODE FINDER\FIREFOX
[2011.09.11 18:38:20 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2011.05.12 06:35:32 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.08.31 18:04:52 | 000,001,678 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.05 21:11:26 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.08.31 18:04:52 | 000,001,929 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.08.31 18:04:52 | 000,001,265 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.31 18:10:21 | 000,001,617 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.08.31 18:04:52 | 000,007,045 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.11 18:38:00 | 000,002,503 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2011.08.31 18:04:52 | 000,001,272 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.31 18:04:52 | 000,001,164 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll (Conversion One GmbH)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Martin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [rfxsrvtray] C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E2B3E88-B1DB-4696-BDDD-15CAF291F1F1}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\datamngr.dll) -C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\IEBHO.dll) -C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\SysWOW64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.31 04:05:33 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Neuer Ordner (3)
[2011.10.31 00:44:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.10.30 21:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.10.30 21:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2011.10.30 20:42:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2011.10.23 00:42:57 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\MAGIX_MxTray
[2011.10.23 00:42:38 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\OnDemandDump
[2011.10.23 00:42:38 | 000,000,000 | ---D | C] -- C:\Users\Martin\Documents\CrashLog
[2011.10.21 13:46:47 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Neuer Ordner (2)
[2011.10.13 20:24:08 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Avira
[2011.10.13 20:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.13 20:23:07 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.13 20:23:07 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.13 20:23:07 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.10.13 20:22:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.10.13 20:22:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.10.07 14:51:07 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\CD 07.10.2011 -2-
[2011.10.07 14:02:21 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\CD 07.10.2011
[2011.10.02 13:35:31 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\German Charts + diverses -- 01.10.2011
[2011.10.02 12:43:43 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\SunShine-Live to MP'3    -2-
[2011.10.02 12:43:27 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\@disco 2
[2009.02.17 12:34:12 | 000,028,672 | ---- | C] (TOSHIBA) -- C:\Program Files (x86)\LaMaster - Autostarter.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.31 14:15:20 | 000,000,440 | ---- | M] () -- C:\Windows\tasks\PCCT - MAGIX AG.job
[2011.10.31 13:52:17 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.31 13:17:05 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.31 13:17:05 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.31 13:15:10 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.10.31 13:15:10 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.10.31 13:15:10 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.10.31 13:15:10 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.10.31 13:15:10 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.10.31 13:10:18 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.31 13:09:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.31 13:09:21 | 3113,304,064 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.30 21:04:04 | 001,110,476 | ---- | M] () -- C:\Users\Martin\Desktop\7z920.exe
[2011.10.30 20:43:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2011.10.30 20:42:05 | 000,000,000 | ---- | M] () -- C:\Users\Martin\defogger_reenable
[2011.10.30 20:40:33 | 000,050,477 | ---- | M] () -- C:\Users\Martin\Desktop\Defogger.exe
[2011.10.27 16:55:00 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2011.10.26 21:14:02 | 088,599,198 | ---- | M] () -- C:\Users\Martin\Desktop\[Hardstyle] Peps_on_E - SHOCK !.mp3
[2011.10.25 20:25:19 | 000,107,693 | ---- | M] () -- C:\Users\Martin\Desktop\imag0043.jpg
[2011.10.25 20:25:09 | 000,126,679 | ---- | M] () -- C:\Users\Martin\Desktop\imag0049.jpg
[2011.10.22 20:06:17 | 007,835,058 | ---- | M] () -- C:\Users\Martin\Desktop\Böhse Onkelz- Keine ist wie du.mp3
[2011.10.13 17:11:17 | 000,407,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.11 14:00:01 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.10.07 15:11:03 | 000,000,374 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\burnaware.ini
[2011.10.02 13:05:58 | 008,771,003 | ---- | M] () -- C:\Users\Martin\Desktop\01-chris_avedon_and_coon-als_gaebs_kein_morgen_mehr_(1h_radio_edit).mp3
 
========== Files Created - No Company Name ==========
 
[2011.10.30 21:02:33 | 001,110,476 | ---- | C] () -- C:\Users\Martin\Desktop\7z920.exe
[2011.10.30 20:42:05 | 000,000,000 | ---- | C] () -- C:\Users\Martin\defogger_reenable
[2011.10.30 20:40:31 | 000,050,477 | ---- | C] () -- C:\Users\Martin\Desktop\Defogger.exe
[2011.10.26 21:12:36 | 088,599,198 | ---- | C] () -- C:\Users\Martin\Desktop\[Hardstyle] Peps_on_E - SHOCK !.mp3
[2011.10.25 20:25:19 | 000,107,693 | ---- | C] () -- C:\Users\Martin\Desktop\imag0043.jpg
[2011.10.25 20:25:08 | 000,126,679 | ---- | C] () -- C:\Users\Martin\Desktop\imag0049.jpg
[2011.10.23 00:42:39 | 000,000,440 | ---- | C] () -- C:\Windows\tasks\PCCT - MAGIX AG.job
[2011.10.22 20:06:10 | 007,835,058 | ---- | C] () -- C:\Users\Martin\Desktop\Böhse Onkelz- Keine ist wie du.mp3
[2011.10.19 23:45:44 | 008,771,003 | ---- | C] () -- C:\Users\Martin\Desktop\01-chris_avedon_and_coon-als_gaebs_kein_morgen_mehr_(1h_radio_edit).mp3
[2011.08.22 22:00:47 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2011.05.14 15:58:48 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.05.14 15:58:48 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.05.13 00:43:35 | 000,000,000 | ---- | C] () -- C:\Users\Martin\AppData\Local\{C8923A1C-4E4E-4DCE-B69A-342CFE394A6B}
[2011.04.05 21:11:39 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.01.23 22:50:15 | 000,000,374 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\burnaware.ini
[2010.12.29 15:41:47 | 000,000,166 | ---- | C] () -- C:\Windows\wininit.ini
[2010.09.23 21:15:37 | 000,033,134 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\UserTile.png
[2010.09.21 15:22:39 | 000,000,096 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\wklnhst.dat
[2010.08.23 17:48:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.01 16:18:37 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2010.06.30 16:41:18 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010.06.30 16:41:18 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010.06.30 16:41:18 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010.06.30 16:41:18 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010.06.30 16:41:18 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010.06.30 16:41:18 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010.06.30 16:41:18 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010.06.30 16:41:18 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010.06.30 16:41:18 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010.06.30 16:41:18 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010.06.30 16:41:18 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010.06.30 16:41:18 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010.06.30 16:41:18 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010.06.30 16:41:18 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010.06.30 16:41:18 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010.06.30 16:41:18 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010.06.30 16:41:18 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010.06.30 16:41:18 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010.06.30 16:41:18 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010.06.28 17:09:52 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.06.25 01:26:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.06.23 09:48:29 | 000,000,017 | ---- | C] () -- C:\Users\Martin\AppData\Local\resmon.resmoncfg
[2010.03.25 17:41:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.11.05 23:47:00 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.02.02 13:48:06 | 000,035,775 | ---- | C] () -- C:\Program Files (x86)\lamaster setup.jpg
[2009.02.02 11:53:52 | 000,023,462 | ---- | C] () -- C:\Program Files (x86)\LaMaster.de-licence.rtf
[2008.11.13 20:04:00 | 000,041,582 | ---- | C] () -- C:\Program Files (x86)\setup.jpg
[2002.10.08 01:07:38 | 000,011,376 | R--- | C] () -- C:\Windows\SysWow64\drivers\SECDRV.SYS
[1999.01.22 18:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2010.06.23 14:25:48 | 000,000,000 | -HSD | M] -- C:\Users\Martin\AppData\Roaming\.#
[2011.01.30 20:39:47 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Desktopicon
[2011.08.31 18:04:43 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DesktopIconForAmazon
[2011.08.01 19:25:28 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoft
[2011.04.13 16:57:29 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.02 03:52:27 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Epson
[2011.09.22 20:05:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FreeScreenToVideo
[2010.06.23 14:25:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GameConsole
[2011.10.31 14:15:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ICQ
[2011.08.31 18:04:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ICQ-Tools.de
[2011.02.01 21:24:52 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\kikin
[2011.10.23 00:43:06 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\MAGIX
[2011.01.30 22:49:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OCS
[2011.05.20 13:53:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Opera
[2010.09.23 21:15:37 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PeerNetworking
[2011.01.30 22:49:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\soul.im
[2010.09.21 15:23:15 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Template
[2011.08.22 22:01:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Tobit
[2011.03.26 13:50:51 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TS3Client
[2011.07.14 21:14:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TuneUp Software
[2011.10.27 16:55:00 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\Epson Printer Software Downloader.job
[2011.10.31 14:15:20 | 000,000,440 | ---- | M] () -- C:\Windows\Tasks\PCCT - MAGIX AG.job
[2011.08.28 00:27:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.06.23 14:25:48 | 000,000,000 | -HSD | M] -- C:\Users\Martin\AppData\Roaming\.#
[2011.01.07 01:24:10 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Adobe
[2010.06.20 19:29:05 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ATI
[2011.10.13 20:24:08 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Avira
[2011.04.04 00:11:02 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\AVS4YOU
[2010.10.21 18:13:42 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\CyberLink
[2011.01.30 20:39:47 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Desktopicon
[2011.08.31 18:04:43 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DesktopIconForAmazon
[2011.08.01 19:25:28 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoft
[2011.04.13 16:57:29 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.02 03:52:27 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Epson
[2011.09.22 20:05:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FreeScreenToVideo
[2010.06.23 14:25:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GameConsole
[2010.06.20 19:30:21 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Google
[2011.10.31 14:15:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ICQ
[2011.08.31 18:04:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ICQ-Tools.de
[2010.06.20 19:27:48 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Identities
[2010.06.30 16:41:16 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\InstallShield
[2011.02.01 21:24:52 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\kikin
[2010.06.20 19:28:23 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Macromedia
[2011.10.23 00:43:06 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\MAGIX
[2010.12.29 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Malwarebytes
[2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Media Center Programs
[2011.02.02 22:09:15 | 000,000,000 | --SD | M] -- C:\Users\Martin\AppData\Roaming\Microsoft
[2010.06.28 17:06:01 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Microsoft Web Folders
[2010.06.25 01:26:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Mozilla
[2010.10.09 17:28:20 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Nero
[2011.01.30 22:49:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\OCS
[2011.05.20 13:53:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Opera
[2010.09.23 21:15:37 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\PeerNetworking
[2011.09.22 22:04:02 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Skype
[2011.05.10 23:09:02 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\skypePM
[2011.01.30 22:49:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\soul.im
[2010.09.21 15:23:15 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Template
[2011.08.22 22:01:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Tobit
[2011.03.26 13:50:51 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TS3Client
[2011.07.14 21:14:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TuneUp Software
[2011.09.23 18:26:25 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2011.08.31 18:04:42 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Martin\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2010.12.29 15:41:46 | 000,752,688 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\kikin\kikin_updater_2.4.15.exe
[2011.01.30 22:49:07 | 000,001,150 | R--- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Installer\{3A47DA3C-0C2E-4D94-9BCE-6EA3550B37C9}\_651038EDDF4131C6129748.exe
[2011.01.30 22:49:07 | 000,001,150 | R--- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Installer\{3A47DA3C-0C2E-4D94-9BCE-6EA3550B37C9}\_8E3A11B443B9FA1ADE028C.exe
[2011.01.30 22:49:07 | 000,004,286 | R--- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Installer\{3A47DA3C-0C2E-4D94-9BCE-6EA3550B37C9}\_C6A6B59C4116B767DC08DB.exe
[2010.11.23 20:48:56 | 000,188,272 | ---- | M] (kikin) -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\platform\WINNT\components\KikinCrashReporter.exe
[2011.08.31 18:15:16 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Martin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2011.08.31 18:15:16 | 000,040,960 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2009.02.19 22:54:14 | 000,364,544 | ---- | M] (soul.im) -- C:\Users\Martin\AppData\Roaming\soul.im\LaMaster\LaMaster.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.10.13 20:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.10.13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.10.13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.10.13 20:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_6fca727099cdabf1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:AB689DEA

