Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BKA Trojaner,Auswertung von Log OTL

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 27.05.2012, 09:30   #1
MK-13
 
BKA Trojaner,Auswertung von Log OTL - Standard

BKA Trojaner,Auswertung von Log OTL



HI und Gruss an alle.Ich habe mich hier angemeldet,da ich jetzt nicht weiterkomme.Mein Prblem: vor 3 Tagen habe ich eine Mail erhalten in der wurde ich angeblich Elite-Mitglied (wo weiss ich auch nicht mehr)und sollte 270 Euro zahlen.Diese werden in wenigen Tagen abgebucht(vom Konto).Ich habe auf so einen Schrott nicht reagiert und die Mail gelöscht.Gestern war wieder was in meiner Mail und zwar eine Mahnung mit Anhang(kleine Zip-Datei).Jetzt habe ich den Fehler gemacht, mir mal die Datei entpackt und angeguckt.Komisch war das ich die Zip entpackt habe und erhalten habe ich eine zweite Zip zum entpacken.
Diese habe ich auch entpackt und eine Datei erhalten.Doch als ich diese öffnen wollte wurde mein Bildschirm kurz schwarz.Ich habe schnell mein Lankabel gezogen und mein Bildschirm wurde normal.Ich habe dann " malware antibytes und comodo internet security" durchlaufen lassen.Beide haben nichts gefunden,doch während des Scans wurde mein Rechner gesperrt und ich wurde aufgefordert 100 Euro zu zahlen um ihn wieder frei zu machen.Der Screen sah aus wie auf der seite hier : hxxp://bka-trojaner.de/ ähnlich Bild 1.02. Ich habe dann versucht den
Taskmanager zu starten,doch ich konnte auf keine Anwendung wechseln.Als ich aber mich Abmelden wollte ,war alles vorbei und und normal(bis jetzt).Ich Traue hier den Frieden nicht.Ich wollte dann mit "Kaspersky WindowsUnlocker" mal das System prüfen,doch das geht nicht.Da mein Brenner defekt ist und über USB geht das bei mir auch nicht.Jetzt habe ich mal " OTL.EXE" gesaugt und durchlaufen lassen,hier die LOGs bzw. nur einer ,da der 2.Log (OTL) zu gross zum anhängen ist(100kb).

Kann mir bitte jemand helfen?
gruss

HI,ich habe noch was versucht ,aber bin nicht sicher ob jetzt alles wieder ok ist.
Ich habe die "kaspersky rescue disk" vom Freund besorgt,läuft bei mir nicht(da ich ein Raid habe.)Habe dann das mit der" AVG Rescue CD" versucht,diese läuft bei mir.Doch hat sie nichts gefunden.Habes auch mit "Trojan Remover" versucht,dieser findet auch nichts.Entweder ist der BKA Trojaner gut versteckt oder etwas hat ihn gelöscht!?Ach ja hier noch beide OTL Logs.

Alt 29.05.2012, 15:19   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner,Auswertung von Log OTL - Standard

BKA Trojaner,Auswertung von Log OTL



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 29.05.2012, 19:40   #3
MK-13
 
BKA Trojaner,Auswertung von Log OTL - Standard

BKA Trojaner,Auswertung von Log OTL



Hi,danke für antwort

Hier der Log:


Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mk-13 :: ****** [Administrator]

Schutz: Aktiviert

29.05.2012 19:03:49
mbam-log-2012-05-29 (19-03-49).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 354608
Laufzeit: 1 Stunde(n), 3 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

gruss

hi,ich hoffe ich habe alles richtig gemacht,ESET Online Scanner hat von 0 bis 99% 15 min gebraucht und von 99 auf 100% über 2 stunden!!??
gruss



Code:
ATTFilter
 ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b8820979083c084492d9259c10c3d952
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-29 08:58:11
# local_time=2012-05-29 10:58:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=1536 16777215 100 0 0 0 0 0
# compatibility_mode=3073 16777213 80 71 16666 14006994 0 0
# compatibility_mode=4096 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 4334603 89947230 0 0
# compatibility_mode=8192 67108863 100 0 479 479 0 0
# scanned=140315
# found=0
# cleaned=0
# scan_time=7710
         
__________________

Alt 30.05.2012, 09:44   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner,Auswertung von Log OTL - Standard

BKA Trojaner,Auswertung von Log OTL



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.05.2012, 16:42   #5
MK-13
 
BKA Trojaner,Auswertung von Log OTL - Standard

BKA Trojaner,Auswertung von Log OTL



hi,ja habe ich!!Alle?das sind aber echt viele,das sind erst ma die letzten 10,weil sind noch so umd ie 50stück!
gruss

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.09.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mk-13 :: MK-13-PC [Administrator]

Schutz: Aktiviert

10.04.2012 00:34:13
mbam-log-2012-04-10 (00-34-13).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 34482
Laufzeit: 2 Minute(n), 38 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
               



 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.21.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mk-13 :: MK-13-PC [Administrator]

Schutz: Aktiviert

26.05.2012 21:47:02
mbam-log-2012-05-26 (21-47-02).txt

Art des Suchlaufs: Benutzerdefinierter Suchlauf
Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P
Durchsuchte Objekte: 1
Laufzeit: 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.21.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mk-13 :: MK-13-PC [Administrator]

Schutz: Aktiviert

26.05.2012 22:13:05
mbam-log-2012-05-26 (22-13-05).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 355169
Laufzeit: 1 Stunde(n), 31 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)



 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.21.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mk-13 :: MK-13-PC [Administrator]

Schutz: Aktiviert

26.05.2012 23:45:20
mbam-log-2012-05-26 (23-45-20).txt

Art des Suchlaufs: Benutzerdefinierter Suchlauf
Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P
Durchsuchte Objekte: 0
Laufzeit: 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)



 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.21.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mk-13 :: MK-13-PC [Administrator]

Schutz: Aktiviert

27.05.2012 08:37:36
mbam-log-2012-05-27 (08-37-36).txt

Art des Suchlaufs: Flash-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P
Durchsuchte Objekte: 188917
Laufzeit: 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.21.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mk-13 :: MK-13-PC [Administrator]

Schutz: Aktiviert

27.05.2012 08:39:35
mbam-log-2012-05-27 (08-39-35).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 228374
Laufzeit: 5 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.27.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mk-13 :: MK-13-PC [Administrator]

Schutz: Aktiviert

27.05.2012 15:02:47
mbam-log-2012-05-27 (15-02-47).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 229833
Laufzeit: 12 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.27.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mk-13 :: MK-13-PC [Administrator]

Schutz: Aktiviert

27.05.2012 22:50:05
mbam-log-2012-05-27 (22-50-05).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 354318
Laufzeit: 1 Stunde(n), 2 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)



 Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.28.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mk-13 :: MK-13-PC [Administrator]

Schutz: Aktiviert

28.05.2012 10:38:43
mbam-log-2012-05-28 (10-38-43).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 354762
Laufzeit: 1 Stunde(n), 7 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

   

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mk-13 :: ****** [Administrator]

Schutz: Aktiviert

29.05.2012 19:03:49
mbam-log-2012-05-29 (19-03-49).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 354608
Laufzeit: 1 Stunde(n), 3 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)



 2012/04/10 00:30:31 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/10 00:30:34 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/10 00:30:37 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/10 00:30:40 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/10 00:31:30 +0200	MK-13-PC	mk-13	MESSAGE	Starting database refresh
2012/04/10 00:31:30 +0200	MK-13-PC	mk-13	MESSAGE	Stopping IP protection
2012/04/10 00:34:14 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection stopped
2012/04/10 00:34:17 +0200	MK-13-PC	mk-13	MESSAGE	Database refreshed successfully
2012/04/10 00:34:17 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/10 00:34:21 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/10 07:32:05 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/10 07:32:09 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/10 07:32:12 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/10 07:32:16 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/10 07:38:27 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/10 07:38:30 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/10 07:38:33 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/10 07:38:37 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/10 07:44:30 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/10 07:44:34 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/10 07:44:37 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/10 07:44:41 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/10 09:27:54 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/10 09:27:56 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/10 09:27:59 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/10 09:28:03 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/10 10:25:53 +0200	MK-13-PC	mk-13	MESSAGE	Stopping IP protection
2012/04/10 10:29:44 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection stopped
2012/04/10 10:37:24 +0200	MK-13-PC	mk-13	MESSAGE	Executing scheduled update:  Daily
2012/04/10 10:37:33 +0200	MK-13-PC	mk-13	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.09.07 to version v2012.04.10.03
2012/04/10 10:37:33 +0200	MK-13-PC	mk-13	MESSAGE	Starting database refresh
2012/04/10 10:37:37 +0200	MK-13-PC	mk-13	MESSAGE	Database refreshed successfully
2012/04/10 13:36:28 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/10 13:36:31 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/10 13:36:34 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/10 13:36:37 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/10 13:42:38 +0200	MK-13-PC	mk-13	MESSAGE	Stopping IP protection
2012/04/10 13:45:30 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection stopped


2012/04/11 07:20:54 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/11 07:20:57 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/11 07:21:00 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/11 07:21:04 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/11 12:33:34 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/11 12:33:36 +0200	MK-13-PC	mk-13	MESSAGE	Executing scheduled update:  Daily
2012/04/11 12:33:38 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/11 12:33:41 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/11 12:33:44 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/11 12:33:46 +0200	MK-13-PC	mk-13	MESSAGE	Starting database refresh
2012/04/11 12:33:46 +0200	MK-13-PC	mk-13	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.10.03 to version v2012.04.11.01
2012/04/11 12:33:46 +0200	MK-13-PC	mk-13	MESSAGE	Stopping IP protection
2012/04/11 12:36:19 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection stopped
2012/04/11 12:36:22 +0200	MK-13-PC	mk-13	MESSAGE	Database refreshed successfully
2012/04/11 12:36:22 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/11 12:36:24 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/11 15:07:56 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/11 15:07:59 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/11 15:08:02 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/11 15:08:05 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/11 15:10:26 +0200	MK-13-PC	mk-13	IP-BLOCK	83.128.72.208 (Type: outgoing, Port: 49171, Process: skype.exe)
2012/04/11 15:10:26 +0200	MK-13-PC	mk-13	IP-BLOCK	83.128.72.208 (Type: outgoing, Port: 49172, Process: skype.exe)
2012/04/11 15:10:26 +0200	MK-13-PC	mk-13	IP-BLOCK	83.128.72.208 (Type: outgoing, Port: 49173, Process: skype.exe)
2012/04/11 15:10:26 +0200	MK-13-PC	mk-13	IP-BLOCK	83.128.72.208 (Type: outgoing, Port: 49174, Process: skype.exe)
2012/04/11 16:52:51 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/11 16:52:55 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/11 16:52:58 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/11 16:53:02 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully


