Trojan Banker

lena-laura · 22.05.2012, 19:52

Ja, ich werde bald zum Dauergast....habe mir bzw mein Laptop schon wieder etwas eingefangen...
hier nun das malware log

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.22.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
lena-laura :: PC [Administrator]

22.05.2012 16:06:19
mbam-log-2012-05-22 (16-06-19).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 368172
Laufzeit: 3 Stunde(n), 39 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\CLSID\{F99BD4F5-D402-4c21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F99BD4F5-D402-4C21-A8BC-510830B6BE37} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0

cosinus · 23.05.2012, 11:16

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

lena-laura · 23.05.2012, 19:57

hallo arne,

habe sie dir angehängt.

lieben gruß

lena-laura

cosinus · 23.05.2012, 20:40

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

lena-laura · 24.05.2012, 00:50

hilfeeeeee! das ganze system ist eben zusammengestürzt....irgendwas mit der hardware...frag mich aber nicht was....ich weiß es ja nicht.
bin dann über f7 und da stand noch nicht einmal abgesichterter modus ect...weiter unten dann eine erweiterung mit f8...bin da rauf und dann auf systemwiederherstellung.
nun sind meine kompletten dokumente weg ;-((((((((
und ich hab keine ahnung was hier grad passiert.
den scan konnte ich auch nicht mehr fortführen, da absturz.
was soll ich denn jetzt tun?
nochmal den scan starten?
und besteht die möglichkeit meine dokumente wiederherzustellen???????

p.s. sämtliche kalendereinträge sind ebenfalls verschwunden und das hatte ich vor 2 tagen schon einmal...

und alle bilder....oh mein gott.....

cosinus · 24.05.2012, 21:07

Zitat:

....irgendwas mit der hardware...frag mich aber nicht was....ich weiß es ja nicht.

Achso und ich soll das jetzt wissen weil ich auch auf deinen Monitor schauen konnte?

Zitat:

und besteht die möglichkeit meine dokumente wiederherzustellen???????

Du postest vage Infos und ich soll konkrete Aussagen machen?

Ich sachmal so, in den meisten Fällen kann man an die Daten wieder ran. Aber was ist wenn nicht?
Probier dein Glück => Notfall-Live-System: Datenrettung, Webzugang, etc. - Forum - CHIP Online

Zitat:

und alle bilder....oh mein gott.....

Naja, dann weißt du ja warum man jetzt in Zukunft immer regelmäßig backups macht und sich nicht erst dann drum kümmert wenn man ein Problem hat

lena-laura · 24.05.2012, 22:32

Nee kannst du natürlich nicht wissen, aber du hast definitiv mehr Ahnung als ich.
Also, als ich gestern den eset Scan durchführen wollte, brach der mittendrin ab, weil ich aufgefordert wurde Installation.exe zu installieren. Hab ich aber nicht gemacht, weil ich nichts installiere, wenn die Virenprogramme deaktiviert sind. Macht Sinn oder?
dann gingen bestimmt 20 Pop up Fenster auf, nachdem ich auf nein geklickt habe und Installation.exe ging auch nichtzu schließen...dann brach alles zusammen...und er fuhr runter...ich wieder hoch und dann war da irgendwie kaum noch was auf dem Desktop....dann stürzte das System wieder ab und dann kam das was ich dir bereits geschrieben habe.
Ich hab dann eine systemwiederherstellung gestartet..und trotzdem gingen sämtliche Dokumente verloren.
Nun lass ich denn Scan grad seit bestimmt 3 Std durchlaufen und bin grad bei 50 Prozent...mal sehen ob er diesmal durchläuft.
Sollte das klappen, dann kann ich weiter fortfahren wie von dir beschrieben und dann Versuch ich das mal mit dem link den du mir eben geschickt hast.
So!
Hoffe es ist jetzt etwas transparenter.
Du müsst wissen, dass ich wirklich so gut wie kaum eine Ahnung davon habe. Ich weiß nur, dass ich seit Monaten immer wieder mit Viren zu kämpfen habe und ich auch keine Ahnung habe warum wieso und weshalb. Verstehst?

Meinte install.exe

Ich nochmal ;-) also der Scan läuft jetzt seit fast 6 Std und von an der Prozentzahl ändert sich auch nichts...ist das normal, dass das soooooo lange dauert?

so jetzt aber nach gefühlten 100 stunden das log...

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fdd479e945f09e42a96266792f8712a5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-24 11:55:19
# local_time=2012-05-25 01:55:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 166557 166557 0 0
# compatibility_mode=5893 16776574 66 85 8982303 89506314 0 0
# compatibility_mode=8192 67108863 100 0 72462 72462 0 0
# scanned=139824
# found=8
# cleaned=0
# scan_time=28597
C:\lena-laura-PC\Backup Set 2010-02-23 142257\Backup Files 2010-02-28 204508\Backup files 1.zip	Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
C:\lena-laura-PC\Backup Set 2010-03-28 200615\Backup Files 2010-03-28 200615\Backup files 1.zip	Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
C:\Users\lena-laura\AppData\Local\temp\YiCSLt7OPLyYwZ.exe.tmp	a variant of Win32/Kryptik.AFZM trojan (unable to clean)	00000000000000000000000000000000	I
D:\pc\Backup Set 2012-04-08 214151\Backup Files 2012-04-08 214151\Backup files 1.zip	Win32/Toggle application (unable to clean)	00000000000000000000000000000000	I
D:\pc\Backup Set 2012-04-08 214151\Backup Files 2012-04-08 214151\Backup files 2.zip	a variant of Win32/SoftonicDownloader.D application (unable to clean)	00000000000000000000000000000000	I
D:\pc\Backup Set 2012-04-08 214151\Backup Files 2012-05-06 232737\Backup files 15.zip	a variant of Win32/Spy.Banker.XSL trojan (unable to clean)	00000000000000000000000000000000	I
D:\pc\Backup Set 2012-04-08 214151\Backup Files 2012-05-06 232737\Backup files 27.zip	Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
D:\pc\Backup Set 2012-04-08 214151\Backup Files 2012-05-06 232737\Backup files 30.zip	Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I

cosinus · 25.05.2012, 10:50

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

lena-laura · 25.05.2012, 15:00

so...hier das otl log.

Code:

ATTFilter

OTL logfile created on: 25.05.2012 15:04:09 - Run 7
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\lena-laura\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 51,21% Memory free
3,98 Gb Paging File | 2,96 Gb Available in Paging File | 74,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80,00 Gb Total Space | 44,77 Gb Free Space | 55,97% Space Free | Partition Type: NTFS
Drive D: | 59,03 Gb Total Space | 5,20 Gb Free Space | 8,81% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: lena-laura | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
PRC - C:\Program Files\FILSHtray\FILSHtray.exe (FILSH Media GmbH)
PRC - C:\Users\lena-laura\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (iprip) -- C:\Windows\System32\iprip.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBModem) -- system32\DRIVERS\lgusbmodem.sys File not found
DRV - (UsbDiag) -- system32\DRIVERS\lgusbdiag.sys File not found
DRV - (usbbus) -- system32\DRIVERS\lgusbbus.sys File not found
DRV - (LGVMODEM) -- system32\DRIVERS\lgvmodem.sys File not found
DRV - (lgbusenum) -- system32\DRIVERS\lgbtbus.sys File not found
DRV - (LgBttPort) -- system32\DRIVERS\lgbtport.sys File not found
DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found
DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found
DRV - (huawei_enumerator) -- system32\DRIVERS\ew_jubusenum.sys File not found
DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found
DRV - (ew_hwusbdev) -- system32\DRIVERS\ew_hwusbdev.sys File not found
DRV - (catchme) -- C:\Users\LENA-L~1\AppData\Local\Temp\catchme.sys File not found
DRV - (btwrchid) -- C:\windows\system32\DRIVERS\btwrchid.sys File not found
DRV - (btwl2cap) -- system32\DRIVERS\btwl2cap.sys File not found
DRV - (btwavdt) -- C:\windows\system32\DRIVERS\btwavdt.sys File not found
DRV - (btwaudio) -- system32\drivers\btwaudio.sys File not found
DRV - (ANDModem) -- system32\DRIVERS\lgandmodem.sys File not found
DRV - (AndGps) -- system32\DRIVERS\lgandgps.sys File not found
DRV - (AndDiag) -- system32\DRIVERS\lganddiag.sys File not found
DRV - (Andbus) -- system32\DRIVERS\lgandbus.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (USB28xxBGA) -- C:\Windows\System32\drivers\emBDA.sys (eMPIA Technology, Inc.)
DRV - (USB28xxOEM) -- C:\Windows\System32\drivers\emOEM.sys (eMPIA Technology, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6AE1C493-DB3D-410C-8219-6ACFC715776A}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?q={searchTerms}&sr=searchbar
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=15362
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 01 1B 1A FE F0 CC 01  [binary data]
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\..\SearchScopes\{14B776FE-D9AF-47B7-91DA-DBE53DD988A7}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MGX&o=15359&src=kw&q={searchTerms}&locale=&apn_ptnrs=JQ&apn_dtid=YYYYYYYYDE&apn_uid=883CCEB2-1BF6-44CD-9A25-52180C7E4A7D&apn_sauid=167E6059-24CA-4311-BEC8-5F909B5B5C72
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_de
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\lena-laura\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\lena-laura\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\lena-laura\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.06.17 20:24:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.18 17:22:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.11 02:31:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\lena-laura\AppData\Roaming\11012
 
[2011.05.12 19:36:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\lena-laura\AppData\Roaming\mozilla\Extensions
[2012.05.24 02:29:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lena-laura\AppData\Roaming\mozilla\Firefox\Profiles\ztgpl636.default\extensions
[2012.05.24 02:32:14 | 000,000,000 | ---D | M] (WOT) -- C:\Users\lena-laura\AppData\Roaming\mozilla\Firefox\Profiles\ztgpl636.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.05.24 02:32:14 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\lena-laura\AppData\Roaming\mozilla\Firefox\Profiles\ztgpl636.default\extensions\ffxtlbra@softonic.com
[2012.05.24 02:32:14 | 000,000,000 | ---D | M] (MAGIX Toolbar) -- C:\Users\lena-laura\AppData\Roaming\mozilla\Firefox\Profiles\ztgpl636.default\extensions\toolbar@ask.com
[2011.05.17 13:12:44 | 000,002,333 | -H-- | M] () -- C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\searchplugins\askcom.xml
[2012.04.14 00:26:33 | 000,002,112 | -H-- | M] () -- C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\searchplugins\wot-safe-search.xml
[2011.11.10 02:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.04.24 16:55:25 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\LENA-LAURA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZTGPL636.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\LENA-LAURA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZTGPL636.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.03.18 17:22:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.23 12:50:38 | 000,170,080 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.02.12 17:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.04.23 16:07:10 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.02.12 17:09:48 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo! Deutschland (Enabled)
CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://de-sayt.ff.search.yahoo.com/gossip-de-sayt?output=fxjson&command={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\lena-laura\AppData\Local\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\lena-laura\AppData\Local\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\lena-laura\AppData\Local\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\lena-laura\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\lena-laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\lena-laura\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\lena-laura\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: AT_Porsche = C:\Users\lena-laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3_1\
CHR - Extension: Skype Click to Call = C:\Users\lena-laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\lena-laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
 