< End of report >

--- --- ---

cosinus · 31.10.2011, 14:57

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273606105235l0444z1l5f4522x543
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273606105235l0444z1l5f4522x543
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273606105235l0444z1l5f4522x543
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273606105235l0444z1l5f4522x543
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=cqde&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj75&r=273606105235l0444z1l5f4522x543
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/417
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=cqde"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
[2011.03.10 18:42:46 | 000,000,000 | ---D | M] (Picnik) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{5b1fdac4-a239-4933-9c52-b65a2a720b75}
[2011.10.29 20:35:40 | 000,000,000 | ---D | M] (Freeware.de Community Toolbar) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2011.10.22 15:42:18 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.10.22 15:45:26 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.09.11 18:38:10 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.10.29 20:35:41 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2011.01.02 18:22:51 | 000,000,000 | ---D | M] (kikin plugin (murb.com Edition)) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2010.08.25 15:40:09 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.22 15:45:38 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.03.24 19:19:21 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\engine@conduit.com
[2011.04.05 21:11:26 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com
[2011.08.31 18:10:15 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@Facemoods.com
[2011.10.29 20:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\staged
[2011.01.30 22:49:46 | 000,002,810 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\askcom.xml
[2011.08.31 18:04:52 | 000,001,125 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\conduit.xml
[2011.01.30 22:49:46 | 000,001,097 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\icqplugin-1.xml
[2011.08.31 18:04:52 | 000,001,180 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\icqplugin.xml
[2011.09.11 18:38:00 | 000,002,503 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\SearchResults.xml
[2011.01.30 22:49:46 | 000,001,864 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\{0E76172C-BCDC-43AB-8917-02435FCCFD58}.xml
[2011.01.30 22:49:46 | 000,002,071 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\{249296CA-CA3D-4529-A7FF-1C7DAF50AA10}.xml
[2011.01.30 22:49:46 | 000,002,182 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\{7721236D-A24E-4FD7-9AAA-602DB71602D8}.xml
[2011.01.30 22:51:12 | 000,001,088 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\{C5DF0265-6C1C-499F-AA64-D122A8296734}.xml
[2011.06.28 16:35:22 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\PROGRAM FILES (X86)\MEIN GUTSCHEINCODE FINDER\FIREFOX
[2011.09.11 18:38:20 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
2:64bit: - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x64\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Program Files (x86)\Freeware.de\prxtbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe (facemoods.com)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\datamngr.dll) -C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\IEBHO.dll) -C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O32 - HKLM CDRom: AutoRun - 1
[2010.06.23 14:25:48 | 000,000,000 | -HSD | M] -- C:\Users\Martin\AppData\Roaming\.#
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:AB689DEA
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Rap01 · 31.10.2011, 15:32

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully.
C:\Program Files (x86)\Freeware.de\prxtbFree.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ deleted successfully.
C:\Program Files (x86)\MyAshampoo\tbMyAs.dll moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Program Files (x86)\Freeware.de\prxtbFree.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.
File C:\Program Files (x86)\MyAshampoo\tbMyAs.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename
Prefs.js: "Freeware.de Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Web Search" removed from browser.search.order.1
Prefs.js: "Facemoods Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://start.facemoods.com/?a=cqde" removed from browser.startup.homepage
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: "chrome://browser-region/locale/region.properties" removed from keyword.URL
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{5b1fdac4-a239-4933-9c52-b65a2a720b75}\chrome folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{5b1fdac4-a239-4933-9c52-b65a2a720b75} folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\searchplugin folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\modules folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\META-INF folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\defaults folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\components folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}\chrome folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025} folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\js folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\images folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\css folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2 folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\searchplugin folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\modules folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\META-INF folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\defaults folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\chrome folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\settings folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\platform\WINNT\plugins folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\platform\WINNT\components folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\platform\WINNT folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\platform folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\components folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\chrome folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\searchplugin folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\modules folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\META-INF folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\defaults folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\chrome folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\tmp\text-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\tmp\props folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\tmp\prop-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\tmp folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\text-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\props folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\prop-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\defaults\.svn\tmp\text-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\defaults\.svn\tmp\props folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\defaults\.svn\tmp\prop-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\defaults\.svn\tmp folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\defaults\.svn\text-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\defaults\.svn\props folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\defaults\.svn\prop-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\defaults\.svn folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\tmp\text-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\tmp\props folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\tmp\prop-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\tmp folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\text-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\props folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\prop-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\tmp\text-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\tmp\props folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\tmp\prop-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\tmp folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\props folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\tmp\text-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\tmp\props folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\tmp\prop-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\tmp folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\props folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\.svn\tmp\text-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\.svn\tmp\props folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\.svn\tmp\prop-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\.svn\tmp folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\.svn\text-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\.svn\props folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\.svn\prop-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content\.svn folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\.svn\tmp\text-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\.svn\tmp\props folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\.svn\tmp\prop-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\.svn\tmp folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\.svn\text-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\.svn\props folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\.svn\prop-base folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com\.svn folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@Facemoods.com\content\preferences folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@Facemoods.com\content\images folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@Facemoods.com\content folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@Facemoods.com\chrome folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\ffxtlbr@Facemoods.com folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\staged\engine@conduit.com folder moved successfully.
C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\necs8nqg.default\extensions\staged folder moved successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\askcom.xml moved successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\conduit.xml moved successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\SearchResults.xml moved successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\{0E76172C-BCDC-43AB-8917-02435FCCFD58}.xml moved successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\{249296CA-CA3D-4529-A7FF-1C7DAF50AA10}.xml moved successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\{7721236D-A24E-4FD7-9AAA-602DB71602D8}.xml moved successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\necs8nqg.default\searchplugins\{C5DF0265-6C1C-499F-AA64-D122A8296734}.xml moved successfully.
C:\PROGRAM FILES (X86)\MEIN GUTSCHEINCODE FINDER\FIREFOX\chrome\skin folder moved successfully.
C:\PROGRAM FILES (X86)\MEIN GUTSCHEINCODE FINDER\FIREFOX\chrome\locale\en-US folder moved successfully.
C:\PROGRAM FILES (X86)\MEIN GUTSCHEINCODE FINDER\FIREFOX\chrome\locale folder moved successfully.
C:\PROGRAM FILES (X86)\MEIN GUTSCHEINCODE FINDER\FIREFOX\chrome\content folder moved successfully.
C:\PROGRAM FILES (X86)\MEIN GUTSCHEINCODE FINDER\FIREFOX\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\MEIN GUTSCHEINCODE FINDER\FIREFOX folder moved successfully.
C:\PROGRAM FILES (X86)\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION\content folder moved successfully.
C:\PROGRAM FILES (X86)\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION\components folder moved successfully.
C:\PROGRAM FILES (X86)\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
C:\Program Files (x86)\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\bh\facemoods.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Program Files (x86)\Freeware.de\prxtbFree.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.
File C:\Program Files (x86)\MyAshampoo\tbMyAs.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}\ deleted successfully.
C:\Program Files (x86)\kikin\ie_kikin.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7e111a5c-3d11-4f56-9463-5310c3c69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e111a5c-3d11-4f56-9463-5310c3c69025}\ not found.
File C:\Program Files (x86)\Freeware.de\prxtbFree.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.
File C:\Program Files (x86)\MyAshampoo\tbMyAs.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodsTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}\ not found.
File C:\Program Files (x86)\MyAshampoo\tbMyAs.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods deleted successfully.
C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.8\facemoodssrv.exe moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll deleted successfully.
C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll deleted successfully.
C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\datamngr.dll deleted successfully.
File pInit_DLLs: (C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\datamngr.dll) -C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\IEBHO.dll deleted successfully.
File pInit_DLLs: (C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\IEBHO.dll) -C:\PROGRA~2\Windows Searchqu Toolbar\Datamngr\IEBHO.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\Users\Martin\AppData\Roaming\.# folder moved successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: ABC