2012/04/12 06:47:50 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/12 06:47:53 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/12 06:47:56 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/12 06:47:59 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/12 08:52:25 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/12 08:52:27 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/12 08:52:30 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/12 08:52:34 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/12 10:21:52 +0200	MK-13-PC	mk-13	MESSAGE	Executing scheduled update:  Daily
2012/04/12 10:22:01 +0200	MK-13-PC	mk-13	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.11.01 to version v2012.04.12.02
2012/04/12 10:22:01 +0200	MK-13-PC	mk-13	MESSAGE	Starting database refresh
2012/04/12 10:22:01 +0200	MK-13-PC	mk-13	MESSAGE	Stopping IP protection
2012/04/12 10:24:46 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection stopped
2012/04/12 10:24:55 +0200	MK-13-PC	mk-13	MESSAGE	Database refreshed successfully
2012/04/12 10:24:55 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/12 10:24:58 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/12 13:40:13 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/12 13:40:15 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/12 13:40:18 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/12 13:40:21 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/12 15:05:49 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/12 15:05:51 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/12 15:05:54 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/12 15:05:57 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/12 18:39:58 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/12 18:40:01 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/12 18:40:04 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/12 18:40:08 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully





2012/04/13 06:30:26 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/13 06:30:29 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/13 06:30:32 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/13 06:30:35 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/13 11:20:15 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/13 11:20:15 +0200	MK-13-PC	mk-13	MESSAGE	Executing scheduled update:  Daily
2012/04/13 11:20:19 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/13 11:20:22 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/13 11:20:26 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/13 11:20:28 +0200	MK-13-PC	mk-13	MESSAGE	Starting database refresh
2012/04/13 11:20:28 +0200	MK-13-PC	mk-13	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.12.02 to version v2012.04.13.02
2012/04/13 11:20:28 +0200	MK-13-PC	mk-13	MESSAGE	Stopping IP protection
2012/04/13 11:23:13 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection stopped
2012/04/13 11:23:17 +0200	MK-13-PC	mk-13	MESSAGE	Database refreshed successfully
2012/04/13 11:23:17 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/13 11:23:21 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/13 11:45:05 +0200	MK-13-PC	mk-13	MESSAGE	Stopping IP protection
2012/04/13 11:48:30 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection stopped
2012/04/13 14:49:40 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/13 14:49:42 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/13 14:49:45 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/13 14:49:48 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully


2012/04/14 07:25:17 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/14 07:25:19 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/14 07:25:22 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/14 07:25:26 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/14 08:25:25 +0200	MK-13-PC	mk-13	IP-BLOCK	89.28.74.51 (Type: outgoing, Port: 49272, Process: skype.exe)
2012/04/14 08:25:25 +0200	MK-13-PC	mk-13	IP-BLOCK	89.28.74.51 (Type: outgoing, Port: 49274, Process: skype.exe)
2012/04/14 08:25:25 +0200	MK-13-PC	mk-13	IP-BLOCK	89.28.74.51 (Type: outgoing, Port: 49275, Process: skype.exe)
2012/04/14 08:25:25 +0200	MK-13-PC	mk-13	IP-BLOCK	89.28.74.51 (Type: outgoing, Port: 49276, Process: skype.exe)
2012/04/14 10:52:29 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/14 10:52:31 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/14 10:52:34 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/14 10:52:37 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/14 10:57:58 +0200	MK-13-PC	mk-13	MESSAGE	Executing scheduled update:  Daily
2012/04/14 10:58:10 +0200	MK-13-PC	mk-13	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.13.02 to version v2012.04.14.02
2012/04/14 10:58:10 +0200	MK-13-PC	mk-13	MESSAGE	Starting database refresh
2012/04/14 10:58:10 +0200	MK-13-PC	mk-13	MESSAGE	Stopping IP protection
2012/04/14 11:02:12 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection stopped
2012/04/14 11:02:27 +0200	MK-13-PC	mk-13	MESSAGE	Database refreshed successfully
2012/04/14 11:02:27 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/14 11:02:30 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/14 18:45:20 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/14 18:45:23 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/14 18:45:26 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/14 18:45:29 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully


2012/04/15 07:21:43 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/15 07:21:47 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/15 07:21:50 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/15 07:21:53 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/15 10:14:26 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/15 10:14:29 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/15 10:14:32 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/15 10:14:35 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/15 10:18:04 +0200	MK-13-PC	mk-13	MESSAGE	Stopping IP protection
2012/04/15 10:21:27 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection stopped
2012/04/15 15:51:58 +0200	MK-13-PC	mk-13	MESSAGE	Starting protection
2012/04/15 15:52:01 +0200	MK-13-PC	mk-13	MESSAGE	Protection started successfully
2012/04/15 15:52:04 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/15 15:52:07 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
2012/04/15 16:00:42 +0200	MK-13-PC	mk-13	MESSAGE	Executing scheduled update:  Daily
2012/04/15 16:00:52 +0200	MK-13-PC	mk-13	MESSAGE	Starting database refresh
2012/04/15 16:00:52 +0200	MK-13-PC	mk-13	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.04.14.02 to version v2012.04.15.03
2012/04/15 16:00:52 +0200	MK-13-PC	mk-13	MESSAGE	Stopping IP protection
2012/04/15 16:03:49 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection stopped
2012/04/15 16:03:52 +0200	MK-13-PC	mk-13	MESSAGE	Database refreshed successfully
2012/04/15 16:03:52 +0200	MK-13-PC	mk-13	MESSAGE	Starting IP protection
2012/04/15 16:03:55 +0200	MK-13-PC	mk-13	MESSAGE	IP Protection started successfully
         


Alt 30.05.2012, 20:39   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner,Auswertung von Log OTL - Standard

BKA Trojaner,Auswertung von Log OTL



Zitat:
Ich habe dann " malware antibytes und comodo internet security" durchlaufen lassen.
Comodo ist kontraproduktiver Unsinn. Bitte umgehend deinstallieren

Mach danach ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> BKA Trojaner,Auswertung von Log OTL

Alt 30.05.2012, 20:56   #7
MK-13
 
BKA Trojaner,Auswertung von Log OTL - Standard

BKA Trojaner,Auswertung von Log OTL



hi,ja mache ich morgen dauer ja länger.

warum ist comodo nicht gut,oder soll ich was anderes nehmen?
was denkst du ist was bei mir aufn rechner?
gruss

Alt 30.05.2012, 21:11   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner,Auswertung von Log OTL - Standard

BKA Trojaner,Auswertung von Log OTL



Lies einfach mal hier, ich denke dann sollte es etwas klarer werden:

Die Vertrauensbrecher c't Editorial über Internet Security Suites und warum sie idR nichts taugen
Oberthal online: Personal Firewalls: Sinnvoll oder sinnfrei?
personal firewalls ? Wiki ? ubuntuusers.de

Dann wirst Du feststellen, dass es einfach nur unnötig ist, sich das System mit einer weiteren "Schutzkomponente" zu verhunzen...

Malwarebefall vermeiden kannst Du sowieso nur, wenn Du selbst Dein verhalten in den Griff bekommst => Kompromittierung unvermeidbar?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 31.05.2012, 20:34   #9
MK-13
 
BKA Trojaner,Auswertung von Log OTL - Standard

BKA Trojaner,Auswertung von Log OTL



hi,da ich nicht ganz verstanden habe,ob ich was in das otl kopieren soll,habe ich es mal mit und ohne gemacht!
gruss

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.05.2012 21:06:08 - Run 3
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Users\mk-13\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 52,92% Memory free
4,00 Gb Paging File | 2,55 Gb Available in Paging File | 63,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69,24 Gb Total Space | 24,28 Gb Free Space | 35,06% Space Free | Partition Type: NTFS
Drive D: | 69,25 Gb Total Space | 43,56 Gb Free Space | 62,90% Space Free | Partition Type: NTFS
Drive E: | 81,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MK-13-PC | User Name: mk-13 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\mk-13\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\V0330Mon.exe (Creative Technology Ltd.)
PRC - C:\Windows\SysWOW64\CtHelper.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation)
SRV:64bit: - (RemoteRegistry) -- C:\Windows\SysNative\regsvc.dll (Microsoft Corporation)
SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (udfs) -- C:\Windows\SysNative\drivers\udfs.sys (Microsoft Corporation)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (V0330VID) -- C:\Windows\SysNative\drivers\V0330Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (GETNDIS) -- C:\Windows\SysNative\drivers\getn62a.sys (VIA Technologies, Inc.              )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (SaiH0255) -- C:\Windows\SysNative\drivers\SaiH0255.sys (Saitek)
DRV:64bit: - (COMMONFX.DLL) -- C:\Windows\SysNative\COMMONFX.DLL (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (hap17v2k) -- C:\Windows\SysNative\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV:64bit: - (hap16v2k) -- C:\Windows\SysNative\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV:64bit: - (ha10kx2k) -- C:\Windows\SysNative\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (CTHWIUT.DLL) -- C:\Windows\SysNative\CTHWIUT.DLL (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.DLL) -- C:\Windows\SysNative\CT20XUT.DLL (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX.DLL) -- C:\Windows\SysNative\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV:64bit: - (CTEDSPSY.DLL) -- C:\Windows\SysNative\CTEDSPSY.DLL (Creative Technology Ltd)
DRV:64bit: - (CTEDSPIO.DLL) -- C:\Windows\SysNative\CTEDSPIO.DLL (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX.DLL) -- C:\Windows\SysNative\CTERFXFX.DLL (Creative Technology Ltd)
DRV:64bit: - (CTEDSPFX.DLL) -- C:\Windows\SysNative\CTEDSPFX.DLL (Creative Technology Ltd)
DRV:64bit: - (CTEAPSFX.DLL) -- C:\Windows\SysNative\CTEAPSFX.DLL (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX.DLL) -- C:\Windows\SysNative\CTSBLFX.DLL (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX.DLL) -- C:\Windows\SysNative\CTAUDFX.DLL (Creative Technology Ltd)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&ss=1&affID=17395
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE C6 58 88 C8 58 CB 01  [binary data]
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\SearchScopes,DefaultScope = {1F096B29-E9DA-4D64-8D63-936BE7762CC5}
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&ss=1&affID=17395
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {d122ad80-ff45-11dd-87af-0800200c9a66}:3.6.29.01.10
FF - prefs.js..extensions.enabledItems: {48e23fba-bb14-4745-b768-382150cd83fb}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
FF - prefs.js..network.proxy.ssl: "ipla"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.05.27 18:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.03.07 10:57:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.16 21:19:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 21:23:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.28 10:39:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.05.27 18:08:44 | 000,000,000 | ---D | M]
 