O1 HOSTS File: ([2012.02.07 18:04:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (MAGIX Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (MAGIX Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [HotKeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - Startup: C:\Users\lena-laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 10.2.0)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10D8D06D-13E7-46A5-AEC4-38C5609E3260}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18A4EB30-28E1-4E04-8664-4351C9AD8B76}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) -  File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
 
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro36 - Reg Error: Value error.
SafeBootNet: hitmanpro36.sys - Reg Error: Value error.
SafeBootNet: HitmanPro36Crusader - Reg Error: Value error.
SafeBootNet: HitmanPro36CrusaderBoot - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.24 20:25:48 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Local\{336DC155-6B85-4C38-B551-88D3C6D14AC2}
[2012.05.24 20:25:35 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Local\{0C810983-28DC-4C83-ADD4-8319B9FADA66}
[2012.05.24 20:22:38 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Local\{78CF8D8D-C189-4419-8C64-95E84E346392}
[2012.05.24 20:22:24 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Local\{CA823855-852E-410F-90A9-078D6BA3A373}
[2012.05.24 01:11:20 | 000,000,000 | -H-D | C] -- C:\Users\lena-laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012.05.23 21:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.22 20:57:03 | 000,000,000 | -H-D | C] -- C:\Users\lena-laura\AppData\Local\{A8B57478-BBDD-4BEA-8B3F-F85B4504BB20}
[2012.05.22 20:56:46 | 000,000,000 | -H-D | C] -- C:\Users\lena-laura\AppData\Local\{93256030-C81E-4140-AF54-0F4DD77F22F3}
[2012.05.21 02:04:09 | 000,000,000 | -H-D | C] -- C:\Users\lena-laura\AppData\Local\Spotify
[2012.05.21 02:03:39 | 000,000,000 | -H-D | C] -- C:\Users\lena-laura\AppData\Roaming\Spotify
[2012.05.17 15:11:38 | 000,000,000 | -H-D | C] -- C:\Users\lena-laura\AppData\Local\{A97E52D0-D17D-43AC-AEE2-B9FC7E0F9B41}
[2012.05.17 15:11:24 | 000,000,000 | -H-D | C] -- C:\Users\lena-laura\AppData\Local\{26177FF5-8D7A-4573-A273-E3C19331B269}
[2012.05.13 11:40:01 | 000,000,000 | -H-D | C] -- C:\Users\lena-laura\AppData\Roaming\Avira
[2012.05.13 03:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.13 03:42:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\ssmdrv.sys
[2012.05.13 03:42:54 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012.05.13 03:42:54 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avgntflt.sys
[2012.05.13 03:42:54 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\windows\System32\drivers\avkmgr.sys
[2012.05.13 03:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.05.13 03:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.05.03 19:11:21 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\Documents\MAGIX
[2012.05.03 18:59:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FILSHtray
[2012.05.03 18:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\FILSHtray
[2012.05.03 18:45:15 | 000,000,000 | -H-D | C] -- C:\Users\lena-laura\Documents\MAGIX_MusicEditor
[2012.05.03 18:38:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX_Music_Maker_MX_Production_Suite_Download-Version
[2012.05.03 18:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.05.03 18:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2012.05.03 18:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.05.03 18:35:58 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.05.03 18:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2012.05.03 18:25:09 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\Documents\MAGIX Downloads
[2012.05.03 18:25:07 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Roaming\MAGIX
[2012.04.27 01:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\E-Cam
[1 C:\Users\lena-laura\AppData\Roaming\*.tmp files -> C:\Users\lena-laura\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.25 15:13:06 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.05.25 14:22:00 | 000,001,140 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3837843822-382491344-1778226907-1000UA.job
[2012.05.25 14:09:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.05.25 13:29:48 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.25 13:29:48 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.25 13:21:52 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012.05.24 01:11:23 | 000,000,168 | ---- | M] () -- C:\ProgramData\-9uGVGPZdMB9nVGr
[2012.05.24 01:11:23 | 000,000,000 | ---- | M] () -- C:\ProgramData\-9uGVGPZdMB9nVG
[2012.05.24 01:11:17 | 000,000,256 | ---- | M] () -- C:\ProgramData\9uGVGPZdMB9nVG
[2012.05.24 00:48:23 | 000,010,183 | -H-- | M] () -- C:\Users\lena-laura\Documents\wiso.pdf
[2012.05.23 20:31:43 | 000,642,260 | -H-- | M] () -- C:\Users\lena-laura\Documents\gg.pdf
[2012.05.21 22:50:02 | 000,015,863 | -H-- | M] () -- C:\Users\lena-laura\Documents\tarot 21.5.odt
[2012.05.21 04:03:45 | 000,014,034 | -H-- | M] () -- C:\Users\lena-laura\Documents\wunschgeschichten.odt
[2012.05.21 04:03:23 | 001,643,401 | -H-- | M] () -- C:\Users\lena-laura\Documents\vita rali.odt
[2012.05.21 02:39:18 | 000,903,058 | -H-- | M] () -- C:\Users\lena-laura\Documents\vita rali 4.pdf
[2012.05.21 01:52:05 | 000,018,525 | -H-- | M] () -- C:\Users\lena-laura\Documents\fontane.odt
[2012.05.21 01:51:53 | 000,022,208 | -H-- | M] () -- C:\Users\lena-laura\Documents\neuneu.odt
[2012.05.20 23:28:46 | 000,903,526 | -H-- | M] () -- C:\Users\lena-laura\Documents\vita rali 3.pdf
[2012.05.20 23:23:00 | 000,903,876 | -H-- | M] () -- C:\Users\lena-laura\Documents\vita rali neu 3.pdf
[2012.05.20 22:56:10 | 000,903,402 | -H-- | M] () -- C:\Users\lena-laura\Documents\vita rali.pdf
[2012.05.20 03:49:56 | 000,015,397 | -H-- | M] () -- C:\Users\lena-laura\Documents\06 12.odt
[2012.05.20 03:49:39 | 000,035,382 | -H-- | M] () -- C:\Users\lena-laura\Documents\06 12.pdf
[2012.05.20 03:22:00 | 000,001,088 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3837843822-382491344-1778226907-1000Core.job
[2012.05.15 17:41:17 | 000,037,555 | -H-- | M] () -- C:\Users\lena-laura\Documents\05 12.pdf
[2012.05.15 17:23:05 | 000,014,283 | -H-- | M] () -- C:\Users\lena-laura\Documents\aa fahrtkosten.odt
[2012.05.15 17:22:46 | 000,033,198 | -H-- | M] () -- C:\Users\lena-laura\Documents\AA Fahrtkosten.pdf
[2012.05.15 17:13:04 | 000,033,103 | -H-- | M] () -- C:\Users\lena-laura\Documents\AA Umzug.pdf
[2012.05.15 15:32:56 | 000,015,444 | -H-- | M] () -- C:\Users\lena-laura\Documents\03 2011.odt
[2012.05.15 15:32:47 | 000,036,646 | -H-- | M] () -- C:\Users\lena-laura\Documents\04 12.pdf
[2012.05.15 15:24:36 | 000,016,047 | -H-- | M] () -- C:\Users\lena-laura\Documents\03 12.odt
[2012.05.15 15:22:35 | 000,037,462 | -H-- | M] () -- C:\Users\lena-laura\Documents\03 12.pdf
[2012.05.14 16:19:54 | 000,016,764 | -H-- | M] () -- C:\Users\lena-laura\Documents\aldonza dt.odt
[2012.05.14 02:03:52 | 000,009,858 | -H-- | M] () -- C:\Users\lena-laura\Documents\wohnung.odt
[2012.05.13 03:43:10 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.13 03:40:54 | 000,511,800 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012.05.13 03:29:14 | 000,746,988 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.05.13 03:29:14 | 000,691,754 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.05.13 03:29:14 | 000,163,682 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.05.13 03:29:14 | 000,133,856 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.05.11 02:07:04 | 000,012,059 | -H-- | M] () -- C:\Users\lena-laura\Documents\setlist.odt
[2012.05.08 03:52:46 | 000,014,156 | -H-- | M] () -- C:\Users\lena-laura\Documents\diary may.odt
[2012.05.07 14:14:13 | 000,037,735 | -H-- | M] () -- C:\Users\lena-laura\Documents\02 12.pdf
[2012.05.04 03:00:32 | 000,028,025 | -H-- | M] () -- C:\Users\lena-laura\Documents\buch.odt
[2012.05.03 19:00:01 | 000,000,885 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FILSHtray.lnk
[2012.05.03 18:44:39 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Music Maker MX Production Suite Download-Version.lnk
[2012.05.03 03:56:28 | 000,012,166 | -H-- | M] () -- C:\Users\lena-laura\Documents\3.5.odt
[2012.05.01 00:49:21 | 000,018,212 | -H-- | M] () -- C:\Users\lena-laura\Documents\ksk.odt
[2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2012.04.27 01:10:53 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\E-Cam.lnk
[2012.04.26 02:37:32 | 000,013,776 | -H-- | M] () -- C:\Users\lena-laura\Documents\mv kudamm.odt
[2012.04.26 02:37:11 | 000,018,467 | -H-- | M] () -- C:\Users\lena-laura\Documents\affirmationne.odt
[1 C:\Users\lena-laura\AppData\Roaming\*.tmp files -> C:\Users\lena-laura\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.24 01:11:23 | 000,000,168 | ---- | C] () -- C:\ProgramData\-9uGVGPZdMB9nVGr
[2012.05.24 01:11:23 | 000,000,000 | ---- | C] () -- C:\ProgramData\-9uGVGPZdMB9nVG
[2012.05.24 01:11:14 | 000,000,256 | ---- | C] () -- C:\ProgramData\9uGVGPZdMB9nVG
[2012.05.24 00:48:23 | 000,010,183 | -H-- | C] () -- C:\Users\lena-laura\Documents\wiso.pdf
[2012.05.23 20:31:42 | 000,642,260 | -H-- | C] () -- C:\Users\lena-laura\Documents\gg.pdf
[2012.05.21 22:50:00 | 000,015,863 | -H-- | C] () -- C:\Users\lena-laura\Documents\tarot 21.5.odt
[2012.05.21 04:03:42 | 000,014,034 | -H-- | C] () -- C:\Users\lena-laura\Documents\wunschgeschichten.odt
[2012.05.21 02:39:18 | 000,903,058 | -H-- | C] () -- C:\Users\lena-laura\Documents\vita rali 4.pdf
[2012.05.21 01:52:03 | 000,018,525 | -H-- | C] () -- C:\Users\lena-laura\Documents\fontane.odt
[2012.05.20 23:28:36 | 000,903,526 | -H-- | C] () -- C:\Users\lena-laura\Documents\vita rali 3.pdf
[2012.05.20 23:22:51 | 000,903,876 | -H-- | C] () -- C:\Users\lena-laura\Documents\vita rali neu 3.pdf
[2012.05.20 20:01:22 | 000,903,402 | -H-- | C] () -- C:\Users\lena-laura\Documents\vita rali.pdf
[2012.05.20 03:49:54 | 000,015,397 | -H-- | C] () -- C:\Users\lena-laura\Documents\06 12.odt
[2012.05.20 03:49:36 | 000,035,382 | -H-- | C] () -- C:\Users\lena-laura\Documents\06 12.pdf
[2012.05.17 15:41:42 | 001,643,401 | -H-- | C] () -- C:\Users\lena-laura\Documents\vita rali.odt
[2012.05.15 17:41:14 | 000,037,555 | -H-- | C] () -- C:\Users\lena-laura\Documents\05 12.pdf
[2012.05.15 17:23:02 | 000,014,283 | -H-- | C] () -- C:\Users\lena-laura\Documents\aa fahrtkosten.odt
[2012.05.15 17:22:43 | 000,033,198 | -H-- | C] () -- C:\Users\lena-laura\Documents\AA Fahrtkosten.pdf
[2012.05.15 17:13:01 | 000,033,103 | -H-- | C] () -- C:\Users\lena-laura\Documents\AA Umzug.pdf
[2012.05.15 15:32:20 | 000,036,646 | -H-- | C] () -- C:\Users\lena-laura\Documents\04 12.pdf
[2012.05.15 15:24:33 | 000,016,047 | -H-- | C] () -- C:\Users\lena-laura\Documents\03 12.odt
[2012.05.15 15:22:31 | 000,037,462 | -H-- | C] () -- C:\Users\lena-laura\Documents\03 12.pdf
[2012.05.14 16:19:51 | 000,016,764 | -H-- | C] () -- C:\Users\lena-laura\Documents\aldonza dt.odt
[2012.05.14 02:03:47 | 000,009,858 | -H-- | C] () -- C:\Users\lena-laura\Documents\wohnung.odt
[2012.05.13 03:43:10 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.11 02:07:02 | 000,012,059 | -H-- | C] () -- C:\Users\lena-laura\Documents\setlist.odt
[2012.05.08 03:52:38 | 000,014,156 | -H-- | C] () -- C:\Users\lena-laura\Documents\diary may.odt
[2012.05.07 14:14:10 | 000,037,735 | -H-- | C] () -- C:\Users\lena-laura\Documents\02 12.pdf
[2012.05.03 19:00:01 | 000,000,885 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FILSHtray.lnk
[2012.05.03 18:44:39 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Music Maker MX Production Suite Download-Version.lnk
[2012.05.03 03:56:26 | 000,012,166 | -H-- | C] () -- C:\Users\lena-laura\Documents\3.5.odt
[2012.05.02 02:59:14 | 000,028,025 | -H-- | C] () -- C:\Users\lena-laura\Documents\buch.odt
[2012.05.01 00:49:18 | 000,018,212 | -H-- | C] () -- C:\Users\lena-laura\Documents\ksk.odt
[2012.04.27 01:10:53 | 000,001,735 | ---- | C] () -- C:\Users\Public\Desktop\E-Cam.lnk
[2012.04.26 02:37:29 | 000,013,776 | -H-- | C] () -- C:\Users\lena-laura\Documents\mv kudamm.odt
[2012.04.07 16:24:46 | 000,511,800 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2012.03.24 21:35:33 | 000,005,120 | ---- | C] () -- C:\Users\lena-laura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.07 17:40:22 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012.02.07 17:40:22 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012.02.07 17:40:22 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012.02.07 17:40:22 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012.02.07 17:40:22 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012.02.02 19:46:43 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI
[2012.02.02 19:46:43 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2011.10.20 14:30:59 | 000,000,000 | -H-- | C] () -- C:\Users\lena-laura\AppData\Roaming\wklnhst.dat
[2011.03.20 12:12:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.05 01:59:32 | 000,005,632 | ---- | C] () -- C:\windows\System32\StarOpen.sys
 