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gaeste
->Temp folder emptied: 48745569 bytes
->Temporary Internet Files folder emptied: 1138584 bytes
->FireFox cache emptied: 49848255 bytes
->Opera cache emptied: 8167061 bytes
->Flash cache emptied: 482 bytes

User: Gast
->Temp folder emptied: 586224 bytes
->Temporary Internet Files folder emptied: 22524522 bytes
->FireFox cache emptied: 97494673 bytes
->Flash cache emptied: 4280 bytes

User: Martin
->Temp folder emptied: 22180399 bytes
->Temporary Internet Files folder emptied: 224089390 bytes
->FireFox cache emptied: 57278994 bytes
->Google Chrome cache emptied: 99808246 bytes
->Opera cache emptied: 3939331 bytes
->Flash cache emptied: 42413 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82545 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102293 bytes
RecycleBin emptied: 43674359 bytes

Total Files Cleaned = 648,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 10312011_152143

Files\Folders moved on Reboot...
C:\Users\Martin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 31.10.2011, 15:39

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Rap01 · 31.10.2011, 16:29

16:21:06.0208 4316 TDSS rootkit removing tool 2.6.14.0 Oct 28 2011 11:11:01
16:21:08.0221 4316 ============================================================
16:21:08.0221 4316 Current date / time: 2011/10/31 16:21:08.0221
16:21:08.0221 4316 SystemInfo:
16:21:08.0221 4316
16:21:08.0221 4316 OS Version: 6.1.7601 ServicePack: 1.0
16:21:08.0221 4316 Product type: Workstation
16:21:08.0221 4316 ComputerName: ABC-PC
16:21:08.0221 4316 UserName: Martin
16:21:08.0221 4316 Windows directory: C:\Windows
16:21:08.0221 4316 System windows directory: C:\Windows
16:21:08.0221 4316 Running under WOW64
16:21:08.0221 4316 Processor architecture: Intel x64
16:21:08.0221 4316 Number of processors: 4
16:21:08.0221 4316 Page size: 0x1000
16:21:08.0221 4316 Boot type: Normal boot
16:21:08.0221 4316 ============================================================
16:21:08.0517 4316 Initialize success
16:23:16.0294 4576 ============================================================
16:23:16.0294 4576 Scan started
16:23:16.0294 4576 Mode: Manual; SigCheck; TDLFS;
16:23:16.0294 4576 ============================================================
16:23:16.0887 4576 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:23:16.0965 4576 1394ohci - ok
16:23:17.0090 4576 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:23:17.0106 4576 ACPI - ok
16:23:17.0152 4576 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:23:17.0262 4576 AcpiPmi - ok
16:23:17.0355 4576 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:23:17.0386 4576 adp94xx - ok
16:23:17.0480 4576 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:23:17.0496 4576 adpahci - ok
16:23:17.0605 4576 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:23:17.0620 4576 adpu320 - ok
16:23:17.0683 4576 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:23:17.0745 4576 AFD - ok
16:23:17.0854 4576 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:23:17.0870 4576 agp440 - ok
16:23:17.0901 4576 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:23:17.0917 4576 aliide - ok
16:23:18.0010 4576 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:23:18.0026 4576 amdide - ok
16:23:18.0073 4576 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:23:18.0135 4576 AmdK8 - ok
16:23:18.0260 4576 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:23:18.0322 4576 AmdPPM - ok
16:23:18.0447 4576 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
16:23:18.0463 4576 amdsata - ok
16:23:18.0510 4576 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:23:18.0525 4576 amdsbs - ok
16:23:18.0634 4576 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
16:23:18.0634 4576 amdxata - ok
16:23:18.0759 4576 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:23:18.0884 4576 AppID - ok
16:23:18.0993 4576 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:23:19.0009 4576 arc - ok
16:23:19.0024 4576 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:23:19.0040 4576 arcsas - ok
16:23:19.0149 4576 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:23:19.0290 4576 AsyncMac - ok
16:23:19.0383 4576 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:23:19.0399 4576 atapi - ok
16:23:19.0446 4576 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys
16:23:19.0524 4576 athr - ok
16:23:19.0726 4576 atikmdag (19b5c61cb09bff2bd69e063ee54b56c3) C:\Windows\system32\DRIVERS\atikmdag.sys
16:23:19.0960 4576 atikmdag - ok
16:23:20.0070 4576 atksgt (4aef9ec86818375495fb78ca58df4e18) C:\Windows\system32\DRIVERS\atksgt.sys
16:23:20.0101 4576 atksgt ( UnsignedFile.Multi.Generic ) - warning
16:23:20.0101 4576 atksgt - detected UnsignedFile.Multi.Generic (1)
16:23:20.0210 4576 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
16:23:20.0241 4576 avgntflt - ok
16:23:20.0257 4576 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
16:23:20.0272 4576 avipbb - ok
16:23:20.0366 4576 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
16:23:20.0382 4576 avkmgr - ok
16:23:20.0428 4576 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:23:20.0460 4576 b06bdrv - ok
16:23:20.0553 4576 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:23:20.0600 4576 b57nd60a - ok
16:23:20.0694 4576 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:23:20.0756 4576 Beep - ok
16:23:20.0865 4576 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:23:20.0881 4576 blbdrive - ok
16:23:20.0990 4576 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:23:21.0037 4576 bowser - ok
16:23:21.0130 4576 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:23:21.0193 4576 BrFiltLo - ok
16:23:21.0286 4576 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:23:21.0302 4576 BrFiltUp - ok
16:23:21.0318 4576 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:23:21.0349 4576 Brserid - ok
16:23:21.0442 4576 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:23:21.0474 4576 BrSerWdm - ok
16:23:21.0552 4576 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:23:21.0583 4576 BrUsbMdm - ok
16:23:21.0692 4576 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:23:21.0723 4576 BrUsbSer - ok
16:23:21.0848 4576 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:23:21.0879 4576 BTHMODEM - ok
16:23:21.0988 4576 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:23:22.0066 4576 cdfs - ok
16:23:22.0191 4576 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:23:22.0222 4576 cdrom - ok
16:23:22.0316 4576 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:23:22.0347 4576 circlass - ok
16:23:22.0425 4576 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:23:22.0441 4576 CLFS - ok
16:23:22.0503 4576 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:23:22.0519 4576 CmBatt - ok
16:23:22.0597 4576 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:23:22.0612 4576 cmdide - ok
16:23:22.0675 4576 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
16:23:22.0690 4576 CNG - ok
16:23:22.0768 4576 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:23:22.0784 4576 Compbatt - ok
16:23:22.0831 4576 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:23:22.0862 4576 CompositeBus - ok
16:23:22.0940 4576 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:23:22.0956 4576 crcdisk - ok
16:23:23.0018 4576 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:23:23.0065 4576 DfsC - ok
16:23:23.0143 4576 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:23:23.0174 4576 discache - ok
16:23:23.0205 4576 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:23:23.0205 4576 Disk - ok
16:23:23.0221 4576 DKbFltr - ok
16:23:23.0299 4576 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:23:23.0330 4576 drmkaud - ok
16:23:23.0439 4576 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:23:23.0470 4576 DXGKrnl - ok
16:23:23.0611 4576 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:23:23.0720 4576 ebdrv - ok
16:23:23.0814 4576 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:23:23.0845 4576 elxstor - ok
16:23:23.0954 4576 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:23:24.0001 4576 ErrDev - ok
16:23:24.0110 4576 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:23:24.0172 4576 exfat - ok
16:23:24.0282 4576 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:23:24.0328 4576 fastfat - ok
16:23:24.0406 4576 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:23:24.0453 4576 fdc - ok
16:23:24.0547 4576 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:23:24.0562 4576 FileInfo - ok
16:23:24.0578 4576 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:23:24.0640 4576 Filetrace - ok
16:23:24.0718 4576 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:23:24.0750 4576 flpydisk - ok
16:23:24.0859 4576 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:23:24.0859 4576 FltMgr - ok
16:23:24.0906 4576 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:23:24.0906 4576 FsDepends - ok
16:23:25.0015 4576 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:23:25.0030 4576 Fs_Rec - ok
16:23:25.0077 4576 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:23:25.0077 4576 fvevol - ok
16:23:25.0171 4576 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:23:25.0186 4576 gagp30kx - ok
16:23:25.0202 4576 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:23:25.0233 4576 hcw85cir - ok
16:23:25.0358 4576 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:23:25.0389 4576 HdAudAddService - ok
16:23:25.0498 4576 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:23:25.0530 4576 HDAudBus - ok
16:23:25.0623 4576 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
16:23:25.0623 4576 HECIx64 - ok
16:23:25.0654 4576 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:23:25.0670 4576 HidBatt - ok
16:23:25.0764 4576 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:23:25.0795 4576 HidBth - ok
16:23:25.0888 4576 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:23:25.0920 4576 HidIr - ok
16:23:26.0013 4576 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:23:26.0044 4576 HidUsb - ok
16:23:26.0154 4576 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:23:26.0169 4576 HpSAMD - ok
16:23:26.0294 4576 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:23:26.0356 4576 HTTP - ok
16:23:26.0434 4576 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:23:26.0450 4576 hwpolicy - ok
16:23:26.0497 4576 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:23:26.0512 4576 i8042prt - ok
16:23:26.0606 4576 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
16:23:26.0606 4576 iaStor - ok
16:23:26.0731 4576 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
16:23:26.0746 4576 iaStorV - ok
16:23:26.0856 4576 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:23:26.0871 4576 iirsp - ok
16:23:26.0902 4576 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
16:23:26.0934 4576 Impcd - ok
16:23:27.0058 4576 IntcAzAudAddService (492cd3a94913d753b4591cd9e29ec843) C:\Windows\system32\drivers\RTKVHD64.sys
16:23:27.0105 4576 IntcAzAudAddService - ok
16:23:27.0214 4576 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:23:27.0230 4576 intelide - ok
16:23:27.0261 4576 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:23:27.0292 4576 intelppm - ok