[2010.09.20 14:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Extensions
[2012.05.30 17:29:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions
[2011.11.12 23:20:53 | 000,000,000 | ---D | M] (Vendetta Online Theme) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{3AF52343-6FC5-4f8e-AFE7-773054020BE9}
[2010.09.24 10:29:13 | 000,000,000 | ---D | M] ("Metal3D") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}
[2012.05.22 07:16:07 | 000,000,000 | ---D | M] (Orange Fox) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{5b35cb30-16b4-11de-8c30-0800200c9a66}
[2012.05.30 17:29:34 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.09.28 00:08:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.29 19:51:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.26 09:55:31 | 000,000,000 | ---D | M] (Green Fox) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
[2011.01.10 13:37:25 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2012.04.28 10:39:40 | 000,000,000 | ---D | M] (Preispilot) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com
[2012.04.28 10:43:59 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\software@loadtubes.com
[2012.04.15 12:58:20 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\zigboom@ymail.com
[2012.05.19 23:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions
[2012.05.19 23:35:20 | 000,000,000 | ---D | M] (Vendetta Online Theme) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{3AF52343-6FC5-4f8e-AFE7-773054020BE9}
[2012.05.19 23:35:21 | 000,000,000 | ---D | M] ("Metal3D") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}
[2012.05.19 23:35:23 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.05.19 23:35:23 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.19 23:35:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.19 23:35:24 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2012.05.19 23:35:20 | 000,000,000 | ---D | M] (Preispilot) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com
[2012.05.19 23:35:20 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\software@loadtubes.com
[2012.05.19 23:35:20 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\zigboom@ymail.com
[2012.05.19 23:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome
[2012.04.28 10:39:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome
[2011.03.21 16:15:10 | 000,000,931 | ---- | M] () -- C:\Users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\searchplugins\conduit.xml
[2011.04.08 00:11:31 | 000,003,915 | ---- | M] () -- C:\Users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\searchplugins\sweetim.xml
[2012.04.25 21:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.30 17:00:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.05 21:04:37 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\MK-13\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68RG2X0I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.11 00:46:14 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\MK-13\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68RG2X0I.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011.04.09 10:55:35 | 000,149,777 | ---- | M] () (No name found) -- C:\USERS\MK-13\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68RG2X0I.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012.03.28 19:55:14 | 000,685,019 | ---- | M] () (No name found) -- C:\USERS\MK-13\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68RG2X0I.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2012.04.25 21:23:57 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.16 20:51:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.28 10:43:53 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.08 00:09:44 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 16:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Preispilot) - {E48592BA-1EE6-41EE-AEC7-3E6CB38E6FD8} - C:\Program Files (x86)\preispilot\Internet Explorer\preispilot.dll (Ciuvo GmbH)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\mk-13\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL File not found
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [V0330Mon.exe] C:\Windows\V0330Mon.exe (Creative Technology Ltd.)
O4 - HKU\.DEFAULT..\Run: [DevconDefaultDB] C:\Windows\SysWow64\READREG.exe (Creative Technology Limited)
O4 - HKU\S-1-5-18..\Run: [DevconDefaultDB] C:\Windows\SysWow64\READREG.exe (Creative Technology Limited)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-510965291-3660956245-2123504699-1001..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\mk-13\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\mk-13\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.144.41.8 82.145.9.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46BA4379-16EF-49BC-97B3-4731536627D7}: DhcpNameServer = 82.144.41.8 82.145.9.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46BA4379-16EF-49BC-97B3-4731536627D7}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3778CD6-CEFE-4016-A729-A805BE586C35}: DhcpNameServer = 82.144.41.8 82.145.9.8
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes3\deskscapes.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\Shell - "" = AutoRun
O33 - MountPoints2\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.31 21:04:54 | 000,000,000 | ---D | C] -- C:\Users\mk-13\Desktop\Neuer Ordner
[2012.05.31 20:55:37 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\mk-13\Desktop\OTL.exe
[2012.05.31 20:50:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.29 20:43:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\mk-13\Desktop\esetsmartinstaller_enu(1).exe
[2012.05.29 20:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.28 20:45:49 | 000,000,000 | ---D | C] -- C:\Users\mk-13\Desktop\bb
[2012.05.27 15:08:30 | 000,000,000 | ---D | C] -- C:\Users\mk-13\Documents\Simply Super Software
[2012.05.27 15:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.05.27 15:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.05.27 15:08:20 | 000,000,000 | ---D | C] -- C:\Users\mk-13\AppData\Roaming\Simply Super Software
[2012.05.27 15:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.05.26 21:48:06 | 000,000,000 | ---D | C] -- C:\Users\mk-13\AppData\Roaming\Ulamni
[2012.05.20 08:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gembird
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.31 21:02:03 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.31 21:02:03 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.31 21:02:03 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.31 21:02:03 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.31 21:02:03 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.31 21:01:02 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.31 21:01:02 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.31 20:55:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\mk-13\Desktop\OTL.exe
[2012.05.31 20:53:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.31 20:53:08 | 1609,469,952 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.31 20:52:38 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012.05.31 20:52:38 | 000,034,416 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2012.05.31 20:52:38 | 000,034,416 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2012.05.31 20:52:38 | 000,030,168 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2012.05.31 20:52:38 | 000,030,168 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2012.05.31 20:52:38 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2012.05.31 18:56:52 | 017,821,105 | ---- | M] () -- C:\Users\mk-13\Desktop\Tu_es_Petrus_-_Niech_mowia_ze_to_nie_jest_milosc.mp4
[2012.05.31 17:09:47 | 378,060,509 | ---- | M] () -- C:\Users\mk-13\Desktop\KLUB_PRZYJACIOL_MYSZKI_MIKI_6_do_10.mp4
[2012.05.30 22:37:31 | 308,203,421 | ---- | M] () -- C:\Users\mk-13\Desktop\Spotkanie_-_czytane_napisy_PL.mp4
[2012.05.29 20:43:28 | 002,322,184 | ---- | M] (ESET) -- C:\Users\mk-13\Desktop\esetsmartinstaller_enu(1).exe
[2012.05.27 15:08:26 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.05.27 14:59:40 | 000,290,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.13 17:28:41 | 369,899,625 | ---- | M] () -- C:\Users\mk-13\Desktop\KLUB_PRZYJACIO_MYSZKI_MIKI_1_do_5.mp4
[2012.05.08 21:04:20 | 017,171,973 | ---- | M] () -- C:\Users\mk-13\Documents\Spacer nad Bugiem. Kwiecień 2012r..MP4
[2012.05.04 21:36:35 | 000,515,850 | ---- | M] () -- C:\Users\mk-13\Desktop\Brian_Doing_the_Snoopy_Dance-_Family_Guy.mp4
 