========== LOP Check ==========
 
[2009.10.16 15:37:05 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\T-Mobile
[2009.10.16 15:37:05 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\T-Mobile
[2009.10.16 15:37:05 | 000,000,000 | ---D | M] -- C:\Users\DefaultAppPool\AppData\Roaming\T-Mobile
[2011.01.16 22:38:40 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\Alawar Entertainment
[2012.02.29 02:24:11 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\Avid
[2010.03.16 21:14:32 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\ICQ
[2012.05.24 02:32:12 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\MAGIX
[2012.05.24 02:29:50 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\MakeMusic
[2010.03.28 19:55:02 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\No23
[2012.05.24 02:29:58 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\OpenOffice.org
[2012.05.24 02:29:59 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Opera
[2012.05.24 02:32:14 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\PhotoScape
[2012.05.22 16:27:06 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\Spotify
[2012.05.24 02:32:14 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\T-Mobile
[2012.05.24 02:32:14 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\T-Mobile Internet Manager
[2011.10.20 14:31:06 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\Template
[2012.04.13 19:03:21 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\TestApp
[2010.10.19 23:12:10 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\TitanicMystery
[2012.05.24 02:29:59 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\TuneUp Software
[2010.09.04 14:34:17 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\V-Games
[2011.11.08 02:31:27 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\Windows Live Writer
[2012.04.20 05:50:05 | 000,000,000 | ---D | M] -- C:\Users\lena_laura\AppData\Roaming\Opera
[2009.10.16 15:37:05 | 000,000,000 | ---D | M] -- C:\Users\lena_laura\AppData\Roaming\T-Mobile
[2012.04.10 11:57:36 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.05.24 02:29:49 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Adobe
[2010.02.28 13:59:10 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\Ahead
[2011.01.16 22:38:40 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\Alawar Entertainment
[2012.03.01 15:59:28 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\Apple Computer
[2012.02.29 02:24:11 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\Avid
[2012.05.13 11:40:01 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\Avira
[2012.04.03 20:10:31 | 000,000,000 | RH-D | M] -- C:\Users\lena-laura\AppData\Roaming\Brother
[2012.05.05 00:04:46 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\DivX
[2012.05.24 02:32:12 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\dvdcss
[2010.02.24 10:04:30 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\Google
[2012.04.15 05:43:49 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\HpUpdate
[2010.03.16 21:14:32 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\ICQ
[2009.07.14 06:54:12 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\Identities
[2009.10.16 12:43:29 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\InstallShield
[2009.10.16 12:49:24 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\Macromedia
[2012.05.24 02:32:12 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\MAGIX
[2012.05.24 02:29:50 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\MakeMusic
[2012.05.24 02:29:50 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Malwarebytes
[2012.05.24 02:32:13 | 000,000,000 | --SD | M] -- C:\Users\lena-laura\AppData\Roaming\Microsoft
[2012.05.24 02:29:56 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Mozilla
[2010.03.28 19:55:02 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\No23
[2012.05.24 02:29:58 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\OpenOffice.org
[2012.05.24 02:29:59 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Opera
[2012.05.24 02:32:14 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\PhotoScape
[2012.05.25 13:37:36 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Skype
[2011.11.13 04:40:35 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\skypePM
[2012.05.22 16:27:06 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\Spotify
[2012.02.10 02:30:54 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\SUPERAntiSpyware.com
[2012.05.24 02:32:14 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\T-Mobile
[2012.05.24 02:32:14 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\T-Mobile Internet Manager
[2011.10.20 14:31:06 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\Template
[2012.04.13 19:03:21 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\TestApp
[2010.10.19 23:12:10 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\TitanicMystery
[2012.05.24 02:29:59 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\TuneUp Software
[2012.05.24 02:32:14 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\U3
[2010.09.04 14:34:17 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\V-Games
[2012.05.24 02:32:14 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\vlc
[2011.11.08 02:31:27 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\Windows Live Writer
[2011.09.21 21:25:44 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\WinRAR
[2010.12.26 21:21:32 | 000,000,000 | -H-D | M] -- C:\Users\lena-laura\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2009.06.30 11:52:18 | 000,983,040 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\lena-laura\AppData\Roaming\T-Mobile Internet Manager\LiveUpdate.exe
[2009.06.23 16:43:40 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\lena-laura\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\lena-laura\AppData\Roaming\U3\1100520A2890C80C\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Users\lena-laura\AppData\Roaming\U3\1100520A2890C80C\Launchpad Removal.exe
[2008.05.04 16:02:26 | 004,603,904 | ---- | M] () -- C:\Users\lena-laura\AppData\Roaming\U3\1100520A2890C80C\LaunchPad.exe
[2007.10.23 09:44:48 | 000,054,584 | ---- | M] () -- C:\Users\lena-laura\AppData\Roaming\U3\1100520A2890C80C\U3AccessGrant.exe
[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\lena-laura\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\ERDNT\cache\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Files - Unicode (All) ==========
[2012.03.09 17:28:17 | 000,030,044 | -H-- | M] ()(C:\Users\lena-laura\Documents\Capital+M+Artists_K+Ã?+N+S+T+L+E+R+P+R+O+F+I+L_Formular_Aktâ?¦.pdf) -- C:\Users\lena-laura\Documents\Capital+M+Artists_K+Ãœ+N+S+T+L+E+R+P+R+O+F+I+L_Formular_Aktâ€¦.pdf
[2012.03.09 17:28:17 | 000,030,044 | -H-- | C] ()(C:\Users\lena-laura\Documents\Capital+M+Artists_K+Ã?+N+S+T+L+E+R+P+R+O+F+I+L_Formular_Aktâ?¦.pdf) -- C:\Users\lena-laura\Documents\Capital+M+Artists_K+Ãœ+N+S+T+L+E+R+P+R+O+F+I+L_Formular_Aktâ€¦.pdf

< End of report >

cosinus · 25.05.2012, 15:15

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com/?l=dis&o=15362
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 87 01 1B 1A FE F0 CC 01  [binary data]
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=10588
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\..\SearchScopes\{14B776FE-D9AF-47B7-91DA-DBE53DD988A7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MGX&o=15359&src=kw&q={searchTerms}&locale=&apn_ptnrs=JQ&apn_dtid=YYYYYYYYDE&apn_uid=883CCEB2-1BF6-44CD-9A25-52180C7E4A7D&apn_sauid=167E6059-24CA-4311-BEC8-5F909B5B5C72
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_de
[2012.05.24 02:32:14 | 000,000,000 | ---D | M] (Softonic Toolbar) -- C:\Users\lena-laura\AppData\Roaming\mozilla\Firefox\Profiles\ztgpl636.default\extensions\ffxtlbra@softonic.com
[2012.05.24 02:32:14 | 000,000,000 | ---D | M] (MAGIX Toolbar) -- C:\Users\lena-laura\AppData\Roaming\mozilla\Firefox\Profiles\ztgpl636.default\extensions\toolbar@ask.com
[2011.05.17 13:12:44 | 000,002,333 | -H-- | M] () -- C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\searchplugins\askcom.xml
[2011.04.23 16:07:10 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
O2 - BHO: (MAGIX Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (MAGIX Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
[2012.05.24 20:25:48 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Local\{336DC155-6B85-4C38-B551-88D3C6D14AC2}
[2012.05.24 20:25:35 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Local\{0C810983-28DC-4C83-ADD4-8319B9FADA66}
[2012.05.24 20:22:38 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Local\{78CF8D8D-C189-4419-8C64-95E84E346392}
[2012.05.24 20:22:24 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Local\{CA823855-852E-410F-90A9-078D6BA3A373}
[2012.05.24 01:11:20 | 000,000,000 | -H-D | C] -- C:\Users\lena-laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012.05.24 01:11:23 | 000,000,168 | ---- | M] () -- C:\ProgramData\-9uGVGPZdMB9nVGr
[2012.05.24 01:11:23 | 000,000,000 | ---- | M] () -- C:\ProgramData\-9uGVGPZdMB9nVG
[2012.05.24 01:11:17 | 000,000,256 | ---- | M] () -- C:\ProgramData\9uGVGPZdMB9nVG
:Files
C:\Program Files\Ask.com
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

lena-laura · 25.05.2012, 15:31

gemacht!