16:23:27.0386 4576 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:23:27.0433 4576 IpFilterDriver - ok
16:23:27.0480 4576 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:23:27.0495 4576 IPMIDRV - ok
16:23:27.0589 4576 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:23:27.0636 4576 IPNAT - ok
16:23:27.0729 4576 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:23:27.0745 4576 IRENUM - ok
16:23:27.0854 4576 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:23:27.0870 4576 isapnp - ok
16:23:27.0885 4576 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:23:27.0901 4576 iScsiPrt - ok
16:23:27.0994 4576 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
16:23:28.0010 4576 k57nd60a - ok
16:23:28.0057 4576 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:23:28.0072 4576 kbdclass - ok
16:23:28.0166 4576 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:23:28.0197 4576 kbdhid - ok
16:23:28.0306 4576 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
16:23:28.0306 4576 KSecDD - ok
16:23:28.0353 4576 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
16:23:28.0353 4576 KSecPkg - ok
16:23:28.0447 4576 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:23:28.0494 4576 ksthunk - ok
16:23:28.0587 4576 lirsgt (b658b7076b1acaa5876524595630f183) C:\Windows\system32\DRIVERS\lirsgt.sys
16:23:28.0603 4576 lirsgt ( UnsignedFile.Multi.Generic ) - warning
16:23:28.0603 4576 lirsgt - detected UnsignedFile.Multi.Generic (1)
16:23:28.0696 4576 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:23:28.0743 4576 lltdio - ok
16:23:28.0852 4576 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:23:28.0868 4576 LSI_FC - ok
16:23:28.0899 4576 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:23:28.0915 4576 LSI_SAS - ok
16:23:29.0008 4576 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:23:29.0024 4576 LSI_SAS2 - ok
16:23:29.0040 4576 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:23:29.0055 4576 LSI_SCSI - ok
16:23:29.0149 4576 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:23:29.0196 4576 luafv - ok
16:23:29.0305 4576 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:23:29.0320 4576 megasas - ok
16:23:29.0336 4576 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:23:29.0352 4576 MegaSR - ok
16:23:29.0445 4576 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:23:29.0492 4576 Modem - ok
16:23:29.0601 4576 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:23:29.0617 4576 monitor - ok
16:23:29.0726 4576 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:23:29.0742 4576 mouclass - ok
16:23:29.0757 4576 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:23:29.0788 4576 mouhid - ok
16:23:29.0866 4576 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:23:29.0882 4576 mountmgr - ok
16:23:29.0929 4576 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:23:29.0944 4576 mpio - ok
16:23:30.0022 4576 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:23:30.0069 4576 mpsdrv - ok
16:23:30.0194 4576 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:23:30.0225 4576 MRxDAV - ok
16:23:30.0350 4576 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:23:30.0381 4576 mrxsmb - ok
16:23:30.0506 4576 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:23:30.0522 4576 mrxsmb10 - ok
16:23:30.0631 4576 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:23:30.0646 4576 mrxsmb20 - ok
16:23:30.0693 4576 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:23:30.0709 4576 msahci - ok
16:23:30.0818 4576 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:23:30.0834 4576 msdsm - ok
16:23:30.0943 4576 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:23:30.0990 4576 Msfs - ok
16:23:31.0005 4576 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:23:31.0052 4576 mshidkmdf - ok
16:23:31.0161 4576 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:23:31.0161 4576 msisadrv - ok
16:23:31.0270 4576 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:23:31.0317 4576 MSKSSRV - ok
16:23:31.0411 4576 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:23:31.0458 4576 MSPCLOCK - ok
16:23:31.0582 4576 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:23:31.0645 4576 MSPQM - ok
16:23:31.0770 4576 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:23:31.0785 4576 MsRPC - ok
16:23:31.0863 4576 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:23:31.0879 4576 mssmbios - ok
16:23:32.0004 4576 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:23:32.0066 4576 MSTEE - ok
16:23:32.0175 4576 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:23:32.0222 4576 MTConfig - ok
16:23:32.0347 4576 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:23:32.0347 4576 Mup - ok
16:23:32.0487 4576 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:23:32.0550 4576 NativeWifiP - ok
16:23:32.0706 4576 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:23:32.0737 4576 NDIS - ok
16:23:32.0846 4576 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:23:32.0940 4576 NdisCap - ok
16:23:33.0049 4576 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:23:33.0127 4576 NdisTapi - ok
16:23:33.0236 4576 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:23:33.0330 4576 Ndisuio - ok
16:23:33.0361 4576 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:23:33.0423 4576 NdisWan - ok
16:23:33.0501 4576 NDNdisprot - ok
16:23:33.0548 4576 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:23:33.0595 4576 NDProxy - ok
16:23:33.0720 4576 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:23:33.0766 4576 NetBIOS - ok
16:23:33.0876 4576 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:23:33.0938 4576 NetBT - ok
16:23:34.0156 4576 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
16:23:34.0375 4576 NETw5s64 - ok
16:23:34.0453 4576 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:23:34.0468 4576 nfrd960 - ok
16:23:34.0500 4576 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:23:34.0546 4576 Npfs - ok
16:23:34.0624 4576 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:23:34.0671 4576 nsiproxy - ok
16:23:34.0780 4576 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
16:23:34.0812 4576 Ntfs - ok
16:23:34.0905 4576 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
16:23:34.0921 4576 NTIDrvr - ok
16:23:34.0968 4576 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:23:35.0014 4576 Null - ok
16:23:35.0092 4576 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
16:23:35.0108 4576 nvraid - ok
16:23:35.0217 4576 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
16:23:35.0233 4576 nvstor - ok
16:23:35.0264 4576 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:23:35.0280 4576 nv_agp - ok
16:23:35.0389 4576 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:23:35.0420 4576 ohci1394 - ok
16:23:35.0514 4576 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:23:35.0529 4576 Parport - ok
16:23:35.0560 4576 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:23:35.0576 4576 partmgr - ok
16:23:35.0685 4576 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:23:35.0685 4576 pci - ok
16:23:35.0732 4576 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:23:35.0748 4576 pciide - ok
16:23:35.0857 4576 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:23:35.0872 4576 pcmcia - ok
16:23:35.0888 4576 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:23:35.0904 4576 pcw - ok
16:23:36.0013 4576 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:23:36.0075 4576 PEAUTH - ok
16:23:36.0184 4576 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:23:36.0247 4576 PptpMiniport - ok
16:23:36.0262 4576 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:23:36.0294 4576 Processor - ok
16:23:36.0387 4576 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:23:36.0434 4576 Psched - ok
16:23:36.0465 4576 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
16:23:36.0465 4576 PxHlpa64 - ok
16:23:36.0590 4576 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:23:36.0637 4576 ql2300 - ok
16:23:36.0715 4576 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:23:36.0730 4576 ql40xx - ok
16:23:36.0777 4576 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:23:36.0808 4576 QWAVEdrv - ok
16:23:36.0871 4576 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:23:36.0933 4576 RasAcd - ok
16:23:37.0027 4576 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:23:37.0058 4576 RasAgileVpn - ok
16:23:37.0105 4576 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:23:37.0152 4576 Rasl2tp - ok
16:23:37.0276 4576 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:23:37.0323 4576 RasPppoe - ok
16:23:37.0432 4576 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:23:37.0479 4576 RasSstp - ok
16:23:37.0588 4576 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:23:37.0635 4576 rdbss - ok
16:23:37.0729 4576 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:23:37.0760 4576 rdpbus - ok
16:23:37.0854 4576 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:23:37.0900 4576 RDPCDD - ok
16:23:38.0010 4576 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:23:38.0056 4576 RDPENCDD - ok
16:23:38.0150 4576 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:23:38.0197 4576 RDPREFMP - ok
16:23:38.0244 4576 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:23:38.0290 4576 RDPWD - ok
16:23:38.0400 4576 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:23:38.0415 4576 rdyboost - ok
16:23:38.0524 4576 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:23:38.0571 4576 rspndr - ok
16:23:38.0649 4576 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\System32\Drivers\RtsUStor.sys
16:23:38.0680 4576 RSUSBSTOR - ok
16:23:38.0774 4576 RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys
16:23:38.0790 4576 RTHDMIAzAudService - ok
16:23:38.0836 4576 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:23:38.0852 4576 sbp2port - ok
16:23:38.0961 4576 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:23:39.0008 4576 scfilter - ok
16:23:39.0024 4576 SecDrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\SECDRV.SYS
16:23:39.0070 4576 SecDrv - ok
16:23:39.0180 4576 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:23:39.0195 4576 Serenum - ok
16:23:39.0211 4576 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:23:39.0242 4576 Serial - ok
16:23:39.0351 4576 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:23:39.0382 4576 sermouse - ok
16:23:39.0429 4576 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:23:39.0445 4576 sffdisk - ok
16:23:39.0554 4576 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:23:39.0585 4576 sffp_mmc - ok
16:23:39.0694 4576 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:23:39.0710 4576 sffp_sd - ok
16:23:39.0819 4576 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:23:39.0835 4576 sfloppy - ok
16:23:39.0960 4576 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:23:39.0975 4576 SiSRaid2 - ok
16:23:40.0069 4576 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:23:40.0084 4576 SiSRaid4 - ok
16:23:40.0116 4576 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:23:40.0147 4576 Smb - ok
16:23:40.0256 4576 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:23:40.0272 4576 spldr - ok
16:23:40.0334 4576 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:23:40.0365 4576 srv - ok