========== Files Created - No Company Name ==========
 
[2012.05.31 18:56:43 | 017,821,105 | ---- | C] () -- C:\Users\mk-13\Desktop\Tu_es_Petrus_-_Niech_mowia_ze_to_nie_jest_milosc.mp4
[2012.05.31 17:07:51 | 378,060,509 | ---- | C] () -- C:\Users\mk-13\Desktop\KLUB_PRZYJACIOL_MYSZKI_MIKI_6_do_10.mp4
[2012.05.30 22:35:59 | 308,203,421 | ---- | C] () -- C:\Users\mk-13\Desktop\Spotkanie_-_czytane_napisy_PL.mp4
[2012.05.27 15:08:26 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.05.27 15:08:22 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012.05.27 15:08:22 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012.05.13 17:26:51 | 369,899,625 | ---- | C] () -- C:\Users\mk-13\Desktop\KLUB_PRZYJACIO_MYSZKI_MIKI_1_do_5.mp4
[2012.05.08 20:51:42 | 017,171,973 | ---- | C] () -- C:\Users\mk-13\Documents\Spacer nad Bugiem. Kwiecień 2012r..MP4
[2012.05.04 21:36:31 | 000,515,850 | ---- | C] () -- C:\Users\mk-13\Desktop\Brian_Doing_the_Snoopy_Dance-_Family_Guy.mp4
[2012.03.06 10:38:15 | 000,600,856 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.10.16 13:33:24 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.07 11:05:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.05.04 22:01:37 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.11 00:43:16 | 000,006,656 | ---- | C] () -- C:\Users\mk-13\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.22 15:29:40 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.09.27 23:42:10 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010.09.24 00:42:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.09.20 11:51:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.07.22 22:41:17 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Atari
[2010.09.28 00:31:03 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Canneverbe Limited
[2010.09.22 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Canon
[2011.07.03 01:12:43 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\DeepBurner
[2011.10.23 17:22:54 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Digiarty
[2010.09.28 00:11:37 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\DVDVideoSoft
[2010.09.25 11:44:51 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.10 23:13:44 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Foxit Software
[2011.11.08 23:08:10 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Free Download Manager
[2011.06.19 08:58:37 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\go
[2011.11.06 14:54:47 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\ipla
[2010.09.26 16:26:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\IrfanView
[2012.04.28 10:43:59 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\loadtbs
[2011.01.12 19:21:06 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Need for Speed World
[2010.09.22 14:54:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\OpenOffice.org
[2010.10.24 11:07:37 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\OtakuSoftware
[2011.05.25 22:04:08 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\PC Suite
[2010.09.26 16:26:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\PhotoFiltre
[2011.08.28 19:06:20 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Registry Mechanic
[2012.05.27 15:08:20 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Simply Super Software
[2011.10.30 08:12:44 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Steganos
[2012.02.04 22:19:09 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\TS3Client
[2012.02.12 20:21:29 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\TuneUp Software
[2012.05.26 21:48:06 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Ulamni
[2010.09.20 11:58:07 | 000,000,000 | ---D | M] -- C:\Users\mk13.mk-PC\AppData\Roaming\Canon
[2010.09.20 23:36:54 | 000,000,000 | ---D | M] -- C:\Users\mk13.mk-PC\AppData\Roaming\Gutscheinmieze
[2010.09.20 11:58:07 | 000,000,000 | ---D | M] -- C:\Users\mk13.mk-PC\AppData\Roaming\OpenOffice.org
[2010.09.20 23:48:32 | 000,000,000 | ---D | M] -- C:\Users\mk13.mk-PC\AppData\Roaming\TS3Client
[2009.07.14 07:08:49 | 000,031,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(15).TXT
[2012.05.27 18:15:59 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.07 16:45:44 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Adobe
[2010.10.08 23:50:48 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Apple Computer
[2011.07.22 22:41:17 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Atari
[2010.10.06 23:58:12 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\ATI
[2010.09.28 00:31:03 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Canneverbe Limited
[2010.09.22 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Canon
[2011.07.03 01:12:43 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\DeepBurner
[2011.10.23 17:22:54 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Digiarty
[2010.10.12 22:07:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\DivX
[2010.09.28 00:11:37 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\DVDVideoSoft
[2010.09.25 11:44:51 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.10 23:13:44 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Foxit Software
[2011.11.08 23:08:10 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Free Download Manager
[2011.06.19 08:58:37 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\go
[2010.09.20 11:56:51 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Identities
[2011.11.06 14:54:47 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\ipla
[2010.09.26 16:26:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\IrfanView
[2012.04.28 10:43:59 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\loadtbs
[2010.09.21 10:39:36 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Macromedia
[2012.04.10 00:29:41 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Media Center Programs
[2011.03.01 23:14:13 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Media Player Classic
[2012.03.07 16:45:45 | 000,000,000 | --SD | M] -- C:\Users\mk-13\AppData\Roaming\Microsoft
[2010.09.20 14:49:22 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Mozilla
[2011.01.12 19:21:06 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Need for Speed World
[2010.09.22 14:54:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\OpenOffice.org
[2010.10.24 11:07:37 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\OtakuSoftware
[2011.05.25 22:04:08 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\PC Suite
[2010.09.26 16:26:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\PhotoFiltre
[2012.05.09 17:32:46 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Real
[2011.08.28 19:06:20 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Registry Mechanic
[2010.10.07 00:21:48 | 000,000,000 | RH-D | M] -- C:\Users\mk-13\AppData\Roaming\SecuROM
[2012.05.27 15:08:20 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Simply Super Software
[2012.05.31 21:05:05 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Skype
[2011.05.28 17:16:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\skypePM
[2011.10.30 08:12:44 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Steganos
[2012.02.04 22:19:09 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\TS3Client
[2012.02.12 20:21:29 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\TuneUp Software
[2010.10.28 18:30:52 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\U3
[2012.05.26 21:48:06 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Ulamni
[2010.09.24 09:12:57 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.04.28 10:43:53 | 012,697,088 | ---- | M] () -- C:\Users\mk-13\AppData\Roaming\loadtbs\ffmpeg.exe
[2012.04.28 10:43:53 | 001,243,136 | ---- | M] (InfiniAd GmbH) -- C:\Users\mk-13\AppData\Roaming\loadtbs\uninstall.exe
[2012.04.28 10:43:53 | 000,694,784 | ---- | M] (InfiniAd GmbH) -- C:\Users\mk-13\AppData\Roaming\loadtbs\ytdl.exe
[2012.02.24 22:17:59 | 000,003,262 | R--- | M] () -- C:\Users\mk-13\AppData\Roaming\Microsoft\Installer\{BB3867CB-CC16-4F3F-97E7-031A0223719D}\_6FEFF9B68218417F98F549.exe
[2012.02.24 22:17:59 | 000,003,262 | R--- | M] () -- C:\Users\mk-13\AppData\Roaming\Microsoft\Installer\{BB3867CB-CC16-4F3F-97E7-031A0223719D}\_CDAB55E28E9369703789BA.exe
[2012.02.24 22:17:59 | 000,003,262 | R--- | M] () -- C:\Users\mk-13\AppData\Roaming\Microsoft\Installer\{BB3867CB-CC16-4F3F-97E7-031A0223719D}\_F57226061789EA01FD31AB.exe
[2012.03.05 23:35:56 | 000,010,134 | R--- | M] () -- C:\Users\mk-13\AppData\Roaming\Microsoft\Installer\{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}\ARPPRODUCTICON.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\mk-13\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\mk-13\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9638A27E
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 31.05.2012 20:57:50 - Run 3
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Users\mk-13\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,72 Gb Available Physical Memory | 35,84% Memory free
4,00 Gb Paging File | 2,44 Gb Available in Paging File | 61,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69,24 Gb Total Space | 24,28 Gb Free Space | 35,07% Space Free | Partition Type: NTFS
Drive D: | 69,25 Gb Total Space | 43,56 Gb Free Space | 62,90% Space Free | Partition Type: NTFS
Drive E: | 81,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MK-13-PC | User Name: mk-13 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\mk-13\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
PRC - C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Windows\V0330Mon.exe (Creative Technology Ltd.)
PRC - C:\Windows\SysWOW64\CtHelper.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (Mcx2Svc) -- C:\Windows\SysNative\Mcx2Svc.dll (Microsoft Corporation)
SRV:64bit: - (RemoteRegistry) -- C:\Windows\SysNative\regsvc.dll (Microsoft Corporation)
SRV:64bit: - (RemoteAccess) -- C:\Windows\SysNative\mprdim.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (RemoteAccess) -- C:\Windows\SysWOW64\mprdim.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (udfs) -- C:\Windows\SysNative\drivers\udfs.sys (Microsoft Corporation)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (crcdisk) -- C:\Windows\SysNative\drivers\crcdisk.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ws2ifsl) -- C:\Windows\SysNative\drivers\ws2ifsl.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (V0330VID) -- C:\Windows\SysNative\drivers\V0330Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (GETNDIS) -- C:\Windows\SysNative\drivers\getn62a.sys (VIA Technologies, Inc.              )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (SaiH0255) -- C:\Windows\SysNative\drivers\SaiH0255.sys (Saitek)
DRV:64bit: - (COMMONFX.DLL) -- C:\Windows\SysNative\COMMONFX.DLL (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (hap17v2k) -- C:\Windows\SysNative\drivers\haP17v2k.sys (Creative Technology Ltd)
DRV:64bit: - (hap16v2k) -- C:\Windows\SysNative\drivers\haP16v2k.sys (Creative Technology Ltd)
DRV:64bit: - (ha10kx2k) -- C:\Windows\SysNative\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (CTHWIUT.DLL) -- C:\Windows\SysNative\CTHWIUT.DLL (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.DLL) -- C:\Windows\SysNative\CT20XUT.DLL (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX.DLL) -- C:\Windows\SysNative\CTEXFIFX.DLL (Creative Technology Ltd.)
DRV:64bit: - (CTEDSPSY.DLL) -- C:\Windows\SysNative\CTEDSPSY.DLL (Creative Technology Ltd)
DRV:64bit: - (CTEDSPIO.DLL) -- C:\Windows\SysNative\CTEDSPIO.DLL (Creative Technology Ltd)
DRV:64bit: - (CTERFXFX.DLL) -- C:\Windows\SysNative\CTERFXFX.DLL (Creative Technology Ltd)
DRV:64bit: - (CTEDSPFX.DLL) -- C:\Windows\SysNative\CTEDSPFX.DLL (Creative Technology Ltd)
DRV:64bit: - (CTEAPSFX.DLL) -- C:\Windows\SysNative\CTEAPSFX.DLL (Creative Technology Ltd)
DRV:64bit: - (CTSBLFX.DLL) -- C:\Windows\SysNative\CTSBLFX.DLL (Creative Technology Ltd)
DRV:64bit: - (CTAUDFX.DLL) -- C:\Windows\SysNative\CTAUDFX.DLL (Creative Technology Ltd)
DRV:64bit: - (FWLANUSB) -- C:\Windows\SysNative\drivers\fwlanusb.sys (AVM GmbH)
DRV:64bit: - (avmeject) -- C:\Windows\SysNative\drivers\avmeject.sys (AVM Berlin)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&ss=1&affID=17395
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE C6 58 88 C8 58 CB 01  [binary data]
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\SearchScopes,DefaultScope = {1F096B29-E9DA-4D64-8D63-936BE7762CC5}
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&ss=1&affID=17395
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {d122ad80-ff45-11dd-87af-0800200c9a66}:3.6.29.01.10
FF - prefs.js..extensions.enabledItems: {48e23fba-bb14-4745-b768-382150cd83fb}:1.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
FF - prefs.js..network.proxy.ssl: "ipla"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.05.27 18:08:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.03.07 10:57:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.16 21:19:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.25 21:23:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.28 10:39:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.05.27 18:08:44 | 000,000,000 | ---D | M]
 