Code:

ATTFilter

All processes killed
========== OTL ==========
HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3837843822-382491344-1778226907-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
HKEY_USERS\S-1-5-21-3837843822-382491344-1778226907-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3837843822-382491344-1778226907-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3837843822-382491344-1778226907-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3837843822-382491344-1778226907-1000\Software\Microsoft\Internet Explorer\SearchScopes\{14B776FE-D9AF-47B7-91DA-DBE53DD988A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14B776FE-D9AF-47B7-91DA-DBE53DD988A7}\ not found.
Registry key HKEY_USERS\S-1-5-21-3837843822-382491344-1778226907-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-3837843822-382491344-1778226907-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
C:\Users\lena-laura\AppData\Roaming\mozilla\Firefox\Profiles\ztgpl636.default\extensions\ffxtlbra@softonic.com\defaults\preferences folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\mozilla\Firefox\Profiles\ztgpl636.default\extensions\ffxtlbra@softonic.com\defaults folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\mozilla\Firefox\Profiles\ztgpl636.default\extensions\ffxtlbra@softonic.com\content\imgs\flgs folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\mozilla\Firefox\Profiles\ztgpl636.default\extensions\ffxtlbra@softonic.com\content\imgs folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\mozilla\Firefox\Profiles\ztgpl636.default\extensions\ffxtlbra@softonic.com\content folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\mozilla\Firefox\Profiles\ztgpl636.default\extensions\ffxtlbra@softonic.com folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\mozilla\Firefox\Profiles\ztgpl636.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\mozilla\Firefox\Profiles\ztgpl636.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\mozilla\Firefox\Profiles\ztgpl636.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\mozilla\Firefox\Profiles\ztgpl636.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\mozilla\Firefox\Profiles\ztgpl636.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\mozilla\Firefox\Profiles\ztgpl636.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\mozilla\Firefox\Profiles\ztgpl636.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\searchplugins\askcom.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-3837843822-382491344-1778226907-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
C:\Users\lena-laura\AppData\Local\{336DC155-6B85-4C38-B551-88D3C6D14AC2} folder moved successfully.
C:\Users\lena-laura\AppData\Local\{0C810983-28DC-4C83-ADD4-8319B9FADA66} folder moved successfully.
C:\Users\lena-laura\AppData\Local\{78CF8D8D-C189-4419-8C64-95E84E346392} folder moved successfully.
C:\Users\lena-laura\AppData\Local\{CA823855-852E-410F-90A9-078D6BA3A373} folder moved successfully.
C:\Users\lena-laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery folder moved successfully.
C:\ProgramData\-9uGVGPZdMB9nVGr moved successfully.
C:\ProgramData\-9uGVGPZdMB9nVG moved successfully.
C:\ProgramData\9uGVGPZdMB9nVG moved successfully.
========== FILES ==========
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: lena-laura
->Temp folder emptied: 241408769 bytes
->Temporary Internet Files folder emptied: 367809881 bytes
->Java cache emptied: 32793 bytes
->FireFox cache emptied: 135999596 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 20979634 bytes
->Flash cache emptied: 21172 bytes
 
User: lena_laura
->Temp folder emptied: 1791 bytes
->Temporary Internet Files folder emptied: 64407 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 17722184 bytes
->Flash cache emptied: 739 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 81690012 bytes
RecycleBin emptied: 761120 bytes
 
Total Files Cleaned = 826,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: DefaultAppPool
->Flash cache emptied: 0 bytes
 
User: lena-laura
->Flash cache emptied: 0 bytes
 
User: lena_laura
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.43.1 log created on 05252012_162315

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

ich nochmal...hitman pro macht immer beim hochfahren einen quick scan...und jetzt hat der folgendes angezeigt (kann es nicht kopieren)

C:/windows/system32/drivers/ect/
Hosts file is compromised. Hosts files contain Byte order mark (BOM)obfuscation.

was heisst das?

cosinus · 25.05.2012, 15:38

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

lena-laura · 25.05.2012, 15:48

Code:

ATTFilter

16:40:32.0542 4632	TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
16:40:33.0025 4632	============================================================
16:40:33.0025 4632	Current date / time: 2012/05/25 16:40:33.0025
16:40:33.0025 4632	SystemInfo:
16:40:33.0025 4632	
16:40:33.0025 4632	OS Version: 6.1.7601 ServicePack: 1.0
16:40:33.0025 4632	Product type: Workstation
16:40:33.0025 4632	ComputerName: PC
16:40:33.0025 4632	UserName: lena-laura
16:40:33.0025 4632	Windows directory: C:\windows
16:40:33.0025 4632	System windows directory: C:\windows
16:40:33.0025 4632	Processor architecture: Intel x86
16:40:33.0025 4632	Number of processors: 2
16:40:33.0025 4632	Page size: 0x1000
16:40:33.0025 4632	Boot type: Normal boot
16:40:33.0025 4632	============================================================
16:40:34.0695 4632	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:40:34.0710 4632	============================================================
16:40:34.0710 4632	\Device\Harddisk0\DR0:
16:40:34.0710 4632	MBR partitions:
16:40:34.0710 4632	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA000000
16:40:34.0710 4632	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA000800, BlocksNum 0x7610800
16:40:34.0710 4632	============================================================
16:40:34.0741 4632	C: <-> \Device\Harddisk0\DR0\Partition0
16:40:34.0788 4632	D: <-> \Device\Harddisk0\DR0\Partition1
16:40:34.0788 4632	============================================================
16:40:34.0788 4632	Initialize success
16:40:34.0788 4632	============================================================
16:42:42.0144 5120	============================================================
16:42:42.0144 5120	Scan started
16:42:42.0144 5120	Mode: Manual; SigCheck; TDLFS; 
16:42:42.0144 5120	============================================================
16:42:43.0502 5120	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
16:42:43.0861 5120	1394ohci - ok
16:42:43.0954 5120	ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
16:42:44.0063 5120	ACPI - ok
16:42:44.0110 5120	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
16:42:44.0235 5120	AcpiPmi - ok
16:42:44.0360 5120	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:42:44.0438 5120	AdobeFlashPlayerUpdateSvc - ok
16:42:44.0531 5120	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
16:42:44.0641 5120	adp94xx - ok
16:42:44.0703 5120	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
16:42:44.0797 5120	adpahci - ok
16:42:44.0843 5120	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
16:42:44.0906 5120	adpu320 - ok
16:42:44.0968 5120	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
16:42:45.0062 5120	AeLookupSvc - ok
16:42:45.0140 5120	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
16:42:45.0249 5120	AFD - ok
16:42:45.0311 5120	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
16:42:45.0389 5120	agp440 - ok
16:42:45.0467 5120	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
16:42:45.0545 5120	aic78xx - ok
16:42:45.0608 5120	ALG             (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
16:42:45.0717 5120	ALG - ok
16:42:45.0779 5120	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
16:42:45.0842 5120	aliide - ok
16:42:45.0873 5120	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
16:42:45.0951 5120	amdagp - ok
16:42:45.0982 5120	amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
16:42:46.0060 5120	amdide - ok
16:42:46.0107 5120	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
16:42:46.0201 5120	AmdK8 - ok
16:42:46.0247 5120	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
16:42:46.0357 5120	AmdPPM - ok
16:42:46.0435 5120	amdsata         (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
16:42:46.0513 5120	amdsata - ok
16:42:46.0575 5120	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
16:42:46.0653 5120	amdsbs - ok
16:42:46.0669 5120	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
16:42:46.0747 5120	amdxata - ok
16:42:46.0762 5120	Andbus - ok
16:42:46.0793 5120	AndDiag - ok
16:42:46.0825 5120	AndGps - ok
16:42:46.0871 5120	ANDModem - ok
16:42:47.0137 5120	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:42:47.0215 5120	AntiVirSchedulerService - ok
16:42:47.0261 5120	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:42:47.0324 5120	AntiVirService - ok
16:42:47.0449 5120	AppHostSvc      (d1af38fbac0dc7e6d796b0ed01707ee0) C:\windows\system32\inetsrv\apphostsvc.dll
16:42:47.0573 5120	AppHostSvc - ok
16:42:47.0620 5120	AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
16:42:47.0870 5120	AppID - ok
16:42:47.0901 5120	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
16:42:48.0041 5120	AppIDSvc - ok
16:42:48.0088 5120	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
16:42:48.0213 5120	Appinfo - ok
16:42:48.0385 5120	Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:42:48.0431 5120	Apple Mobile Device - ok
16:42:48.0509 5120	arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
16:42:48.0587 5120	arc - ok
16:42:48.0619 5120	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
16:42:48.0697 5120	arcsas - ok
16:42:48.0915 5120	aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:42:48.0993 5120	aspnet_state - ok
16:42:49.0071 5120	AsusService     (c4fb2613d3c75364bb159b9c23a00e7a) C:\Windows\System32\AsusService.exe
16:42:49.0118 5120	AsusService ( UnsignedFile.Multi.Generic ) - warning
16:42:49.0118 5120	AsusService - detected UnsignedFile.Multi.Generic (1)
16:42:49.0149 5120	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
16:42:49.0289 5120	AsyncMac - ok
16:42:49.0336 5120	atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
16:42:49.0399 5120	atapi - ok
16:42:49.0555 5120	athr            (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
16:42:49.0695 5120	athr - ok
16:42:49.0789 5120	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
16:42:49.0976 5120	AudioEndpointBuilder - ok
16:42:50.0007 5120	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
16:42:50.0179 5120	Audiosrv - ok
16:42:50.0319 5120	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\windows\system32\DRIVERS\avgntflt.sys
16:42:50.0444 5120	avgntflt - ok
16:42:50.0537 5120	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\windows\system32\DRIVERS\avipbb.sys
16:42:50.0600 5120	avipbb - ok
16:42:50.0647 5120	avkmgr          (53e56450da16a1a7f0d002f511113f67) C:\windows\system32\DRIVERS\avkmgr.sys
16:42:50.0709 5120	avkmgr - ok
16:42:50.0771 5120	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
16:42:50.0912 5120	AxInstSV - ok
16:42:51.0005 5120	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
16:42:51.0130 5120	b06bdrv - ok
16:42:51.0193 5120	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
16:42:51.0286 5120	b57nd60x - ok
16:42:51.0442 5120	BBSvc           (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
16:42:51.0536 5120	BBSvc - ok
16:42:51.0598 5120	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
16:42:51.0723 5120	BDESVC - ok
16:42:51.0754 5120	Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
16:42:51.0926 5120	Beep - ok
16:42:52.0082 5120	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
16:42:52.0253 5120	BFE - ok
16:42:52.0363 5120	BITS            (e585445d5021971fae10393f0f1c3961) C:\windows\system32\qmgr.dll
16:42:52.0534 5120	BITS - ok
16:42:52.0597 5120	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
16:42:52.0675 5120	blbdrive - ok
16:42:52.0846 5120	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
16:42:52.0940 5120	Bonjour Service - ok
16:42:53.0002 5120	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
16:42:53.0111 5120	bowser - ok
16:42:53.0158 5120	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
16:42:53.0283 5120	BrFiltLo - ok
16:42:53.0314 5120	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
16:42:53.0423 5120	BrFiltUp - ok
16:42:53.0517 5120	BridgeMP        (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
16:42:53.0704 5120	BridgeMP - ok
16:42:53.0845 5120	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
16:42:54.0016 5120	Browser - ok
16:42:54.0141 5120	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
16:42:54.0266 5120	Brserid - ok
16:42:54.0313 5120	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
16:42:54.0406 5120	BrSerWdm - ok
16:42:54.0437 5120	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
16:42:54.0547 5120	BrUsbMdm - ok
16:42:54.0593 5120	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
16:42:54.0687 5120	BrUsbSer - ok
16:42:54.0749 5120	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
16:42:54.0874 5120	BthEnum - ok
16:42:54.0937 5120	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
16:42:55.0030 5120	BTHMODEM - ok
16:42:55.0077 5120	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
16:42:55.0186 5120	BthPan - ok
16:42:55.0264 5120	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
16:42:55.0389 5120	BTHPORT - ok
16:42:55.0483 5120	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
16:42:55.0670 5120	bthserv - ok
16:42:55.0685 5120	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
16:42:55.0763 5120	BTHUSB - ok
16:42:55.0779 5120	btwaudio - ok
16:42:55.0810 5120	btwavdt - ok
16:42:55.0841 5120	btwl2cap - ok
16:42:55.0857 5120	btwrchid - ok
16:42:56.0013 5120	catchme - ok
16:42:56.0075 5120	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
16:42:56.0247 5120	cdfs - ok
16:42:56.0325 5120	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
16:42:56.0419 5120	cdrom - ok
16:42:56.0481 5120	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
16:42:56.0637 5120	CertPropSvc - ok
16:42:56.0684 5120	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
16:42:56.0762 5120	circlass - ok
16:42:56.0809 5120	CISVC           (3e2afafa158c9ed670c106842bdcc81e) C:\windows\system32\CISVC.EXE
16:42:56.0918 5120	CISVC - ok
16:42:56.0980 5120	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
16:42:57.0058 5120	CLFS - ok
16:42:57.0152 5120	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:42:57.0230 5120	clr_optimization_v2.0.50727_32 - ok
16:42:57.0355 5120	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:42:57.0448 5120	clr_optimization_v4.0.30319_32 - ok
16:42:57.0479 5120	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
16:42:57.0557 5120	CmBatt - ok
16:42:57.0604 5120	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
16:42:57.0682 5120	cmdide - ok
16:42:57.0760 5120	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
16:42:57.0885 5120	CNG - ok
16:42:57.0932 5120	Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
16:42:57.0994 5120	Compbatt - ok
16:42:58.0057 5120	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
16:42:58.0150 5120	CompositeBus - ok
16:42:58.0181 5120	COMSysApp - ok
16:42:58.0275 5120	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
16:42:58.0353 5120	crcdisk - ok
16:42:58.0431 5120	CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll
16:42:58.0618 5120	CryptSvc - ok
16:42:58.0727 5120	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
16:42:58.0930 5120	DcomLaunch - ok
16:42:58.0993 5120	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
16:42:59.0180 5120	defragsvc - ok
16:42:59.0242 5120	DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
16:42:59.0398 5120	DfsC - ok
16:42:59.0570 5120	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
16:42:59.0757 5120	Dhcp - ok
16:42:59.0788 5120	discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
16:42:59.0975 5120	discache - ok
16:43:00.0022 5120	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
16:43:00.0100 5120	Disk - ok
16:43:00.0147 5120	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
16:43:00.0256 5120	Dnscache - ok
16:43:00.0319 5120	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
16:43:00.0506 5120	dot3svc - ok
16:43:00.0615 5120	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
16:43:00.0802 5120	DPS - ok
16:43:00.0927 5120	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
16:43:01.0021 5120	drmkaud - ok
16:43:01.0130 5120	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
16:43:01.0255 5120	DXGKrnl - ok
16:43:01.0317 5120	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
16:43:01.0504 5120	EapHost - ok
16:43:02.0019 5120	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
16:43:02.0347 5120	ebdrv - ok
16:43:02.0534 5120	EFS             (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
16:43:02.0643 5120	EFS - ok
16:43:02.0768 5120	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
16:43:02.0877 5120	elxstor - ok
16:43:02.0924 5120	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
16:43:03.0017 5120	ErrDev - ok
16:43:03.0127 5120	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
16:43:03.0314 5120	EventSystem - ok
16:43:03.0407 5120	ewusbnet - ok
16:43:03.0439 5120	ew_hwusbdev - ok
16:43:03.0517 5120	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
16:43:03.0688 5120	exfat - ok
16:43:03.0797 5120	Fabs - ok
16:43:03.0860 5120	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
16:43:04.0031 5120	fastfat - ok
16:43:04.0141 5120	Fax             (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
16:43:04.0281 5120	Fax - ok
16:43:04.0328 5120	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
16:43:04.0406 5120	fdc - ok
16:43:04.0453 5120	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
16:43:04.0624 5120	fdPHost - ok
16:43:04.0702 5120	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
16:43:04.0874 5120	FDResPub - ok
16:43:04.0921 5120	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
16:43:04.0983 5120	FileInfo - ok
16:43:05.0014 5120	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
16:43:05.0201 5120	Filetrace - ok
16:43:05.0654 5120	FirebirdServerMAGIXInstance (5bd96d8c5411ace71a7eaacaf0ef2903) C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
16:43:05.0919 5120	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
16:43:05.0919 5120	FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
16:43:06.0106 5120	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
16:43:06.0200 5120	flpydisk - ok
16:43:06.0262 5120	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
16:43:06.0340 5120	FltMgr - ok
16:43:06.0481 5120	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
16:43:06.0621 5120	FontCache - ok
16:43:06.0730 5120	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:43:06.0793 5120	FontCache3.0.0.0 - ok
16:43:06.0839 5120	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
16:43:06.0917 5120	FsDepends - ok
16:43:06.0964 5120	fssfltr         (bfaaa92861526bb0adcd01e964ab6609) C:\windows\system32\DRIVERS\fssfltr.sys
16:43:07.0027 5120	fssfltr - ok
16:43:07.0307 5120	fsssvc          (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:43:07.0479 5120	fsssvc - ok
16:43:07.0666 5120	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
16:43:07.0744 5120	Fs_Rec - ok
16:43:07.0822 5120	fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
16:43:07.0916 5120	fvevol - ok
16:43:07.0978 5120	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
16:43:08.0041 5120	gagp30kx - ok
16:43:08.0119 5120	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:43:08.0165 5120	GEARAspiWDM - ok
16:43:08.0290 5120	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
16:43:08.0493 5120	gpsvc - ok
16:43:08.0618 5120	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
16:43:08.0711 5120	hcw85cir - ok
16:43:08.0805 5120	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
16:43:08.0930 5120	HdAudAddService - ok
16:43:08.0992 5120	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
16:43:09.0086 5120	HDAudBus - ok
16:43:09.0133 5120	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
16:43:09.0226 5120	HidBatt - ok
16:43:09.0273 5120	HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
16:43:09.0367 5120	HidBth - ok
16:43:09.0398 5120	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
16:43:09.0507 5120	HidIr - ok
16:43:09.0554 5120	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
16:43:09.0741 5120	hidserv - ok
16:43:09.0835 5120	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
16:43:09.0913 5120	HidUsb - ok
16:43:10.0037 5120	HitmanProScheduler (6ae9f23151a8f4835c6197dea77a63fb) C:\Program Files\HitmanPro\hmpsched.exe
16:43:10.0084 5120	HitmanProScheduler - ok
16:43:10.0147 5120	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
16:43:10.0318 5120	hkmsvc - ok
16:43:10.0412 5120	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
16:43:10.0521 5120	HomeGroupListener - ok
16:43:10.0599 5120	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
16:43:10.0708 5120	HomeGroupProvider - ok
16:43:10.0771 5120	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
16:43:10.0849 5120	HpSAMD - ok