16:23:40.0474 4576 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:23:40.0490 4576 srv2 - ok
16:23:40.0599 4576 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:23:40.0615 4576 srvnet - ok
16:23:40.0708 4576 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:23:40.0724 4576 stexstor - ok
16:23:40.0771 4576 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:23:40.0786 4576 swenum - ok
16:23:40.0880 4576 SynTP (ecb9097c86db32bf3940590e0e1792c3) C:\Windows\system32\DRIVERS\SynTP.sys
16:23:40.0896 4576 SynTP - ok
16:23:40.0974 4576 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
16:23:41.0020 4576 Tcpip - ok
16:23:41.0145 4576 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
16:23:41.0192 4576 TCPIP6 - ok
16:23:41.0286 4576 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:23:41.0332 4576 tcpipreg - ok
16:23:41.0410 4576 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:23:41.0457 4576 TDPIPE - ok
16:23:41.0473 4576 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:23:41.0520 4576 TDTCP - ok
16:23:41.0660 4576 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:23:41.0722 4576 tdx - ok
16:23:41.0832 4576 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:23:41.0847 4576 TermDD - ok
16:23:41.0972 4576 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:23:42.0050 4576 tssecsrv - ok
16:23:42.0144 4576 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:23:42.0175 4576 TsUsbFlt - ok
16:23:42.0222 4576 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:23:42.0284 4576 tunnel - ok
16:23:42.0378 4576 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
16:23:42.0393 4576 TurboB - ok
16:23:42.0424 4576 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:23:42.0440 4576 uagp35 - ok
16:23:42.0518 4576 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
16:23:42.0534 4576 UBHelper - ok
16:23:42.0596 4576 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:23:42.0658 4576 udfs - ok
16:23:42.0768 4576 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:23:42.0783 4576 uliagpkx - ok
16:23:42.0892 4576 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:23:42.0908 4576 umbus - ok
16:23:42.0986 4576 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:23:43.0017 4576 UmPass - ok
16:23:43.0064 4576 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
16:23:43.0080 4576 usbccgp - ok
16:23:43.0189 4576 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:23:43.0220 4576 usbcir - ok
16:23:43.0329 4576 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
16:23:43.0345 4576 usbehci - ok
16:23:43.0470 4576 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
16:23:43.0501 4576 usbhub - ok
16:23:43.0594 4576 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
16:23:43.0610 4576 usbohci - ok
16:23:43.0657 4576 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:23:43.0672 4576 usbprint - ok
16:23:43.0782 4576 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:23:43.0828 4576 usbscan - ok
16:23:43.0938 4576 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:23:43.0953 4576 USBSTOR - ok
16:23:44.0078 4576 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
16:23:44.0094 4576 usbuhci - ok
16:23:44.0109 4576 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:23:44.0125 4576 usbvideo - ok
16:23:44.0234 4576 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:23:44.0250 4576 vdrvroot - ok
16:23:44.0281 4576 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:23:44.0296 4576 vga - ok
16:23:44.0374 4576 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:23:44.0437 4576 VgaSave - ok
16:23:44.0484 4576 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:23:44.0499 4576 vhdmp - ok
16:23:44.0920 4576 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:23:44.0936 4576 viaide - ok
16:23:45.0045 4576 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:23:45.0061 4576 volmgr - ok
16:23:45.0154 4576 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:23:45.0170 4576 volmgrx - ok
16:23:45.0232 4576 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:23:45.0248 4576 volsnap - ok
16:23:45.0326 4576 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:23:45.0342 4576 vsmraid - ok
16:23:45.0357 4576 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:23:45.0388 4576 vwifibus - ok
16:23:45.0451 4576 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:23:45.0482 4576 vwififlt - ok
16:23:45.0513 4576 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:23:45.0544 4576 WacomPen - ok
16:23:45.0622 4576 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:23:45.0685 4576 WANARP - ok
16:23:45.0685 4576 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:23:45.0716 4576 Wanarpv6 - ok
16:23:45.0825 4576 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:23:45.0841 4576 Wd - ok
16:23:45.0888 4576 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:23:45.0903 4576 Wdf01000 - ok
16:23:45.0997 4576 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:23:46.0028 4576 WfpLwf - ok
16:23:46.0059 4576 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:23:46.0075 4576 WIMMount - ok
16:23:46.0122 4576 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:23:46.0137 4576 WmiAcpi - ok
16:23:46.0231 4576 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:23:46.0278 4576 ws2ifsl - ok
16:23:46.0324 4576 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:23:46.0371 4576 WudfPf - ok
16:23:46.0465 4576 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:23:46.0527 4576 WUDFRd - ok
16:23:46.0574 4576 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
16:23:46.0590 4576 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
16:23:46.0605 4576 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:23:46.0683 4576 \Device\Harddisk0\DR0 - ok
16:23:46.0699 4576 Boot (0x1200) (3409caf472bdffe7e10b57e26df5cc3f) \Device\Harddisk0\DR0\Partition0
16:23:46.0699 4576 \Device\Harddisk0\DR0\Partition0 - ok
16:23:46.0730 4576 Boot (0x1200) (78f50f31e80f610e1f2208157ef962c9) \Device\Harddisk0\DR0\Partition1
16:23:46.0730 4576 \Device\Harddisk0\DR0\Partition1 - ok
16:23:46.0730 4576 ============================================================
16:23:46.0730 4576 Scan finished
16:23:46.0730 4576 ============================================================
16:23:46.0730 3240 Detected object count: 2
16:23:46.0730 3240 Actual detected object count: 2
16:24:05.0341 3240 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
16:24:05.0341 3240 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:24:05.0341 3240 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
16:24:05.0341 3240 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:24:48.0662 4284 ============================================================
16:24:48.0662 4284 Scan started
16:24:48.0662 4284 Mode: Manual; SigCheck; TDLFS;
16:24:48.0662 4284 ============================================================
16:24:48.0927 4284 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:24:48.0959 4284 1394ohci - ok
16:24:49.0021 4284 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:24:49.0021 4284 ACPI - ok
16:24:49.0146 4284 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:24:49.0161 4284 AcpiPmi - ok
16:24:49.0208 4284 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:24:49.0224 4284 adp94xx - ok
16:24:49.0317 4284 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:24:49.0333 4284 adpahci - ok
16:24:49.0380 4284 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:24:49.0395 4284 adpu320 - ok
16:24:49.0489 4284 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:24:49.0505 4284 AFD - ok
16:24:49.0598 4284 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:24:49.0614 4284 agp440 - ok
16:24:49.0629 4284 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:24:49.0629 4284 aliide - ok
16:24:49.0739 4284 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:24:49.0754 4284 amdide - ok
16:24:49.0801 4284 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:24:49.0801 4284 AmdK8 - ok
16:24:49.0926 4284 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:24:49.0941 4284 AmdPPM - ok
16:24:49.0988 4284 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
16:24:50.0004 4284 amdsata - ok
16:24:50.0129 4284 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:24:50.0144 4284 amdsbs - ok
16:24:50.0175 4284 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
16:24:50.0191 4284 amdxata - ok
16:24:50.0316 4284 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:24:50.0363 4284 AppID - ok
16:24:50.0409 4284 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:24:50.0425 4284 arc - ok
16:24:50.0534 4284 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:24:50.0534 4284 arcsas - ok
16:24:50.0565 4284 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:24:50.0612 4284 AsyncMac - ok
16:24:50.0706 4284 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:24:50.0721 4284 atapi - ok
16:24:50.0768 4284 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys
16:24:50.0799 4284 athr - ok
16:24:50.0987 4284 atikmdag (19b5c61cb09bff2bd69e063ee54b56c3) C:\Windows\system32\DRIVERS\atikmdag.sys
16:24:51.0049 4284 atikmdag - ok
16:24:51.0158 4284 atksgt (4aef9ec86818375495fb78ca58df4e18) C:\Windows\system32\DRIVERS\atksgt.sys
16:24:51.0174 4284 atksgt ( UnsignedFile.Multi.Generic ) - warning
16:24:51.0174 4284 atksgt - detected UnsignedFile.Multi.Generic (1)
16:24:51.0205 4284 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
16:24:51.0221 4284 avgntflt - ok
16:24:51.0314 4284 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
16:24:51.0314 4284 avipbb - ok
16:24:51.0330 4284 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
16:24:51.0345 4284 avkmgr - ok
16:24:51.0439 4284 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:24:51.0455 4284 b06bdrv - ok
16:24:51.0548 4284 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:24:51.0548 4284 b57nd60a - ok
16:24:51.0579 4284 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:24:51.0626 4284 Beep - ok
16:24:51.0704 4284 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:24:51.0704 4284 blbdrive - ok
16:24:51.0767 4284 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:24:51.0767 4284 bowser - ok
16:24:51.0845 4284 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:24:51.0860 4284 BrFiltLo - ok
16:24:51.0876 4284 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:24:51.0891 4284 BrFiltUp - ok
16:24:51.0907 4284 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:24:51.0923 4284 Brserid - ok
16:24:51.0985 4284 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:24:52.0001 4284 BrSerWdm - ok
16:24:52.0016 4284 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:24:52.0032 4284 BrUsbMdm - ok
16:24:52.0032 4284 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:24:52.0047 4284 BrUsbSer - ok
16:24:52.0063 4284 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:24:52.0063 4284 BTHMODEM - ok
16:24:52.0094 4284 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:24:52.0125 4284 cdfs - ok
16:24:52.0172 4284 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:24:52.0188 4284 cdrom - ok
16:24:52.0266 4284 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:24:52.0281 4284 circlass - ok
16:24:52.0313 4284 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:24:52.0328 4284 CLFS - ok