[2010.09.20 14:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Extensions
[2012.05.30 17:29:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions
[2011.11.12 23:20:53 | 000,000,000 | ---D | M] (Vendetta Online Theme) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{3AF52343-6FC5-4f8e-AFE7-773054020BE9}
[2010.09.24 10:29:13 | 000,000,000 | ---D | M] ("Metal3D") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}
[2012.05.22 07:16:07 | 000,000,000 | ---D | M] (Orange Fox) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{5b35cb30-16b4-11de-8c30-0800200c9a66}
[2012.05.30 17:29:34 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.09.28 00:08:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.29 19:51:06 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.26 09:55:31 | 000,000,000 | ---D | M] (Green Fox) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
[2011.01.10 13:37:25 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2012.04.28 10:39:40 | 000,000,000 | ---D | M] (Preispilot) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com
[2012.04.28 10:43:59 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\software@loadtubes.com
[2012.04.15 12:58:20 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\zigboom@ymail.com
[2012.05.19 23:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions
[2012.05.19 23:35:20 | 000,000,000 | ---D | M] (Vendetta Online Theme) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{3AF52343-6FC5-4f8e-AFE7-773054020BE9}
[2012.05.19 23:35:21 | 000,000,000 | ---D | M] ("Metal3D") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}
[2012.05.19 23:35:23 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.05.19 23:35:23 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.19 23:35:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.05.19 23:35:24 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}
[2012.05.19 23:35:20 | 000,000,000 | ---D | M] (Preispilot) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com
[2012.05.19 23:35:20 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\software@loadtubes.com
[2012.05.19 23:35:20 | 000,000,000 | ---D | M] (LavaFox V2-Green) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\zigboom@ymail.com
[2012.05.19 23:35:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome
[2012.04.28 10:39:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome
[2011.03.21 16:15:10 | 000,000,931 | ---- | M] () -- C:\Users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\searchplugins\conduit.xml
[2011.04.08 00:11:31 | 000,003,915 | ---- | M] () -- C:\Users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\searchplugins\sweetim.xml
[2012.04.25 21:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.30 17:00:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.05 21:04:37 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\MK-13\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68RG2X0I.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.02.11 00:46:14 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\MK-13\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68RG2X0I.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011.04.09 10:55:35 | 000,149,777 | ---- | M] () (No name found) -- C:\USERS\MK-13\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68RG2X0I.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012.03.28 19:55:14 | 000,685,019 | ---- | M] () (No name found) -- C:\USERS\MK-13\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\68RG2X0I.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
[2012.04.25 21:23:57 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.16 20:51:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.28 10:43:53 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2012.01.29 16:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.08 00:09:44 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.01.29 15:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.29 16:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 16:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 16:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 16:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Preispilot) - {E48592BA-1EE6-41EE-AEC7-3E6CB38E6FD8} - C:\Program Files (x86)\preispilot\Internet Explorer\preispilot.dll (Ciuvo GmbH)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\mk-13\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL File not found
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [V0330Mon.exe] C:\Windows\V0330Mon.exe (Creative Technology Ltd.)
O4 - HKU\.DEFAULT..\Run: [DevconDefaultDB] C:\Windows\SysWow64\READREG.exe (Creative Technology Limited)
O4 - HKU\S-1-5-18..\Run: [DevconDefaultDB] C:\Windows\SysWow64\READREG.exe (Creative Technology Limited)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-510965291-3660956245-2123504699-1001..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\mk-13\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\mk-13\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.144.41.8 82.145.9.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46BA4379-16EF-49BC-97B3-4731536627D7}: DhcpNameServer = 82.144.41.8 82.145.9.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46BA4379-16EF-49BC-97B3-4731536627D7}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3778CD6-CEFE-4016-A729-A805BE586C35}: DhcpNameServer = 82.144.41.8 82.145.9.8
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes3\deskscapes.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\Shell - "" = AutoRun
O33 - MountPoints2\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.31 20:55:37 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\mk-13\Desktop\OTL.exe
[2012.05.31 20:50:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.29 20:43:28 | 002,322,184 | ---- | C] (ESET) -- C:\Users\mk-13\Desktop\esetsmartinstaller_enu(1).exe
[2012.05.29 20:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.28 20:45:49 | 000,000,000 | ---D | C] -- C:\Users\mk-13\Desktop\bb
[2012.05.27 15:08:30 | 000,000,000 | ---D | C] -- C:\Users\mk-13\Documents\Simply Super Software
[2012.05.27 15:08:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.05.27 15:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012.05.27 15:08:20 | 000,000,000 | ---D | C] -- C:\Users\mk-13\AppData\Roaming\Simply Super Software
[2012.05.27 15:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.05.26 21:48:06 | 000,000,000 | ---D | C] -- C:\Users\mk-13\AppData\Roaming\Ulamni
[2012.05.20 08:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gembird
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.31 21:02:03 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.31 21:02:03 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.31 21:02:03 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.31 21:02:03 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.31 21:02:03 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.31 21:01:02 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.31 21:01:02 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.31 20:55:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\mk-13\Desktop\OTL.exe
[2012.05.31 20:53:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.31 20:53:08 | 1609,469,952 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.31 20:52:38 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012.05.31 20:52:38 | 000,034,416 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2012.05.31 20:52:38 | 000,034,416 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2012.05.31 20:52:38 | 000,030,168 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2012.05.31 20:52:38 | 000,030,168 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2012.05.31 20:52:38 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000000-00000000-0000000B-00001102-00000004-20011102}.rfx
[2012.05.31 18:56:52 | 017,821,105 | ---- | M] () -- C:\Users\mk-13\Desktop\Tu_es_Petrus_-_Niech_mowia_ze_to_nie_jest_milosc.mp4
[2012.05.31 17:09:47 | 378,060,509 | ---- | M] () -- C:\Users\mk-13\Desktop\KLUB_PRZYJACIOL_MYSZKI_MIKI_6_do_10.mp4
[2012.05.30 22:37:31 | 308,203,421 | ---- | M] () -- C:\Users\mk-13\Desktop\Spotkanie_-_czytane_napisy_PL.mp4
[2012.05.29 20:43:28 | 002,322,184 | ---- | M] (ESET) -- C:\Users\mk-13\Desktop\esetsmartinstaller_enu(1).exe
[2012.05.27 15:08:26 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.05.27 14:59:40 | 000,290,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.13 17:28:41 | 369,899,625 | ---- | M] () -- C:\Users\mk-13\Desktop\KLUB_PRZYJACIO_MYSZKI_MIKI_1_do_5.mp4
[2012.05.08 21:04:20 | 017,171,973 | ---- | M] () -- C:\Users\mk-13\Documents\Spacer nad Bugiem. Kwiecień 2012r..MP4
[2012.05.04 21:36:35 | 000,515,850 | ---- | M] () -- C:\Users\mk-13\Desktop\Brian_Doing_the_Snoopy_Dance-_Family_Guy.mp4
 
========== Files Created - No Company Name ==========
 
[2012.05.31 18:56:43 | 017,821,105 | ---- | C] () -- C:\Users\mk-13\Desktop\Tu_es_Petrus_-_Niech_mowia_ze_to_nie_jest_milosc.mp4
[2012.05.31 17:07:51 | 378,060,509 | ---- | C] () -- C:\Users\mk-13\Desktop\KLUB_PRZYJACIOL_MYSZKI_MIKI_6_do_10.mp4
[2012.05.30 22:35:59 | 308,203,421 | ---- | C] () -- C:\Users\mk-13\Desktop\Spotkanie_-_czytane_napisy_PL.mp4
[2012.05.27 15:08:26 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.05.27 15:08:22 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2012.05.27 15:08:22 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2012.05.13 17:26:51 | 369,899,625 | ---- | C] () -- C:\Users\mk-13\Desktop\KLUB_PRZYJACIO_MYSZKI_MIKI_1_do_5.mp4
[2012.05.08 20:51:42 | 017,171,973 | ---- | C] () -- C:\Users\mk-13\Documents\Spacer nad Bugiem. Kwiecień 2012r..MP4
[2012.05.04 21:36:31 | 000,515,850 | ---- | C] () -- C:\Users\mk-13\Desktop\Brian_Doing_the_Snoopy_Dance-_Family_Guy.mp4
[2012.03.06 10:38:15 | 000,600,856 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.14 23:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.10.16 13:33:24 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.05.07 11:05:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.05.04 22:01:37 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.11 00:43:16 | 000,006,656 | ---- | C] () -- C:\Users\mk-13\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.22 15:29:40 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.09.27 23:42:10 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2010.09.24 00:42:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.09.20 11:51:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.07.22 22:41:17 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Atari
[2010.09.28 00:31:03 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Canneverbe Limited
[2010.09.22 12:30:11 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Canon
[2011.07.03 01:12:43 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\DeepBurner
[2011.10.23 17:22:54 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Digiarty
[2010.09.28 00:11:37 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\DVDVideoSoft
[2010.09.25 11:44:51 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.01.10 23:13:44 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Foxit Software
[2011.11.08 23:08:10 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Free Download Manager
[2011.06.19 08:58:37 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\go
[2011.11.06 14:54:47 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\ipla
[2010.09.26 16:26:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\IrfanView
[2012.04.28 10:43:59 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\loadtbs
[2011.01.12 19:21:06 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Need for Speed World
[2010.09.22 14:54:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\OpenOffice.org
[2010.10.24 11:07:37 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\OtakuSoftware
[2011.05.25 22:04:08 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\PC Suite
[2010.09.26 16:26:55 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\PhotoFiltre
[2011.08.28 19:06:20 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Registry Mechanic
[2012.05.27 15:08:20 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Simply Super Software
[2011.10.30 08:12:44 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Steganos
[2012.02.04 22:19:09 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\TS3Client
[2012.02.12 20:21:29 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\TuneUp Software
[2012.05.26 21:48:06 | 000,000,000 | ---D | M] -- C:\Users\mk-13\AppData\Roaming\Ulamni
[2010.09.20 11:58:07 | 000,000,000 | ---D | M] -- C:\Users\mk13.mk-PC\AppData\Roaming\Canon
[2010.09.20 23:36:54 | 000,000,000 | ---D | M] -- C:\Users\mk13.mk-PC\AppData\Roaming\Gutscheinmieze
[2010.09.20 11:58:07 | 000,000,000 | ---D | M] -- C:\Users\mk13.mk-PC\AppData\Roaming\OpenOffice.org
[2010.09.20 23:48:32 | 000,000,000 | ---D | M] -- C:\Users\mk13.mk-PC\AppData\Roaming\TS3Client
[2009.07.14 07:08:49 | 000,031,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(15).TXT
[2012.05.27 18:15:59 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9638A27E
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
         
--- --- ---

[/code]

Alt 31.05.2012, 21:05   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner,Auswertung von Log OTL - Standard

BKA Trojaner,Auswertung von Log OTL



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&ss=1&affID=17395
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE C6 58 88 C8 58 CB 01  [binary data]
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\SearchScopes,DefaultScope = {1F096B29-E9DA-4D64-8D63-936BE7762CC5}
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&ss=1&affID=17395
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="
FF - prefs.js..network.proxy.ssl: "ipla"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="
FF - user.js - File not found
[2012.05.30 17:29:34 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.09.28 00:08:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.28 10:39:40 | 000,000,000 | ---D | M] (Preispilot) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com
[2012.04.28 10:43:59 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\software@loadtubes.com
[2012.05.19 23:35:23 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.05.19 23:35:23 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.05.19 23:35:20 | 000,000,000 | ---D | M] (Preispilot) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com
[2012.05.19 23:35:20 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\software@loadtubes.com
[2012.04.28 10:39:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome
[2011.03.21 16:15:10 | 000,000,931 | ---- | M] () -- C:\Users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\searchplugins\conduit.xml
[2011.04.08 00:11:31 | 000,003,915 | ---- | M] () -- C:\Users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\searchplugins\sweetim.xml
[2011.04.08 00:09:44 | 000,002,428 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (Preispilot) - {E48592BA-1EE6-41EE-AEC7-3E6CB38E6FD8} - C:\Program Files (x86)\preispilot\Internet Explorer\preispilot.dll (Ciuvo GmbH)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\mk-13\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL File not found
O4 - HKU\S-1-5-21-510965291-3660956245-2123504699-1001..\Run: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\Shell - "" = AutoRun
O33 - MountPoints2\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\Shell\AutoRun\command - "" = F:\pushinst.exe
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9638A27E
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Files
C:\Users\mk13.mk-PC\AppData\Roaming\Gutscheinmieze
C:\Users\mk-13\AppData\Roaming\loadtbs
C:\Users\mk-13\AppData\Roaming\Ulamni
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 31.05.2012, 21:39   #11
MK-13
 