16:43:10.0958 5120	HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
16:43:11.0145 5120	HTTP - ok
16:43:11.0207 5120	huawei_enumerator - ok
16:43:11.0285 5120	hwdatacard - ok
16:43:11.0332 5120	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
16:43:11.0410 5120	hwpolicy - ok
16:43:11.0441 5120	hwusbdev - ok
16:43:11.0535 5120	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
16:43:11.0660 5120	i8042prt - ok
16:43:11.0769 5120	iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
16:43:11.0847 5120	iaStor - ok
16:43:11.0941 5120	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
16:43:12.0034 5120	iaStorV - ok
16:43:12.0206 5120	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:43:12.0346 5120	idsvc - ok
16:43:12.0892 5120	igfx            (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys
16:43:13.0267 5120	igfx - ok
16:43:13.0485 5120	iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
16:43:13.0563 5120	iirsp - ok
16:43:13.0703 5120	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
16:43:13.0891 5120	IKEEXT - ok
16:43:14.0374 5120	IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
16:43:14.0671 5120	IntcAzAudAddService - ok
16:43:14.0873 5120	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
16:43:14.0936 5120	intelide - ok
16:43:15.0014 5120	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
16:43:15.0092 5120	intelppm - ok
16:43:15.0154 5120	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
16:43:15.0326 5120	IPBusEnum - ok
16:43:15.0388 5120	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
16:43:15.0560 5120	IpFilterDriver - ok
16:43:15.0653 5120	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
16:43:15.0856 5120	iphlpsvc - ok
16:43:15.0903 5120	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
16:43:15.0981 5120	IPMIDRV - ok
16:43:16.0012 5120	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
16:43:16.0199 5120	IPNAT - ok
16:43:16.0465 5120	iPod Service    (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
16:43:16.0605 5120	iPod Service - ok
16:43:16.0730 5120	iprip           (72dd56197db4af4de203efe0d9e5901e) C:\windows\System32\iprip.dll
16:43:16.0839 5120	iprip - ok
16:43:16.0901 5120	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
16:43:17.0026 5120	IRENUM - ok
16:43:17.0089 5120	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
16:43:17.0167 5120	isapnp - ok
16:43:17.0229 5120	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
16:43:17.0307 5120	iScsiPrt - ok
16:43:17.0369 5120	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
16:43:17.0432 5120	kbdclass - ok
16:43:17.0510 5120	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
16:43:17.0588 5120	kbdhid - ok
16:43:17.0650 5120	kbfiltr         (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
16:43:17.0697 5120	kbfiltr - ok
16:43:17.0759 5120	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
16:43:17.0837 5120	KeyIso - ok
16:43:17.0884 5120	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
16:43:17.0947 5120	KSecDD - ok
16:43:17.0993 5120	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
16:43:18.0071 5120	KSecPkg - ok
16:43:18.0165 5120	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
16:43:18.0352 5120	KtmRm - ok
16:43:18.0430 5120	L1C             (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys
16:43:18.0524 5120	L1C - ok
16:43:18.0586 5120	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll
16:43:18.0742 5120	LanmanServer - ok
16:43:18.0820 5120	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
16:43:18.0992 5120	LanmanWorkstation - ok
16:43:19.0101 5120	LgBttPort - ok
16:43:19.0132 5120	lgbusenum - ok
16:43:19.0163 5120	LGVMODEM - ok
16:43:19.0226 5120	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
16:43:19.0397 5120	lltdio - ok
16:43:19.0522 5120	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
16:43:19.0709 5120	lltdsvc - ok
16:43:19.0803 5120	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
16:43:19.0975 5120	lmhosts - ok
16:43:20.0037 5120	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
16:43:20.0115 5120	LSI_FC - ok
16:43:20.0162 5120	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
16:43:20.0240 5120	LSI_SAS - ok
16:43:20.0271 5120	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
16:43:20.0349 5120	LSI_SAS2 - ok
16:43:20.0380 5120	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
16:43:20.0458 5120	LSI_SCSI - ok
16:43:20.0505 5120	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
16:43:20.0630 5120	luafv - ok
16:43:20.0817 5120	McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
16:43:20.0864 5120	McComponentHostService - ok
16:43:20.0911 5120	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
16:43:20.0989 5120	megasas - ok
16:43:21.0035 5120	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
16:43:21.0129 5120	MegaSR - ok
16:43:21.0176 5120	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
16:43:21.0363 5120	MMCSS - ok
16:43:21.0394 5120	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
16:43:21.0613 5120	Modem - ok
16:43:21.0737 5120	monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
16:43:21.0831 5120	monitor - ok
16:43:21.0893 5120	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
16:43:21.0956 5120	mouclass - ok
16:43:22.0003 5120	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
16:43:22.0096 5120	mouhid - ok
16:43:22.0159 5120	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
16:43:22.0221 5120	mountmgr - ok
16:43:22.0283 5120	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
16:43:22.0361 5120	mpio - ok
16:43:22.0408 5120	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
16:43:22.0564 5120	mpsdrv - ok
16:43:22.0673 5120	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
16:43:22.0876 5120	MpsSvc - ok
16:43:23.0017 5120	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
16:43:23.0110 5120	MRxDAV - ok
16:43:23.0173 5120	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
16:43:23.0297 5120	mrxsmb - ok
16:43:23.0344 5120	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
16:43:23.0453 5120	mrxsmb10 - ok
16:43:23.0500 5120	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
16:43:23.0594 5120	mrxsmb20 - ok
16:43:23.0641 5120	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
16:43:23.0703 5120	msahci - ok
16:43:23.0765 5120	msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
16:43:23.0875 5120	msdsm - ok
16:43:23.0921 5120	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
16:43:24.0031 5120	MSDTC - ok
16:43:24.0109 5120	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
16:43:24.0265 5120	Msfs - ok
16:43:24.0296 5120	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
16:43:24.0467 5120	mshidkmdf - ok
16:43:24.0499 5120	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
16:43:24.0577 5120	msisadrv - ok
16:43:24.0655 5120	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
16:43:24.0826 5120	MSiSCSI - ok
16:43:24.0857 5120	msiserver - ok
16:43:24.0904 5120	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
16:43:25.0091 5120	MSKSSRV - ok
16:43:25.0123 5120	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
16:43:25.0279 5120	MSPCLOCK - ok
16:43:25.0294 5120	MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
16:43:25.0435 5120	MSPQM - ok
16:43:25.0481 5120	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
16:43:25.0544 5120	MsRPC - ok
16:43:25.0591 5120	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
16:43:25.0637 5120	mssmbios - ok
16:43:25.0684 5120	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
16:43:25.0809 5120	MSTEE - ok
16:43:25.0887 5120	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
16:43:25.0965 5120	MTConfig - ok
16:43:25.0996 5120	Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
16:43:26.0043 5120	Mup - ok
16:43:26.0121 5120	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
16:43:26.0324 5120	napagent - ok
16:43:26.0464 5120	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
16:43:26.0573 5120	NativeWifiP - ok
16:43:26.0667 5120	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
16:43:26.0807 5120	NDIS - ok
16:43:26.0885 5120	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
16:43:27.0073 5120	NdisCap - ok
16:43:27.0104 5120	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
16:43:27.0275 5120	NdisTapi - ok
16:43:27.0322 5120	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
16:43:27.0494 5120	Ndisuio - ok
16:43:27.0603 5120	NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
16:43:27.0775 5120	NdisWan - ok
16:43:27.0899 5120	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
16:43:28.0055 5120	NDProxy - ok
16:43:28.0133 5120	Net Driver HPZ12 (510c138564486ff926a3f773205c63d1) C:\windows\system32\HPZinw12.dll
16:43:28.0165 5120	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:43:28.0165 5120	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:43:28.0227 5120	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
16:43:28.0414 5120	NetBIOS - ok
16:43:28.0523 5120	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
16:43:28.0711 5120	NetBT - ok
16:43:28.0820 5120	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
16:43:28.0898 5120	Netlogon - ok
16:43:28.0991 5120	Netman          (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
16:43:29.0179 5120	Netman - ok
16:43:29.0319 5120	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:43:29.0397 5120	NetMsmqActivator - ok
16:43:29.0413 5120	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:43:29.0491 5120	NetPipeActivator - ok
16:43:29.0569 5120	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
16:43:29.0756 5120	netprofm - ok
16:43:29.0803 5120	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:43:29.0865 5120	NetTcpActivator - ok
16:43:29.0881 5120	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:43:29.0943 5120	NetTcpPortSharing - ok
16:43:29.0990 5120	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
16:43:30.0037 5120	nfrd960 - ok
16:43:30.0099 5120	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
16:43:30.0255 5120	NlaSvc - ok
16:43:30.0349 5120	NMIndexingService - ok
16:43:30.0395 5120	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
16:43:30.0551 5120	Npfs - ok
16:43:30.0614 5120	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
16:43:30.0785 5120	nsi - ok
16:43:30.0817 5120	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
16:43:30.0988 5120	nsiproxy - ok
16:43:31.0191 5120	Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
16:43:31.0363 5120	Ntfs - ok
16:43:31.0409 5120	Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
16:43:31.0565 5120	Null - ok
16:43:31.0628 5120	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
16:43:31.0706 5120	nvraid - ok
16:43:31.0768 5120	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
16:43:31.0846 5120	nvstor - ok
16:43:31.0924 5120	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
16:43:31.0987 5120	nv_agp - ok
16:43:32.0158 5120	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:43:32.0252 5120	odserv - ok
16:43:32.0299 5120	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
16:43:32.0392 5120	ohci1394 - ok
16:43:32.0439 5120	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:43:32.0501 5120	ose - ok
16:43:32.0579 5120	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
16:43:32.0704 5120	p2pimsvc - ok
16:43:32.0782 5120	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
16:43:32.0876 5120	p2psvc - ok
16:43:32.0938 5120	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
16:43:33.0032 5120	Parport - ok
16:43:33.0079 5120	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
16:43:33.0157 5120	partmgr - ok
16:43:33.0188 5120	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
16:43:33.0281 5120	Parvdm - ok
16:43:33.0328 5120	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
16:43:33.0422 5120	PcaSvc - ok
16:43:33.0500 5120	pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
16:43:33.0578 5120	pci - ok
16:43:33.0609 5120	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
16:43:33.0687 5120	pciide - ok
16:43:33.0749 5120	pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
16:43:33.0827 5120	pcmcia - ok
16:43:33.0874 5120	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
16:43:33.0952 5120	pcw - ok
16:43:34.0046 5120	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
16:43:34.0233 5120	PEAUTH - ok
16:43:34.0529 5120	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
16:43:34.0779 5120	pla - ok
16:43:35.0013 5120	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
16:43:35.0138 5120	PlugPlay - ok
16:43:35.0216 5120	Pml Driver HPZ12 (37e5e8ffbad35605daeec3224ea0e465) C:\windows\system32\HPZipm12.dll
16:43:35.0231 5120	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
16:43:35.0231 5120	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
16:43:35.0278 5120	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
16:43:35.0387 5120	PNRPAutoReg - ok
16:43:35.0450 5120	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
16:43:35.0543 5120	PNRPsvc - ok
16:43:35.0637 5120	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
16:43:35.0809 5120	PolicyAgent - ok
16:43:35.0887 5120	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
16:43:36.0058 5120	Power - ok
16:43:36.0167 5120	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
16:43:36.0339 5120	PptpMiniport - ok
16:43:36.0370 5120	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
16:43:36.0464 5120	Processor - ok
16:43:36.0542 5120	ProfSvc         (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll
16:43:36.0667 5120	ProfSvc - ok
16:43:36.0713 5120	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
16:43:36.0776 5120	ProtectedStorage - ok
16:43:36.0854 5120	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
16:43:36.0979 5120	Psched - ok
16:43:37.0150 5120	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
16:43:37.0306 5120	ql2300 - ok
16:43:37.0509 5120	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
16:43:37.0587 5120	ql40xx - ok
16:43:37.0665 5120	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
16:43:37.0790 5120	QWAVE - ok
16:43:37.0837 5120	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
16:43:37.0915 5120	QWAVEdrv - ok
16:43:37.0961 5120	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
16:43:38.0133 5120	RasAcd - ok
16:43:38.0195 5120	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
16:43:38.0367 5120	RasAgileVpn - ok
16:43:38.0414 5120	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
16:43:38.0585 5120	RasAuto - ok
16:43:38.0617 5120	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
16:43:38.0804 5120	Rasl2tp - ok
16:43:38.0897 5120	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
16:43:39.0085 5120	RasMan - ok
16:43:39.0147 5120	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
16:43:39.0319 5120	RasPppoe - ok
16:43:39.0381 5120	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
16:43:39.0537 5120	RasSstp - ok
16:43:39.0615 5120	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
16:43:39.0787 5120	rdbss - ok
16:43:39.0833 5120	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
16:43:39.0911 5120	rdpbus - ok
16:43:39.0958 5120	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
16:43:40.0083 5120	RDPCDD - ok
16:43:40.0145 5120	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
16:43:40.0270 5120	RDPENCDD - ok
16:43:40.0317 5120	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
16:43:40.0457 5120	RDPREFMP - ok
16:43:40.0504 5120	RDPWD           (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys
16:43:40.0582 5120	RDPWD - ok
16:43:40.0645 5120	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
16:43:40.0707 5120	rdyboost - ok
16:43:40.0769 5120	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
16:43:40.0894 5120	RemoteAccess - ok
16:43:40.0957 5120	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
16:43:41.0113 5120	RemoteRegistry - ok
16:43:41.0175 5120	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
16:43:41.0253 5120	RFCOMM - ok
16:43:41.0300 5120	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
16:43:41.0425 5120	RpcEptMapper - ok
16:43:41.0471 5120	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
16:43:41.0534 5120	RpcLocator - ok
16:43:41.0612 5120	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
16:43:41.0737 5120	RpcSs - ok
16:43:41.0815 5120	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
16:43:41.0939 5120	rspndr - ok
16:43:41.0971 5120	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
16:43:42.0033 5120	SamSs - ok
16:43:42.0111 5120	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
16:43:42.0173 5120	sbp2port - ok
16:43:42.0220 5120	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
16:43:42.0407 5120	SCardSvr - ok