16:24:52.0422 4284 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:24:52.0437 4284 CmBatt - ok
16:24:52.0484 4284 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:24:52.0500 4284 cmdide - ok
16:24:52.0593 4284 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
16:24:52.0609 4284 CNG - ok
16:24:52.0703 4284 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:24:52.0703 4284 Compbatt - ok
16:24:52.0781 4284 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:24:52.0796 4284 CompositeBus - ok
16:24:52.0859 4284 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:24:52.0874 4284 crcdisk - ok
16:24:52.0952 4284 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:24:52.0983 4284 DfsC - ok
16:24:53.0046 4284 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:24:53.0077 4284 discache - ok
16:24:53.0124 4284 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:24:53.0139 4284 Disk - ok
16:24:53.0139 4284 DKbFltr - ok
16:24:53.0202 4284 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:24:53.0217 4284 drmkaud - ok
16:24:53.0311 4284 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:24:53.0327 4284 DXGKrnl - ok
16:24:53.0467 4284 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:24:53.0514 4284 ebdrv - ok
16:24:53.0639 4284 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:24:53.0654 4284 elxstor - ok
16:24:53.0763 4284 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:24:53.0779 4284 ErrDev - ok
16:24:53.0841 4284 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:24:53.0873 4284 exfat - ok
16:24:53.0982 4284 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:24:54.0013 4284 fastfat - ok
16:24:54.0044 4284 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:24:54.0060 4284 fdc - ok
16:24:54.0185 4284 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:24:54.0200 4284 FileInfo - ok
16:24:54.0216 4284 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:24:54.0263 4284 Filetrace - ok
16:24:54.0341 4284 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:24:54.0356 4284 flpydisk - ok
16:24:54.0403 4284 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:24:54.0419 4284 FltMgr - ok
16:24:54.0512 4284 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:24:54.0528 4284 FsDepends - ok
16:24:54.0543 4284 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:24:54.0543 4284 Fs_Rec - ok
16:24:54.0653 4284 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:24:54.0668 4284 fvevol - ok
16:24:54.0684 4284 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:24:54.0699 4284 gagp30kx - ok
16:24:54.0793 4284 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:24:54.0809 4284 hcw85cir - ok
16:24:54.0855 4284 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:24:54.0871 4284 HdAudAddService - ok
16:24:54.0980 4284 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:24:54.0996 4284 HDAudBus - ok
16:24:55.0027 4284 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
16:24:55.0043 4284 HECIx64 - ok
16:24:55.0136 4284 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:24:55.0152 4284 HidBatt - ok
16:24:55.0167 4284 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:24:55.0183 4284 HidBth - ok
16:24:55.0277 4284 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:24:55.0292 4284 HidIr - ok
16:24:55.0339 4284 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:24:55.0339 4284 HidUsb - ok
16:24:55.0464 4284 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:24:55.0479 4284 HpSAMD - ok
16:24:55.0589 4284 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:24:55.0635 4284 HTTP - ok
16:24:55.0713 4284 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:24:55.0729 4284 hwpolicy - ok
16:24:55.0776 4284 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:24:55.0791 4284 i8042prt - ok
16:24:55.0869 4284 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
16:24:55.0885 4284 iaStor - ok
16:24:55.0994 4284 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
16:24:56.0010 4284 iaStorV - ok
16:24:56.0119 4284 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:24:56.0119 4284 iirsp - ok
16:24:56.0150 4284 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys
16:24:56.0166 4284 Impcd - ok
16:24:56.0291 4284 IntcAzAudAddService (492cd3a94913d753b4591cd9e29ec843) C:\Windows\system32\drivers\RTKVHD64.sys
16:24:56.0322 4284 IntcAzAudAddService - ok
16:24:56.0415 4284 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:24:56.0431 4284 intelide - ok
16:24:56.0462 4284 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:24:56.0478 4284 intelppm - ok
16:24:56.0571 4284 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:24:56.0603 4284 IpFilterDriver - ok
16:24:56.0649 4284 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:24:56.0665 4284 IPMIDRV - ok
16:24:56.0743 4284 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:24:56.0774 4284 IPNAT - ok
16:24:56.0805 4284 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:24:56.0821 4284 IRENUM - ok
16:24:56.0915 4284 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:24:56.0915 4284 isapnp - ok
16:24:56.0961 4284 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:24:56.0961 4284 iScsiPrt - ok
16:24:57.0039 4284 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
16:24:57.0055 4284 k57nd60a - ok
16:24:57.0102 4284 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:24:57.0117 4284 kbdclass - ok
16:24:57.0195 4284 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:24:57.0211 4284 kbdhid - ok
16:24:57.0258 4284 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
16:24:57.0273 4284 KSecDD - ok
16:24:57.0351 4284 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
16:24:57.0367 4284 KSecPkg - ok
16:24:57.0398 4284 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:24:57.0429 4284 ksthunk - ok
16:24:57.0523 4284 lirsgt (b658b7076b1acaa5876524595630f183) C:\Windows\system32\DRIVERS\lirsgt.sys
16:24:57.0523 4284 lirsgt ( UnsignedFile.Multi.Generic ) - warning
16:24:57.0523 4284 lirsgt - detected UnsignedFile.Multi.Generic (1)
16:24:57.0570 4284 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:24:57.0601 4284 lltdio - ok
16:24:57.0695 4284 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:24:57.0710 4284 LSI_FC - ok
16:24:57.0741 4284 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:24:57.0757 4284 LSI_SAS - ok
16:24:57.0835 4284 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:24:57.0851 4284 LSI_SAS2 - ok
16:24:57.0897 4284 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:24:57.0897 4284 LSI_SCSI - ok
16:24:57.0975 4284 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:24:58.0022 4284 luafv - ok
16:24:58.0053 4284 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:24:58.0053 4284 megasas - ok
16:24:58.0131 4284 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:24:58.0147 4284 MegaSR - ok
16:24:58.0194 4284 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:24:58.0225 4284 Modem - ok
16:24:58.0303 4284 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:24:58.0319 4284 monitor - ok
16:24:58.0365 4284 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:24:58.0365 4284 mouclass - ok
16:24:58.0443 4284 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:24:58.0443 4284 mouhid - ok
16:24:58.0490 4284 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:24:58.0490 4284 mountmgr - ok
16:24:58.0599 4284 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:24:58.0599 4284 mpio - ok
16:24:58.0646 4284 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:24:58.0677 4284 mpsdrv - ok
16:24:58.0771 4284 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:24:58.0787 4284 MRxDAV - ok
16:24:58.0896 4284 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:24:58.0911 4284 mrxsmb - ok
16:24:58.0958 4284 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:24:58.0974 4284 mrxsmb10 - ok
16:24:59.0083 4284 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:24:59.0099 4284 mrxsmb20 - ok
16:24:59.0130 4284 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:24:59.0145 4284 msahci - ok
16:24:59.0255 4284 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:24:59.0255 4284 msdsm - ok
16:24:59.0301 4284 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:24:59.0333 4284 Msfs - ok
16:24:59.0411 4284 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:24:59.0457 4284 mshidkmdf - ok
16:24:59.0489 4284 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:24:59.0504 4284 msisadrv - ok
16:24:59.0613 4284 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:24:59.0645 4284 MSKSSRV - ok
16:24:59.0723 4284 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:24:59.0754 4284 MSPCLOCK - ok
16:24:59.0832 4284 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:24:59.0863 4284 MSPQM - ok
16:24:59.0925 4284 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:24:59.0941 4284 MsRPC - ok
16:25:00.0035 4284 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:25:00.0035 4284 mssmbios - ok
16:25:00.0128 4284 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:25:00.0159 4284 MSTEE - ok
16:25:00.0191 4284 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:25:00.0206 4284 MTConfig - ok
16:25:00.0222 4284 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:25:00.0237 4284 Mup - ok
16:25:00.0300 4284 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:25:00.0331 4284 NativeWifiP - ok
16:25:00.0456 4284 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:25:00.0471 4284 NDIS - ok
16:25:00.0565 4284 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:25:00.0612 4284 NdisCap - ok
16:25:00.0659 4284 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:25:00.0690 4284 NdisTapi - ok
16:25:00.0752 4284 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:25:00.0783 4284 Ndisuio - ok
16:25:00.0846 4284 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:25:00.0877 4284 NdisWan - ok
16:25:00.0924 4284 NDNdisprot - ok
16:25:00.0986 4284 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:25:01.0017 4284 NDProxy - ok
16:25:01.0064 4284 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:25:01.0095 4284 NetBIOS - ok
16:25:01.0189 4284 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:25:01.0236 4284 NetBT - ok
16:25:01.0392 4284 NETw5s64 (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
16:25:01.0470 4284 NETw5s64 - ok
16:25:01.0563 4284 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:25:01.0579 4284 nfrd960 - ok
16:25:01.0595 4284 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:25:01.0641 4284 Npfs - ok
16:25:01.0735 4284 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:25:01.0766 4284 nsiproxy - ok
16:25:01.0844 4284 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
16:25:01.0875 4284 Ntfs - ok
16:25:01.0969 4284 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys
16:25:01.0969 4284 NTIDrvr - ok
16:25:02.0031 4284 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:25:02.0063 4284 Null - ok
16:25:02.0125 4284 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
16:25:02.0141 4284 nvraid - ok
16:25:02.0250 4284 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
16:25:02.0265 4284 nvstor - ok
16:25:02.0281 4284 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:25:02.0297 4284 nv_agp - ok