BKA Trojaner,Auswertung von Log OTL - Standard

BKA Trojaner,Auswertung von Log OTL



hi,jetzt haste mir aber angst gemacht,nach den neu start hat win fast 5min gebraucht um zu starten,da war nur das win logo zu sehen!
gruss


Code:
ATTFilter
 

All processes killed
========== OTL ==========
HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found.
Prefs.js: "DVDVideoSoftTB Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=" removed from keyword.URL
Prefs.js: "ipla" removed from network.proxy.ssl
Prefs.js: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=aa90c61100000000000000508de9d3d6&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\Plugins folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\locale\en-US folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\locale\de-DE folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\locale folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content\lib folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content\icons\preispilot folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content\icons folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\software@loadtubes.com\chrome\skin folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\software@loadtubes.com\chrome\content folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\software@loadtubes.com\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\software@loadtubes.com folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome\locale\en-US folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome\locale\de-DE folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome\locale folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content\lib folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content\icons\preispilot folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content\icons folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome\content folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\extension@preispilot.com folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\software@loadtubes.com\chrome\skin folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\software@loadtubes.com\chrome\content folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\software@loadtubes.com\chrome folder moved successfully.
C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\68rg2x0i.default\extensions\software@loadtubes.com folder moved successfully.
Folder C:\Users\mk-13\AppData\Roaming\mozilla\Firefox\Profiles\68rg2x0i.default\extensions\extension@preispilot.com\chrome\ not found.
C:\Users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\searchplugins\conduit.xml moved successfully.
C:\Users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\searchplugins\sweetim.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E48592BA-1EE6-41EE-AEC7-3E6CB38E6FD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E48592BA-1EE6-41EE-AEC7-3E6CB38E6FD8}\ deleted successfully.
C:\Program Files (x86)\preispilot\Internet Explorer\preispilot.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ deleted successfully.
File 13\AppData\Roaming\loadtbs\toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AsioReg deleted successfully.
Registry value HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8037b02-1b4b-11e0-a59f-00508de9d3d6}\ not found.
File F:\pushinst.exe not found.
ADS C:\ProgramData\TEMP:9638A27E deleted successfully.
ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
C:\Users\mk13.mk-PC\AppData\Roaming\Gutscheinmieze folder moved successfully.
C:\Users\mk-13\AppData\Roaming\loadtbs\chrome@loadtubes.com folder moved successfully.
C:\Users\mk-13\AppData\Roaming\loadtbs folder moved successfully.
C:\Users\mk-13\AppData\Roaming\Ulamni folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: mk-13
->Temp folder emptied: 66541244 bytes
->Temporary Internet Files folder emptied: 13981815 bytes
->Java cache emptied: 459136 bytes
->FireFox cache emptied: 791790624 bytes
->Google Chrome cache emptied: 1642864 bytes
->Flash cache emptied: 80779 bytes
 
User: mk13
 
User: mk13.mk-PC
->Java cache emptied: 33801 bytes
->FireFox cache emptied: 129023790 bytes
->Flash cache emptied: 2388 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8972 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 3568113 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 961,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: mk-13
->Flash cache emptied: 0 bytes
 
User: mk13
 
User: mk13.mk-PC
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.44.0 log created on 05312012_222907

Files\Folders moved on Reboot...
C:\Users\mk-13\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\mk-13\AppData\Local\Mozilla\Firefox\Profiles\68rg2x0i.default\Cache\_CACHE_001_ moved successfully.
C:\Users\mk-13\AppData\Local\Mozilla\Firefox\Profiles\68rg2x0i.default\Cache\_CACHE_002_ moved successfully.
C:\Users\mk-13\AppData\Local\Mozilla\Firefox\Profiles\68rg2x0i.default\Cache\_CACHE_003_ moved successfully.
C:\Users\mk-13\AppData\Local\Mozilla\Firefox\Profiles\68rg2x0i.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\mk-13\AppData\Local\Mozilla\Firefox\Profiles\68rg2x0i.default\urlclassifier3.sqlite moved successfully.

Registry entries deleted on Reboot...
         

Alt 01.06.2012, 11:44   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner,Auswertung von Log OTL - Standard