16:43:42.0454 5120	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
16:43:42.0610 5120	scfilter - ok
16:43:42.0766 5120	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
16:43:42.0985 5120	Schedule - ok
16:43:43.0031 5120	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
16:43:43.0187 5120	SCPolicySvc - ok
16:43:43.0250 5120	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
16:43:43.0359 5120	SDRSVC - ok
16:43:43.0499 5120	SeaPort         (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
16:43:43.0593 5120	SeaPort - ok
16:43:43.0640 5120	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
16:43:43.0811 5120	secdrv - ok
16:43:43.0858 5120	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
16:43:43.0999 5120	seclogon - ok
16:43:44.0030 5120	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll
16:43:44.0155 5120	SENS - ok
16:43:44.0201 5120	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
16:43:44.0279 5120	Serenum - ok
16:43:44.0326 5120	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
16:43:44.0404 5120	Serial - ok
16:43:44.0451 5120	sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
16:43:44.0513 5120	sermouse - ok
16:43:44.0623 5120	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
16:43:44.0763 5120	SessionEnv - ok
16:43:44.0794 5120	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
16:43:44.0872 5120	sffdisk - ok
16:43:44.0903 5120	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
16:43:44.0981 5120	sffp_mmc - ok
16:43:44.0997 5120	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
16:43:45.0075 5120	sffp_sd - ok
16:43:45.0106 5120	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
16:43:45.0169 5120	sfloppy - ok
16:43:45.0247 5120	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
16:43:45.0403 5120	SharedAccess - ok
16:43:45.0465 5120	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
16:43:45.0605 5120	ShellHWDetection - ok
16:43:45.0652 5120	simptcp         (f5aaa8cdda25b6387af590d676d25bad) C:\windows\System32\tcpsvcs.exe
16:43:45.0761 5120	simptcp - ok
16:43:45.0808 5120	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
16:43:45.0886 5120	sisagp - ok
16:43:45.0949 5120	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
16:43:46.0011 5120	SiSRaid2 - ok
16:43:46.0058 5120	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
16:43:46.0136 5120	SiSRaid4 - ok
16:43:46.0292 5120	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
16:43:46.0354 5120	SkypeUpdate - ok
16:43:46.0432 5120	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
16:43:46.0588 5120	Smb - ok
16:43:46.0682 5120	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
16:43:46.0744 5120	SNMPTRAP - ok
16:43:46.0791 5120	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
16:43:46.0853 5120	spldr - ok
16:43:46.0931 5120	Spooler         (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
16:43:47.0072 5120	Spooler - ok
16:43:47.0446 5120	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
16:43:47.0789 5120	sppsvc - ok
16:43:48.0039 5120	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
16:43:48.0211 5120	sppuinotify - ok
16:43:48.0320 5120	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
16:43:48.0429 5120	srv - ok
16:43:48.0491 5120	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
16:43:48.0601 5120	srv2 - ok
16:43:48.0647 5120	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
16:43:48.0725 5120	srvnet - ok
16:43:48.0772 5120	sscdbus         (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\windows\system32\DRIVERS\sscdbus.sys
16:43:48.0866 5120	sscdbus - ok
16:43:48.0897 5120	sscdmdfl        (8a1be0c347814f482f493aea619d57f6) C:\windows\system32\DRIVERS\sscdmdfl.sys
16:43:48.0975 5120	sscdmdfl - ok
16:43:49.0037 5120	sscdmdm         (5ab0b1987f682a59b15b78f84c6ad7d0) C:\windows\system32\DRIVERS\sscdmdm.sys
16:43:49.0100 5120	sscdmdm - ok
16:43:49.0162 5120	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
16:43:49.0334 5120	SSDPSRV - ok
16:43:49.0412 5120	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
16:43:49.0459 5120	ssmdrv - ok
16:43:49.0505 5120	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
16:43:49.0677 5120	SstpSvc - ok
16:43:49.0724 5120	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
16:43:49.0802 5120	stexstor - ok
16:43:49.0895 5120	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
16:43:50.0051 5120	StiSvc - ok
16:43:50.0098 5120	swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
16:43:50.0176 5120	swenum - ok
16:43:50.0254 5120	swprv           (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
16:43:50.0441 5120	swprv - ok
16:43:50.0519 5120	SynTP           (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
16:43:50.0566 5120	SynTP - ok
16:43:50.0722 5120	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
16:43:50.0847 5120	SysMain - ok
16:43:50.0909 5120	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
16:43:51.0003 5120	TabletInputService - ok
16:43:51.0081 5120	TapiSrv         (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
16:43:51.0206 5120	TapiSrv - ok
16:43:51.0253 5120	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
16:43:51.0393 5120	TBS - ok
16:43:51.0627 5120	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
16:43:51.0752 5120	Tcpip - ok
16:43:51.0814 5120	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
16:43:51.0970 5120	TCPIP6 - ok
16:43:52.0017 5120	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
16:43:52.0142 5120	tcpipreg - ok
16:43:52.0204 5120	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
16:43:52.0267 5120	TDPIPE - ok
16:43:52.0313 5120	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
16:43:52.0376 5120	TDTCP - ok
16:43:52.0438 5120	tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
16:43:52.0594 5120	tdx - ok
16:43:52.0657 5120	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
16:43:52.0719 5120	TermDD - ok
16:43:52.0844 5120	TermService     (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
16:43:53.0031 5120	TermService - ok
16:43:53.0093 5120	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
16:43:53.0218 5120	Themes - ok
16:43:53.0265 5120	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
16:43:53.0437 5120	THREADORDER - ok
16:43:53.0483 5120	TlntSvr         (ce92b84ed806f1c5c340a51dfd3e49bc) C:\windows\System32\tlntsvr.exe
16:43:53.0577 5120	TlntSvr - ok
16:43:53.0639 5120	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
16:43:53.0811 5120	TrkWks - ok
16:43:53.0889 5120	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
16:43:54.0061 5120	TrustedInstaller - ok
16:43:54.0123 5120	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
16:43:54.0279 5120	tssecsrv - ok
16:43:54.0373 5120	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
16:43:54.0466 5120	TsUsbFlt - ok
16:43:54.0529 5120	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
16:43:54.0700 5120	tunnel - ok
16:43:54.0747 5120	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
16:43:54.0825 5120	uagp35 - ok
16:43:54.0903 5120	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
16:43:55.0059 5120	udfs - ok
16:43:55.0153 5120	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
16:43:55.0246 5120	UI0Detect - ok
16:43:55.0324 5120	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
16:43:55.0387 5120	uliagpkx - ok
16:43:55.0449 5120	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
16:43:55.0543 5120	umbus - ok
16:43:55.0589 5120	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
16:43:55.0683 5120	UmPass - ok
16:43:55.0761 5120	upnphost        (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
16:43:55.0948 5120	upnphost - ok
16:43:56.0073 5120	USB28xxBGA      (ae246f574c9089e284d9d34b63694c45) C:\windows\system32\DRIVERS\emBDA.sys
16:43:56.0182 5120	USB28xxBGA - ok
16:43:56.0323 5120	USB28xxOEM      (3b2a32c73238f537eb5e695d12acfb74) C:\windows\system32\DRIVERS\emOEM.sys
16:43:56.0447 5120	USB28xxOEM - ok
16:43:56.0510 5120	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\windows\system32\Drivers\usbaapl.sys
16:43:56.0603 5120	USBAAPL - ok
16:43:56.0681 5120	usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys
16:43:56.0791 5120	usbaudio - ok
16:43:56.0806 5120	usbbus - ok
16:43:56.0869 5120	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
16:43:56.0962 5120	usbccgp - ok
16:43:57.0009 5120	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
16:43:57.0103 5120	usbcir - ok
16:43:57.0134 5120	UsbDiag - ok
16:43:57.0196 5120	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
16:43:57.0259 5120	usbehci - ok
16:43:57.0321 5120	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
16:43:57.0415 5120	usbhub - ok
16:43:57.0446 5120	USBModem - ok
16:43:57.0508 5120	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
16:43:57.0586 5120	usbohci - ok
16:43:57.0633 5120	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
16:43:57.0727 5120	usbprint - ok
16:43:57.0789 5120	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
16:43:57.0898 5120	usbscan - ok
16:43:57.0945 5120	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
16:43:58.0054 5120	USBSTOR - ok
16:43:58.0101 5120	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
16:43:58.0179 5120	usbuhci - ok
16:43:58.0241 5120	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
16:43:58.0335 5120	usbvideo - ok
16:43:58.0397 5120	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
16:43:58.0569 5120	UxSms - ok
16:43:58.0616 5120	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
16:43:58.0709 5120	VaultSvc - ok
16:43:58.0787 5120	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
16:43:58.0865 5120	vdrvroot - ok
16:43:58.0959 5120	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
16:43:59.0146 5120	vds - ok
16:43:59.0193 5120	vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
16:43:59.0287 5120	vga - ok
16:43:59.0318 5120	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
16:43:59.0489 5120	VgaSave - ok
16:43:59.0552 5120	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
16:43:59.0645 5120	vhdmp - ok
16:43:59.0692 5120	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
16:43:59.0770 5120	viaagp - ok
16:43:59.0801 5120	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
16:43:59.0895 5120	ViaC7 - ok
16:43:59.0942 5120	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
16:44:00.0020 5120	viaide - ok
16:44:00.0051 5120	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
16:44:00.0129 5120	volmgr - ok
16:44:00.0223 5120	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
16:44:00.0316 5120	volmgrx - ok
16:44:00.0394 5120	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
16:44:00.0488 5120	volsnap - ok
16:44:00.0550 5120	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
16:44:00.0628 5120	vsmraid - ok
16:44:00.0784 5120	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
16:44:01.0034 5120	VSS - ok
16:44:01.0081 5120	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
16:44:01.0174 5120	vwifibus - ok
16:44:01.0221 5120	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
16:44:01.0315 5120	vwififlt - ok
16:44:01.0377 5120	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
16:44:01.0486 5120	vwifimp - ok
16:44:01.0580 5120	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
16:44:01.0751 5120	W32Time - ok
16:44:01.0923 5120	W3SVC           (57c8c20bfa5bef6bd851ebac67a8ced0) C:\windows\system32\inetsrv\iisw3adm.dll
16:44:02.0017 5120	W3SVC - ok
16:44:02.0079 5120	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
16:44:02.0173 5120	WacomPen - ok
16:44:02.0219 5120	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
16:44:02.0375 5120	WANARP - ok
16:44:02.0407 5120	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
16:44:02.0547 5120	Wanarpv6 - ok
16:44:02.0625 5120	WAS             (57c8c20bfa5bef6bd851ebac67a8ced0) C:\windows\system32\inetsrv\iisw3adm.dll
16:44:02.0719 5120	WAS - ok
16:44:02.0906 5120	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
16:44:03.0077 5120	wbengine - ok
16:44:03.0140 5120	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
16:44:03.0265 5120	WbioSrvc - ok
16:44:03.0327 5120	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
16:44:03.0467 5120	wcncsvc - ok
16:44:03.0514 5120	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
16:44:03.0608 5120	WcsPlugInService - ok
16:44:03.0701 5120	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
16:44:03.0779 5120	Wd - ok
16:44:03.0857 5120	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
16:44:03.0967 5120	Wdf01000 - ok
16:44:04.0045 5120	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
16:44:04.0169 5120	WdiServiceHost - ok
16:44:04.0201 5120	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
16:44:04.0310 5120	WdiSystemHost - ok
16:44:04.0388 5120	WebClient       (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
16:44:04.0513 5120	WebClient - ok
16:44:04.0575 5120	Wecsvc          (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
16:44:04.0731 5120	Wecsvc - ok
16:44:04.0762 5120	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
16:44:04.0918 5120	wercplsupport - ok
16:44:04.0965 5120	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
16:44:05.0137 5120	WerSvc - ok
16:44:05.0199 5120	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
16:44:05.0355 5120	WfpLwf - ok
16:44:05.0402 5120	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
16:44:05.0480 5120	WIMMount - ok
16:44:05.0651 5120	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
16:44:05.0776 5120	WinDefend - ok
16:44:05.0839 5120	WinHttpAutoProxySvc - ok
16:44:05.0948 5120	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
16:44:06.0135 5120	Winmgmt - ok
16:44:06.0338 5120	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
16:44:06.0603 5120	WinRM - ok
16:44:06.0743 5120	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\drivers\WinUsb.sys
16:44:06.0837 5120	WinUsb - ok
16:44:06.0977 5120	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
16:44:07.0133 5120	Wlansvc - ok
16:44:07.0477 5120	wlidsvc         (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:44:07.0664 5120	wlidsvc - ok
16:44:07.0882 5120	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
16:44:07.0960 5120	WmiAcpi - ok
16:44:08.0069 5120	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
16:44:08.0163 5120	wmiApSrv - ok
16:44:08.0413 5120	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
16:44:08.0584 5120	WMPNetworkSvc - ok
16:44:08.0647 5120	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
16:44:08.0740 5120	WPCSvc - ok
16:44:08.0787 5120	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
16:44:08.0912 5120	WPDBusEnum - ok
16:44:09.0005 5120	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
16:44:09.0177 5120	ws2ifsl - ok
16:44:09.0239 5120	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
16:44:09.0349 5120	wscsvc - ok
16:44:09.0380 5120	WSearch - ok
16:44:09.0676 5120	wuauserv        (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
16:44:09.0957 5120	wuauserv - ok
16:44:10.0285 5120	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
16:44:10.0441 5120	WudfPf - ok
16:44:10.0487 5120	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.SYS
16:44:10.0643 5120	WUDFRd - ok
16:44:10.0721 5120	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
16:44:10.0877 5120	wudfsvc - ok
16:44:10.0940 5120	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
16:44:11.0065 5120	WwanSvc - ok
16:44:11.0174 5120	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:44:11.0689 5120	\Device\Harddisk0\DR0 - ok
16:44:11.0704 5120	Boot (0x1200)   (e82e8cb223b133dc906e7ae36c7c522a) \Device\Harddisk0\DR0\Partition0
16:44:11.0704 5120	\Device\Harddisk0\DR0\Partition0 - ok
16:44:11.0751 5120	Boot (0x1200)   (6d96bbb3aa2ca1cd7babdcd8baa76a22) \Device\Harddisk0\DR0\Partition1
16:44:11.0767 5120	\Device\Harddisk0\DR0\Partition1 - ok
16:44:11.0767 5120	============================================================
16:44:11.0767 5120	Scan finished
16:44:11.0767 5120	============================================================
16:44:11.0829 5128	Detected object count: 4
16:44:11.0829 5128	Actual detected object count: 4
16:46:56.0624 5128	AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
16:46:56.0624 5128	AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:46:56.0640 5128	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
16:46:56.0640 5128	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:46:56.0656 5128	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:46:56.0656 5128	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:46:56.0656 5128	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
16:46:56.0656 5128	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 25.05.2012, 22:49