16:25:02.0406 4284 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:25:02.0421 4284 ohci1394 - ok
16:25:02.0453 4284 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:25:02.0468 4284 Parport - ok
16:25:02.0562 4284 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:25:02.0562 4284 partmgr - ok
16:25:02.0624 4284 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:25:02.0624 4284 pci - ok
16:25:02.0733 4284 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:25:02.0733 4284 pciide - ok
16:25:02.0780 4284 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:25:02.0796 4284 pcmcia - ok
16:25:02.0889 4284 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:25:02.0905 4284 pcw - ok
16:25:02.0921 4284 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:25:02.0967 4284 PEAUTH - ok
16:25:03.0092 4284 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:25:03.0123 4284 PptpMiniport - ok
16:25:03.0170 4284 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:25:03.0186 4284 Processor - ok
16:25:03.0279 4284 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:25:03.0311 4284 Psched - ok
16:25:03.0342 4284 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
16:25:03.0357 4284 PxHlpa64 - ok
16:25:03.0404 4284 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:25:03.0435 4284 ql2300 - ok
16:25:03.0513 4284 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:25:03.0529 4284 ql40xx - ok
16:25:03.0654 4284 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:25:03.0669 4284 QWAVEdrv - ok
16:25:03.0763 4284 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:25:03.0794 4284 RasAcd - ok
16:25:03.0888 4284 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:25:03.0935 4284 RasAgileVpn - ok
16:25:04.0013 4284 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:25:04.0044 4284 Rasl2tp - ok
16:25:04.0137 4284 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:25:04.0184 4284 RasPppoe - ok
16:25:04.0309 4284 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:25:04.0340 4284 RasSstp - ok
16:25:04.0465 4284 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:25:04.0512 4284 rdbss - ok
16:25:04.0543 4284 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:25:04.0559 4284 rdpbus - ok
16:25:04.0652 4284 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:25:04.0683 4284 RDPCDD - ok
16:25:04.0777 4284 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:25:04.0808 4284 RDPENCDD - ok
16:25:04.0902 4284 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:25:04.0933 4284 RDPREFMP - ok
16:25:05.0042 4284 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:25:05.0089 4284 RDPWD - ok
16:25:05.0151 4284 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:25:05.0151 4284 rdyboost - ok
16:25:05.0229 4284 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:25:05.0276 4284 rspndr - ok
16:25:05.0370 4284 RSUSBSTOR (db30aa4daa0d492fa5d7717d8181ffa1) C:\Windows\System32\Drivers\RtsUStor.sys
16:25:05.0385 4284 RSUSBSTOR - ok
16:25:05.0432 4284 RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys
16:25:05.0448 4284 RTHDMIAzAudService - ok
16:25:05.0526 4284 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:25:05.0541 4284 sbp2port - ok
16:25:05.0635 4284 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:25:05.0682 4284 scfilter - ok
16:25:05.0713 4284 SecDrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\SECDRV.SYS
16:25:05.0744 4284 SecDrv - ok
16:25:05.0775 4284 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:25:05.0775 4284 Serenum - ok
16:25:05.0869 4284 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:25:05.0885 4284 Serial - ok
16:25:05.0916 4284 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:25:05.0931 4284 sermouse - ok
16:25:06.0041 4284 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:25:06.0056 4284 sffdisk - ok
16:25:06.0072 4284 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:25:06.0087 4284 sffp_mmc - ok
16:25:06.0197 4284 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:25:06.0212 4284 sffp_sd - ok
16:25:06.0243 4284 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:25:06.0243 4284 sfloppy - ok
16:25:06.0353 4284 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:25:06.0353 4284 SiSRaid2 - ok
16:25:06.0384 4284 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:25:06.0384 4284 SiSRaid4 - ok
16:25:06.0477 4284 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:25:06.0524 4284 Smb - ok
16:25:06.0540 4284 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:25:06.0555 4284 spldr - ok
16:25:06.0665 4284 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:25:06.0680 4284 srv - ok
16:25:06.0789 4284 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:25:06.0805 4284 srv2 - ok
16:25:06.0852 4284 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:25:06.0852 4284 srvnet - ok
16:25:06.0914 4284 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:25:06.0930 4284 stexstor - ok
16:25:07.0008 4284 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:25:07.0008 4284 swenum - ok
16:25:07.0070 4284 SynTP (ecb9097c86db32bf3940590e0e1792c3) C:\Windows\system32\DRIVERS\SynTP.sys
16:25:07.0070 4284 SynTP - ok
16:25:07.0179 4284 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
16:25:07.0226 4284 Tcpip - ok
16:25:07.0351 4284 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
16:25:07.0382 4284 TCPIP6 - ok
16:25:07.0491 4284 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:25:07.0523 4284 tcpipreg - ok
16:25:07.0554 4284 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:25:07.0585 4284 TDPIPE - ok
16:25:07.0663 4284 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:25:07.0694 4284 TDTCP - ok
16:25:07.0741 4284 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:25:07.0788 4284 tdx - ok
16:25:07.0881 4284 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:25:07.0897 4284 TermDD - ok
16:25:08.0006 4284 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:25:08.0053 4284 tssecsrv - ok
16:25:08.0084 4284 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:25:08.0100 4284 TsUsbFlt - ok
16:25:08.0209 4284 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:25:08.0240 4284 tunnel - ok
16:25:08.0334 4284 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
16:25:08.0334 4284 TurboB - ok
16:25:08.0365 4284 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:25:08.0381 4284 uagp35 - ok
16:25:08.0474 4284 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys
16:25:08.0474 4284 UBHelper - ok
16:25:08.0521 4284 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:25:08.0568 4284 udfs - ok
16:25:08.0677 4284 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:25:08.0677 4284 uliagpkx - ok
16:25:08.0786 4284 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:25:08.0802 4284 umbus - ok
16:25:08.0817 4284 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:25:08.0833 4284 UmPass - ok
16:25:08.0942 4284 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
16:25:08.0958 4284 usbccgp - ok
16:25:09.0051 4284 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:25:09.0067 4284 usbcir - ok
16:25:09.0098 4284 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
16:25:09.0114 4284 usbehci - ok
16:25:09.0223 4284 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
16:25:09.0239 4284 usbhub - ok
16:25:09.0254 4284 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
16:25:09.0270 4284 usbohci - ok
16:25:09.0363 4284 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:25:09.0379 4284 usbprint - ok
16:25:09.0410 4284 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
16:25:09.0426 4284 usbscan - ok
16:25:09.0519 4284 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:25:09.0535 4284 USBSTOR - ok
16:25:09.0644 4284 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
16:25:09.0660 4284 usbuhci - ok
16:25:09.0691 4284 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:25:09.0707 4284 usbvideo - ok
16:25:09.0816 4284 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:25:09.0831 4284 vdrvroot - ok
16:25:09.0863 4284 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:25:09.0878 4284 vga - ok
16:25:09.0956 4284 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:25:10.0003 4284 VgaSave - ok
16:25:10.0050 4284 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:25:10.0065 4284 vhdmp - ok
16:25:10.0081 4284 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:25:10.0097 4284 viaide - ok
16:25:10.0206 4284 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:25:10.0206 4284 volmgr - ok
16:25:10.0253 4284 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:25:10.0268 4284 volmgrx - ok
16:25:10.0393 4284 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:25:10.0409 4284 volsnap - ok
16:25:10.0440 4284 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:25:10.0455 4284 vsmraid - ok
16:25:10.0533 4284 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:25:10.0549 4284 vwifibus - ok
16:25:10.0565 4284 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:25:10.0580 4284 vwififlt - ok
16:25:10.0611 4284 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:25:10.0627 4284 WacomPen - ok
16:25:10.0721 4284 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:25:10.0752 4284 WANARP - ok
16:25:10.0767 4284 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:25:10.0799 4284 Wanarpv6 - ok
16:25:10.0845 4284 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:25:10.0845 4284 Wd - ok
16:25:10.0955 4284 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:25:10.0970 4284 Wdf01000 - ok
16:25:11.0048 4284 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:25:11.0095 4284 WfpLwf - ok
16:25:11.0111 4284 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:25:11.0126 4284 WIMMount - ok
16:25:11.0189 4284 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:25:11.0189 4284 WmiAcpi - ok
16:25:11.0267 4284 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:25:11.0313 4284 ws2ifsl - ok
16:25:11.0376 4284 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:25:11.0407 4284 WudfPf - ok
16:25:11.0423 4284 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:25:11.0469 4284 WUDFRd - ok
16:25:11.0532 4284 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
16:25:11.0532 4284 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
16:25:11.0547 4284 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:25:11.0641 4284 \Device\Harddisk0\DR0 - ok
16:25:11.0641 4284 Boot (0x1200) (3409caf472bdffe7e10b57e26df5cc3f) \Device\Harddisk0\DR0\Partition0
16:25:11.0641 4284 \Device\Harddisk0\DR0\Partition0 - ok
16:25:11.0672 4284 Boot (0x1200) (78f50f31e80f610e1f2208157ef962c9) \Device\Harddisk0\DR0\Partition1
16:25:11.0672 4284 \Device\Harddisk0\DR0\Partition1 - ok
16:25:11.0672 4284 ============================================================
16:25:11.0672 4284 Scan finished
16:25:11.0672 4284 ============================================================
16:25:11.0688 4136 Detected object count: 2
16:25:11.0688 4136 Actual detected object count: 2
16:25:20.0564 4136 atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:20.0564 4136 atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:25:20.0580 4136 lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
16:25:20.0580 4136 lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 31.10.2011, 18:12