BKA Trojaner,Auswertung von Log OTL



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.06.2012, 12:05   #13
MK-13
 
BKA Trojaner,Auswertung von Log OTL - Standard

BKA Trojaner,Auswertung von Log OTL



hi,er hat 2 sachen gefunden!
gruss


2:58:49.0173 4080 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
12:58:49.0543 4080 ============================================================
12:58:49.0544 4080 Current date / time: 2012/06/01 12:58:49.0543
12:58:49.0544 4080 SystemInfo:
12:58:49.0544 4080
12:58:49.0544 4080 OS Version: 6.1.7601 ServicePack: 1.0
12:58:49.0544 4080 Product type: Workstation
12:58:49.0544 4080 ComputerName: MK-13-PC
12:58:49.0544 4080 UserName: mk-13
12:58:49.0544 4080 Windows directory: C:\Windows
12:58:49.0544 4080 System windows directory: C:\Windows
12:58:49.0544 4080 Running under WOW64
12:58:49.0544 4080 Processor architecture: Intel x64
12:58:49.0544 4080 Number of processors: 2
12:58:49.0544 4080 Page size: 0x1000
12:58:49.0544 4080 Boot type: Normal boot
12:58:49.0544 4080 ============================================================
12:58:50.0026 4080 Drive \Device\Harddisk0\DR0 - Size: 0x229FE40000 (138.50 Gb), SectorSize: 0x200, Cylinders: 0x469F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:58:50.0037 4080 ============================================================
12:58:50.0037 4080 \Device\Harddisk0\DR0:
12:58:50.0037 4080 MBR partitions:
12:58:50.0037 4080 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x8A7B800
12:58:50.0037 4080 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x8A7C000, BlocksNum 0x8A82000
12:58:50.0037 4080 ============================================================
12:58:50.0088 4080 C: <-> \Device\Harddisk0\DR0\Partition0
12:58:50.0138 4080 D: <-> \Device\Harddisk0\DR0\Partition1
12:58:50.0186 4080 ============================================================
12:58:50.0187 4080 Initialize success
12:58:50.0187 4080 ============================================================
13:01:44.0349 3312 ============================================================
13:01:44.0355 3312 Scan started
13:01:44.0355 3312 Mode: Manual; SigCheck; TDLFS;
13:01:44.0355 3312 ============================================================
13:01:44.0648 3312 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:01:44.0965 3312 1394ohci - ok
13:01:44.0997 3312 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:01:45.0029 3312 ACPI - ok
13:01:45.0051 3312 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:01:45.0127 3312 AcpiPmi - ok
13:01:45.0218 3312 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:01:45.0227 3312 AdobeARMservice - ok
13:01:45.0269 3312 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:01:45.0300 3312 adp94xx - ok
13:01:45.0330 3312 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:01:45.0350 3312 adpahci - ok
13:01:45.0361 3312 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:01:45.0382 3312 adpu320 - ok
13:01:45.0406 3312 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:01:45.0505 3312 AeLookupSvc - ok
13:01:45.0553 3312 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:01:45.0627 3312 AFD - ok
13:01:45.0645 3312 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:01:45.0655 3312 agp440 - ok
13:01:45.0663 3312 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:01:45.0733 3312 ALG - ok
13:01:45.0771 3312 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:01:45.0780 3312 aliide - ok
13:01:45.0813 3312 AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe
13:01:45.0968 3312 AMD External Events Utility - ok
13:01:46.0025 3312 AMD FUEL Service - ok
13:01:46.0045 3312 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:01:46.0055 3312 amdide - ok
13:01:46.0086 3312 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
13:01:46.0095 3312 amdiox64 - ok
13:01:46.0135 3312 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:01:46.0192 3312 AmdK8 - ok
13:01:46.0610 3312 amdkmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
13:01:46.0868 3312 amdkmdag - ok
13:01:46.0958 3312 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys
13:01:46.0988 3312 amdkmdap - ok
13:01:47.0000 3312 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:01:47.0052 3312 AmdPPM - ok
13:01:47.0098 3312 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:01:47.0121 3312 amdsata - ok
13:01:47.0142 3312 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:01:47.0166 3312 amdsbs - ok
13:01:47.0185 3312 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:01:47.0194 3312 amdxata - ok
13:01:47.0241 3312 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:01:47.0387 3312 AppID - ok
13:01:47.0405 3312 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:01:47.0457 3312 AppIDSvc - ok
13:01:47.0482 3312 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:01:47.0538 3312 Appinfo - ok
13:01:47.0590 3312 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:01:47.0639 3312 AppMgmt - ok
13:01:47.0670 3312 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:01:47.0692 3312 arc - ok
13:01:47.0705 3312 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:01:47.0725 3312 arcsas - ok
13:01:47.0830 3312 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:01:47.0871 3312 aspnet_state - ok
13:01:47.0894 3312 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:01:47.0954 3312 AsyncMac - ok
13:01:47.0971 3312 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:01:47.0980 3312 atapi - ok
13:01:48.0387 3312 atikmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
13:01:48.0554 3312 atikmdag - ok
13:01:48.0647 3312 atksgt (b4bde3f758a34658a37dfed3d9783cd8) C:\Windows\system32\DRIVERS\atksgt.sys
13:01:48.0658 3312 atksgt - ok
13:01:48.0724 3312 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:01:48.0782 3312 AudioEndpointBuilder - ok
13:01:48.0791 3312 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:01:48.0861 3312 AudioSrv - ok
13:01:48.0879 3312 avmeject (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
13:01:48.0890 3312 avmeject - ok
13:01:48.0928 3312 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:01:48.0992 3312 AxInstSV - ok
13:01:49.0032 3312 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:01:49.0065 3312 b06bdrv - ok
13:01:49.0100 3312 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:01:49.0147 3312 b57nd60a - ok
13:01:49.0175 3312 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:01:49.0208 3312 BDESVC - ok
13:01:49.0223 3312 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:01:49.0272 3312 Beep - ok
13:01:49.0334 3312 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:01:49.0413 3312 BFE - ok
13:01:49.0468 3312 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:01:49.0575 3312 BITS - ok
13:01:49.0618 3312 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:01:49.0649 3312 blbdrive - ok
13:01:49.0680 3312 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:01:49.0718 3312 bowser - ok
13:01:49.0731 3312 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:01:49.0803 3312 BrFiltLo - ok
13:01:49.0813 3312 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:01:49.0833 3312 BrFiltUp - ok
13:01:49.0855 3312 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:01:49.0937 3312 Browser - ok
13:01:49.0965 3312 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:01:50.0015 3312 Brserid - ok
13:01:50.0030 3312 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:01:50.0082 3312 BrSerWdm - ok
13:01:50.0095 3312 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:01:50.0150 3312 BrUsbMdm - ok
13:01:50.0158 3312 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:01:50.0179 3312 BrUsbSer - ok
13:01:50.0201 3312 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:01:50.0241 3312 BTHMODEM - ok
13:01:50.0274 3312 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:01:50.0345 3312 bthserv - ok
13:01:50.0374 3312 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:01:50.0437 3312 cdfs - ok
13:01:50.0473 3312 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:01:50.0511 3312 cdrom - ok
13:01:50.0557 3312 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:01:50.0611 3312 CertPropSvc - ok
13:01:50.0638 3312 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:01:50.0656 3312 circlass - ok
13:01:50.0690 3312 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:01:50.0705 3312 CLFS - ok
13:01:50.0769 3312 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:01:50.0780 3312 clr_optimization_v2.0.50727_32 - ok
13:01:50.0825 3312 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:01:50.0844 3312 clr_optimization_v2.0.50727_64 - ok
13:01:50.0905 3312 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:01:50.0966 3312 clr_optimization_v4.0.30319_32 - ok
13:01:51.0007 3312 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:01:51.0028 3312 clr_optimization_v4.0.30319_64 - ok
13:01:51.0047 3312 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:01:51.0069 3312 CmBatt - ok
13:01:51.0092 3312 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:01:51.0103 3312 cmdide - ok
13:01:51.0143 3312 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:01:51.0182 3312 CNG - ok
13:01:51.0216 3312 COMMONFX.DLL (66ac4fdad5a2d4ff4e3db41810b39de2) C:\Windows\system32\COMMONFX.DLL
13:01:51.0272 3312 COMMONFX.DLL - ok
13:01:51.0282 3312 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:01:51.0291 3312 Compbatt - ok
13:01:51.0315 3312 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:01:51.0355 3312 CompositeBus - ok
13:01:51.0368 3312 COMSysApp - ok
13:01:51.0392 3312 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:01:51.0402 3312 crcdisk - ok
13:01:51.0441 3312 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:01:51.0500 3312 CryptSvc - ok
13:01:51.0537 3312 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:01:51.0597 3312 CSC - ok
13:01:51.0636 3312 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:01:51.0670 3312 CscService - ok
13:01:51.0707 3312 CT20XUT.DLL (01bbd5cb85423b12e445209d243a49a9) C:\Windows\system32\CT20XUT.DLL
13:01:51.0727 3312 CT20XUT.DLL - ok
13:01:51.0791 3312 ctac32k (b81c989c6d3b770f44316a3dc5f607b3) C:\Windows\system32\drivers\ctac32k.sys
13:01:51.0812 3312 ctac32k - ok
13:01:51.0855 3312 ctaud2k (7321bd704cc3b34b78f8574e64258f39) C:\Windows\system32\drivers\ctaud2k.sys
13:01:51.0896 3312 ctaud2k - ok
13:01:51.0923 3312 CTAUDFX.DLL (e873319f281115ebea75e519c5b4d0c4) C:\Windows\system32\CTAUDFX.DLL
13:01:51.0967 3312 CTAUDFX.DLL - ok
13:01:51.0991 3312 CTEAPSFX.DLL (06300545bedf49b6a51fdfe1861f9caf) C:\Windows\system32\CTEAPSFX.DLL
13:01:52.0012 3312 CTEAPSFX.DLL - ok
13:01:52.0052 3312 CTEDSPFX.DLL (2d902f8ec247f0ed0d458cdcaf786544) C:\Windows\system32\CTEDSPFX.DLL
13:01:52.0082 3312 CTEDSPFX.DLL - ok
13:01:52.0112 3312 CTEDSPIO.DLL (0d3f99cda2bea14e4911a698441f1a29) C:\Windows\system32\CTEDSPIO.DLL
13:01:52.0144 3312 CTEDSPIO.DLL - ok
13:01:52.0173 3312 CTEDSPSY.DLL (9d26aa450ac1caadde25f1621ba89842) C:\Windows\system32\CTEDSPSY.DLL
13:01:52.0186 3312 CTEDSPSY.DLL - ok
13:01:52.0215 3312 CTERFXFX.DLL (e5f88dad5ec69665dfa3e5e87791f800) C:\Windows\system32\CTERFXFX.DLL
13:01:52.0250 3312 CTERFXFX.DLL - ok
13:01:52.0316 3312 CTEXFIFX.DLL (fa6dca331835997d2f7c83b9aaabc4bb) C:\Windows\system32\CTEXFIFX.DLL
13:01:52.0372 3312 CTEXFIFX.DLL - ok
13:01:52.0440 3312 CTHWIUT.DLL (9e6a0a3ca3825bb568d42f5f3cb09453) C:\Windows\system32\CTHWIUT.DLL
13:01:52.0465 3312 CTHWIUT.DLL - ok
13:01:52.0485 3312 ctprxy2k (6a05134810301fa6fdd6e95583a91f35) C:\Windows\system32\drivers\ctprxy2k.sys
13:01:52.0521 3312 ctprxy2k - ok
13:01:52.0560 3312 CTSBLFX.DLL (99047fcebab495410cd58ab17284720a) C:\Windows\system32\CTSBLFX.DLL
13:01:52.0586 3312 CTSBLFX.DLL - ok
13:01:52.0613 3312 ctsfm2k (f792246cf9d8ee17f2b32e9069415cdd) C:\Windows\system32\drivers\ctsfm2k.sys
13:01:52.0635 3312 ctsfm2k - ok
13:01:52.0683 3312 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:01:52.0740 3312 DcomLaunch - ok
13:01:52.0763 3312 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:01:52.0840 3312 defragsvc - ok
13:01:52.0874 3312 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:01:52.0937 3312 DfsC - ok
13:01:52.0980 3312 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:01:53.0034 3312 Dhcp - ok
13:01:53.0053 3312 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:01:53.0122 3312 discache - ok
13:01:53.0141 3312 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:01:53.0160 3312 Disk - ok
13:01:53.0192 3312 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:01:53.0242 3312 Dnscache - ok
13:01:53.0275 3312 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:01:53.0356 3312 dot3svc - ok
13:01:53.0383 3312 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:01:53.0436 3312 DPS - ok
13:01:53.0463 3312 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:01:53.0533 3312 drmkaud - ok
13:01:53.0586 3312 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:01:53.0640 3312 DXGKrnl - ok
13:01:53.0668 3312 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:01:53.0734 3312 EapHost - ok
13:01:53.0863 3312 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:01:53.0964 3312 ebdrv - ok
13:01:54.0031 3312 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:01:54.0049 3312 EFS - ok
13:01:54.0107 3312 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:01:54.0171 3312 ehRecvr - ok
13:01:54.0198 3312 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:01:54.0208 3312 ehSched - ok
13:01:54.0253 3312 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:01:54.0276 3312 elxstor - ok
13:01:54.0307 3312 emupia (1e2f860d9521fb73566c85cd17d58291) C:\Windows\system32\drivers\emupia2k.sys
13:01:54.0324 3312 emupia - ok
13:01:54.0339 3312 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:01:54.0363 3312 ErrDev - ok
13:01:54.0409 3312 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:01:54.0454 3312 EventSystem - ok
13:01:54.0481 3312 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:01:54.0526 3312 exfat - ok
13:01:54.0545 3312 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:01:54.0612 3312 fastfat - ok
13:01:54.0663 3312 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:01:54.0700 3312 Fax - ok