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

lena-laura · 25.05.2012, 23:46

so hier das combofix log.
in der leiste unten rechts sind ein paar symbole verschwunden...u.a.auch das avira symbol...wo sind die denn hin? weisst du das?

Code:

ATTFilter

ComboFix 12-05-25.03 - lena-laura 26.05.2012   0:13.2.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.2039.1288 [GMT 2:00]
ausgeführt von:: c:\users\lena-laura\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\lena-laura\AppData\Roaming\AcroIEHelpe.txt
c:\users\lena-laura\AppData\Roaming\srvblck5.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-25 bis 2012-05-25  ))))))))))))))))))))))))))))))
.
.
2012-05-25 22:34 . 2012-05-25 22:34	--------	d-----w-	c:\users\lena-laura\AppData\Local\temp
2012-05-25 22:34 . 2012-05-25 22:34	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-05-25 22:34 . 2012-05-25 22:34	--------	d-----w-	c:\users\lena_laura\AppData\Local\temp
2012-05-25 22:34 . 2012-05-25 22:34	--------	d-----w-	c:\users\DefaultAppPool\AppData\Local\temp
2012-05-25 22:34 . 2012-05-25 22:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-23 19:51 . 2012-05-23 19:51	--------	d-----w-	c:\program files\ESET
2012-05-21 00:04 . 2012-05-22 12:41	--------	d--h--w-	c:\users\lena-laura\AppData\Local\Spotify
2012-05-21 00:03 . 2012-05-22 14:27	--------	d--h--w-	c:\users\lena-laura\AppData\Roaming\Spotify
2012-05-13 09:40 . 2012-05-13 09:40	--------	d--h--w-	c:\users\lena-laura\AppData\Roaming\Avira
2012-05-13 01:42 . 2012-04-27 08:20	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-13 01:42 . 2012-04-24 22:32	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-13 01:42 . 2012-04-16 19:17	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-05-13 01:42 . 2012-05-13 01:42	--------	d-----w-	c:\programdata\Avira
2012-05-13 01:42 . 2012-05-13 01:42	--------	d-----w-	c:\program files\Avira
2012-05-12 09:10 . 2012-03-30 10:23	1291632	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-12 09:10 . 2012-03-31 04:29	936960	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 09:09 . 2012-03-31 04:39	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-12 09:09 . 2012-03-31 04:39	3913072	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-12 09:09 . 2012-03-31 02:36	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-05-12 09:09 . 2012-03-17 07:27	56176	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-12 09:09 . 2012-03-03 05:31	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-05-03 16:59 . 2012-05-03 17:00	--------	d-----w-	c:\program files\FILSHtray
2012-05-03 16:37 . 2012-05-03 16:38	--------	d-----w-	c:\program files\MAGIX
2012-05-03 16:35 . 2012-05-04 21:45	--------	d-----w-	c:\programdata\MAGIX
2012-05-03 16:35 . 2012-05-03 16:38	--------	d-----w-	c:\program files\Common Files\MAGIX Services
2012-05-03 16:25 . 2012-05-24 00:32	--------	d-----w-	c:\users\lena-laura\AppData\Roaming\MAGIX
2012-04-26 23:07 . 2002-12-02 13:22	5632	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 21:13 . 2012-04-11 13:17	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-04 21:13 . 2011-06-03 14:35	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-13 21:14 . 2012-04-13 21:14	12872	----a-w-	c:\windows\system32\bootdelete.exe
2012-04-04 13:56 . 2012-02-06 11:44	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-01 05:46 . 2012-04-12 01:02	19824	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:37 . 2012-04-12 01:02	172544	----a-w-	c:\windows\system32\wintrust.dll
2012-03-01 05:33 . 2012-04-12 01:02	159232	----a-w-	c:\windows\system32\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 01:02	5120	----a-w-	c:\windows\system32\wmi.dll
2012-02-28 01:18 . 2012-04-12 01:30	1799168	----a-w-	c:\windows\system32\jscript9.dll
2012-02-28 01:11 . 2012-04-12 01:30	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 01:30	1127424	----a-w-	c:\windows\system32\wininet.dll
2012-02-28 01:03 . 2012-04-12 01:30	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-03-18 15:22 . 2011-05-12 17:36	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"HotKeyMon"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-07-20 83240]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-12-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\lena-laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FILSHtray.lnk - c:\program files\FILSHtray\FILSHtray.exe [2012-4-18 594432]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2012-05-01 22:31	348624	----a-w-	c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-18 219136]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-04-16 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-04-20 105288]
S2 iprip;RIP-Überwachung;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
iissvcs	REG_MULTI_SZ   	w3svc was
apphost	REG_MULTI_SZ   	apphostsvc
ipripsvc	REG_MULTI_SZ   	iprip
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 21:13]
.
2012-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3837843822-382491344-1778226907-1000Core.job
- c:\users\lena-laura\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-19 12:04]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3837843822-382491344-1778226907-1000UA.job
- c:\users\lena-laura\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-19 12:04]
.
2012-02-27 c:\windows\Tasks\Norton Security Scan for lena-laura.job
- c:\progra~1\NORTON~2\Engine\351~1.10\Nss.exe [2012-02-27 07:02]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mStart Page = 
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\lena-laura\AppData\Roaming\Mozilla\Firefox\Profiles\ztgpl636.default\
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00015/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - b0a1e4500000000000000625d3f6b5b0
FF - user.js: extensions.softonic_i.instlDay - 15399
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.51:14
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - de12JANdefault
FF - user.js: extensions.softonic_i.instlRef - MON00015
FF - user.js: extensions.softonic_i.dfltLng - de
FF - user.js: extensions.softonic_i.excTlbr - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\SUPERAntiSpyware\SASSEH.DLL
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3837843822-382491344-1778226907-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3837843822-382491344-1778226907-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-26  00:40:29
ComboFix-quarantined-files.txt  2012-05-25 22:40
ComboFix2.txt  2012-02-07 16:09
.
Vor Suchlauf: 15 Verzeichnis(se), 47.701.848.064 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 47.653.535.744 Bytes frei
.
- - End Of File - - E979CC8EB60BE9AF8936ED34CB8330E0

23.05.2012, 11:16	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojan Banker Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ __________________

Trojan Banker

Plagegeister aller Art und deren Bekämpfung: Trojan Banker

Trojan Banker

Trojan Banker

Trojan Banker

Trojan Banker

Trojan Banker

Trojan Banker

Trojan Banker

Trojan Banker

Trojan Banker

Trojan Banker

Trojan Banker

Trojan Banker

Trojan Banker

Trojan Banker

Trojan Banker

Ähnliche Themen: Trojan Banker

23.05.2012, 19:57	#3
lena-laura	Trojan Banker hallo arne, habe sie dir angehängt. lieben gruß lena-laura __________________