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Rap01 · 31.10.2011, 21:39

So, hab die ComboFix Log-Datei ma in den Anhang gepackt.

Vorab aber ma noch eine Frage. Das sollte ja jetz - falls ich des richtig verstehe - search qu gekillt haben?

Deshalb wollte ich bloß mal als Hinweis anmerken, dass mein eigentliches Hauptproblem (Auslastung der Internetverbindung, meist ca. 250 kb/s Download, und das dauerhaft - auch wenn jegliches Programm das dies verursachen könnte geschlossen ist) noch besteht.
[Wobei das ja theoretisch gesehen nich an search qu liegen muss/(kann?), ich jedoch nich weiß was ich dagegen tun soll]

cosinus · 31.10.2011, 22:25

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Rap01 · 31.10.2011, 23:13

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-31 22:53:09
-----------------------------
22:53:09.482 OS Version: Windows x64 6.1.7601 Service Pack 1
22:53:09.484 Number of processors: 4 586 0x2502
22:53:09.484 ComputerName: ABC-PC UserName: Martin
22:53:12.142 Initialize success
22:54:35.367 AVAST engine defs: 11103100
22:55:16.102 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:55:16.105 Disk 0 Vendor: Hitachi_ PB4O Size: 476940MB BusType: 3
22:55:16.122 Disk 0 MBR read successfully
22:55:16.125 Disk 0 MBR scan
22:55:16.150 Disk 0 Windows 7 default MBR code
22:55:16.152 Service scanning
22:55:21.305 Modules scanning
22:55:21.307 Disk 0 trace - called modules:
22:55:21.332 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:55:21.337 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057dd060]
22:55:21.340 3 CLASSPNP.SYS[fffff88001bb643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049f6050]
22:55:22.225 AVAST engine scan C:\Windows
22:55:27.825 AVAST engine scan C:\Windows\system32
22:57:34.865 AVAST engine scan C:\Windows\system32\drivers
22:57:46.420 AVAST engine scan C:\Users\Martin
23:05:54.995 AVAST engine scan C:\ProgramData
23:08:03.022 Scan finished successfully
23:12:16.326 Disk 0 MBR has been saved successfully to "C:\Users\Martin\Desktop\MBR.dat"
23:12:16.331 The log file has been saved successfully to "C:\Users\Martin\Desktop\aswMBR.txt"

Hab ich einen Virus? - Problembeschreibung

Plagegeister aller Art und deren Bekämpfung: Hab ich einen Virus? - Problembeschreibung