13:01:54.0714 3312 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:01:54.0771 3312 fdc - ok
13:01:54.0795 3312 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:01:54.0871 3312 fdPHost - ok
13:01:54.0882 3312 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:01:54.0958 3312 FDResPub - ok
13:01:54.0981 3312 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:01:55.0003 3312 FileInfo - ok
13:01:55.0011 3312 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:01:55.0047 3312 Filetrace - ok
13:01:55.0063 3312 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:01:55.0083 3312 flpydisk - ok
13:01:55.0111 3312 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:01:55.0132 3312 FltMgr - ok
13:01:55.0190 3312 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:01:55.0242 3312 FontCache - ok
13:01:55.0308 3312 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:01:55.0315 3312 FontCache3.0.0.0 - ok
13:01:55.0347 3312 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:01:55.0358 3312 FsDepends - ok
13:01:55.0375 3312 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:01:55.0385 3312 Fs_Rec - ok
13:01:55.0420 3312 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:01:55.0446 3312 fvevol - ok
13:01:55.0478 3312 FWLANUSB (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
13:01:55.0511 3312 FWLANUSB - ok
13:01:55.0527 3312 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:01:55.0547 3312 gagp30kx - ok
13:01:55.0581 3312 GETNDIS (544e98f3d45adb286f3b01226e390b08) C:\Windows\system32\DRIVERS\getn62a.sys
13:01:55.0625 3312 GETNDIS - ok
13:01:55.0680 3312 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:01:55.0772 3312 gpsvc - ok
13:01:55.0834 3312 ha10kx2k (b3f220ad6eeddc2546780b84a8919b7a) C:\Windows\system32\drivers\ha10kx2k.sys
13:01:55.0880 3312 ha10kx2k - ok
13:01:55.0952 3312 hap16v2k (5d6aec608b871cc2c724114f34cad3c8) C:\Windows\system32\drivers\hap16v2k.sys
13:01:55.0968 3312 hap16v2k - ok
13:01:55.0992 3312 hap17v2k (b95ba8d7ea73a47fac3a59cf4a3b3043) C:\Windows\system32\drivers\hap17v2k.sys
13:01:56.0015 3312 hap17v2k - ok
13:01:56.0033 3312 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:01:56.0053 3312 hcw85cir - ok
13:01:56.0083 3312 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:01:56.0125 3312 HDAudBus - ok
13:01:56.0139 3312 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:01:56.0157 3312 HidBatt - ok
13:01:56.0172 3312 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:01:56.0211 3312 HidBth - ok
13:01:56.0231 3312 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:01:56.0254 3312 HidIr - ok
13:01:56.0274 3312 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:01:56.0337 3312 hidserv - ok
13:01:56.0367 3312 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:01:56.0396 3312 HidUsb - ok
13:01:56.0428 3312 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:01:56.0493 3312 hkmsvc - ok
13:01:56.0525 3312 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:01:56.0585 3312 HomeGroupListener - ok
13:01:56.0614 3312 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:01:56.0653 3312 HomeGroupProvider - ok
13:01:56.0678 3312 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:01:56.0700 3312 HpSAMD - ok
13:01:56.0749 3312 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:01:56.0827 3312 HTTP - ok
13:01:56.0844 3312 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:01:56.0853 3312 hwpolicy - ok
13:01:56.0879 3312 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:01:56.0901 3312 i8042prt - ok
13:01:56.0937 3312 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:01:56.0953 3312 iaStorV - ok
13:01:57.0012 3312 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:01:57.0041 3312 IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:01:57.0041 3312 IDriverT - detected UnsignedFile.Multi.Generic (1)
13:01:57.0115 3312 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:01:57.0163 3312 idsvc - ok
13:01:57.0219 3312 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:01:57.0230 3312 iirsp - ok
13:01:57.0281 3312 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:01:57.0354 3312 IKEEXT - ok
13:01:57.0374 3312 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:01:57.0383 3312 intelide - ok
13:01:57.0409 3312 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:01:57.0421 3312 intelppm - ok
13:01:57.0448 3312 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:01:57.0500 3312 IPBusEnum - ok
13:01:57.0528 3312 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:01:57.0577 3312 IpFilterDriver - ok
13:01:57.0617 3312 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:01:57.0662 3312 iphlpsvc - ok
13:01:57.0693 3312 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:01:57.0726 3312 IPMIDRV - ok
13:01:57.0751 3312 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:01:57.0821 3312 IPNAT - ok
13:01:57.0841 3312 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:01:57.0922 3312 IRENUM - ok
13:01:57.0940 3312 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:01:57.0950 3312 isapnp - ok
13:01:57.0973 3312 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:01:57.0999 3312 iScsiPrt - ok
13:01:58.0020 3312 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:01:58.0034 3312 kbdclass - ok
13:01:58.0054 3312 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:01:58.0083 3312 kbdhid - ok
13:01:58.0110 3312 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:01:58.0122 3312 KeyIso - ok
13:01:58.0137 3312 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:01:58.0158 3312 KSecDD - ok
13:01:58.0169 3312 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:01:58.0191 3312 KSecPkg - ok
13:01:58.0203 3312 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:01:58.0260 3312 ksthunk - ok
13:01:58.0298 3312 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:01:58.0370 3312 KtmRm - ok
13:01:58.0408 3312 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
13:01:58.0487 3312 LanmanServer - ok
13:01:58.0517 3312 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:01:58.0613 3312 LanmanWorkstation - ok
13:01:58.0647 3312 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
13:01:58.0668 3312 LGBusEnum - ok
13:01:58.0700 3312 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
13:01:58.0715 3312 LGVirHid - ok
13:01:58.0771 3312 lirsgt (955982bf4421b77722196552b62e8dc2) C:\Windows\system32\DRIVERS\lirsgt.sys
13:01:58.0786 3312 lirsgt - ok
13:01:58.0812 3312 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:01:58.0868 3312 lltdio - ok
13:01:58.0904 3312 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:01:58.0987 3312 lltdsvc - ok
13:01:59.0011 3312 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:01:59.0054 3312 lmhosts - ok
13:01:59.0085 3312 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:01:59.0106 3312 LSI_FC - ok
13:01:59.0114 3312 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:01:59.0136 3312 LSI_SAS - ok
13:01:59.0150 3312 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:01:59.0161 3312 LSI_SAS2 - ok
13:01:59.0174 3312 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:01:59.0196 3312 LSI_SCSI - ok
13:01:59.0218 3312 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:01:59.0293 3312 luafv - ok
13:01:59.0336 3312 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
13:01:59.0350 3312 MBAMProtector - ok
13:01:59.0418 3312 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:01:59.0436 3312 MBAMService - ok
13:01:59.0462 3312 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:01:59.0483 3312 Mcx2Svc - ok
13:01:59.0503 3312 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:01:59.0513 3312 megasas - ok
13:01:59.0528 3312 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:01:59.0554 3312 MegaSR - ok
13:01:59.0578 3312 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:01:59.0633 3312 MMCSS - ok
13:01:59.0646 3312 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:01:59.0690 3312 Modem - ok
13:01:59.0712 3312 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:01:59.0737 3312 monitor - ok
13:01:59.0771 3312 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
13:01:59.0782 3312 mouclass - ok
13:01:59.0799 3312 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:01:59.0821 3312 mouhid - ok
13:01:59.0853 3312 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:01:59.0870 3312 mountmgr - ok
13:01:59.0934 3312 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:01:59.0944 3312 MozillaMaintenance - ok
13:01:59.0969 3312 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:01:59.0998 3312 mpio - ok
13:02:00.0017 3312 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:02:00.0067 3312 mpsdrv - ok
13:02:00.0122 3312 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:02:00.0181 3312 MpsSvc - ok
13:02:00.0215 3312 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:02:00.0257 3312 MRxDAV - ok
13:02:00.0282 3312 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:02:00.0327 3312 mrxsmb - ok
13:02:00.0352 3312 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:02:00.0387 3312 mrxsmb10 - ok
13:02:00.0409 3312 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:02:00.0434 3312 mrxsmb20 - ok
13:02:00.0459 3312 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:02:00.0469 3312 msahci - ok
13:02:00.0497 3312 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:02:00.0517 3312 msdsm - ok
13:02:00.0545 3312 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:02:00.0589 3312 MSDTC - ok
13:02:00.0614 3312 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:02:00.0647 3312 Msfs - ok
13:02:00.0661 3312 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:02:00.0710 3312 mshidkmdf - ok
13:02:00.0715 3312 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:02:00.0724 3312 msisadrv - ok
13:02:00.0765 3312 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:02:00.0863 3312 MSiSCSI - ok
13:02:00.0875 3312 msiserver - ok
13:02:00.0903 3312 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:02:00.0944 3312 MSKSSRV - ok
13:02:00.0964 3312 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:02:01.0008 3312 MSPCLOCK - ok
13:02:01.0025 3312 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:02:01.0086 3312 MSPQM - ok
13:02:01.0127 3312 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:02:01.0149 3312 MsRPC - ok
13:02:01.0169 3312 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:02:01.0179 3312 mssmbios - ok
13:02:01.0191 3312 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:02:01.0255 3312 MSTEE - ok
13:02:01.0264 3312 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:02:01.0277 3312 MTConfig - ok
13:02:01.0293 3312 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:02:01.0316 3312 Mup - ok
13:02:01.0348 3312 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:02:01.0404 3312 napagent - ok
13:02:01.0441 3312 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:02:01.0472 3312 NativeWifiP - ok
13:02:01.0532 3312 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:02:01.0565 3312 NDIS - ok
13:02:01.0582 3312 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:02:01.0624 3312 NdisCap - ok
13:02:01.0646 3312 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:02:01.0687 3312 NdisTapi - ok
13:02:01.0718 3312 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:02:01.0772 3312 Ndisuio - ok
13:02:01.0788 3312 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:02:01.0841 3312 NdisWan - ok
13:02:01.0873 3312 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:02:01.0931 3312 NDProxy - ok
13:02:01.0942 3312 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:02:01.0984 3312 NetBIOS - ok
13:02:02.0011 3312 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:02:02.0087 3312 NetBT - ok
13:02:02.0112 3312 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:02:02.0129 3312 Netlogon - ok
13:02:02.0166 3312 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:02:02.0222 3312 Netman - ok
13:02:02.0316 3312 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:02:02.0341 3312 NetMsmqActivator - ok
13:02:02.0346 3312 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:02:02.0355 3312 NetPipeActivator - ok
13:02:02.0388 3312 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:02:02.0444 3312 netprofm - ok
13:02:02.0459 3312 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:02:02.0469 3312 NetTcpActivator - ok
13:02:02.0473 3312 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:02:02.0483 3312 NetTcpPortSharing - ok
13:02:02.0521 3312 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:02:02.0542 3312 nfrd960 - ok
13:02:02.0577 3312 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:02:02.0647 3312 NlaSvc - ok
13:02:02.0685 3312 nmwcd (903681bab213d5f84717c0fc42afb28a) C:\Windows\system32\drivers\ccdcmbx64.sys
13:02:02.0750 3312 nmwcd - ok
13:02:02.0779 3312 nmwcdc (ec4c5ebd003e0395bf4ea5a2efd13ce6) C:\Windows\system32\drivers\ccdcmbox64.sys
13:02:02.0827 3312 nmwcdc - ok
13:02:02.0860 3312 nmwcdnsucx64 (863aa6c58ac85a22355ae943c605e44b) C:\Windows\system32\drivers\nmwcdnsucx64.sys
13:02:02.0894 3312 nmwcdnsucx64 - ok
13:02:02.0934 3312 nmwcdnsux64 (7983d9201788407c4d1fc4d0baa04e32) C:\Windows\system32\drivers\nmwcdnsux64.sys
13:02:02.0982 3312 nmwcdnsux64 - ok
13:02:03.0002 3312 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:02:03.0063 3312 Npfs - ok
13:02:03.0079 3312 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:02:03.0131 3312 nsi - ok
13:02:03.0143 3312 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:02:03.0187 3312 nsiproxy - ok
13:02:03.0259 3312 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:02:03.0308 3312 Ntfs - ok
13:02:03.0375 3312 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:02:03.0434 3312 Null - ok
13:02:03.0472 3312 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:02:03.0492 3312 nvraid - ok
13:02:03.0515 3312 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:02:03.0526 3312 nvstor - ok
13:02:03.0568 3312 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:02:03.0589 3312 nv_agp - ok
13:02:03.0612 3312 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:02:03.0649 3312 ohci1394 - ok
13:02:03.0677 3312 ossrv (678cc7dcf607bbd69a9f9333d39c2f1d) C:\Windows\system32\drivers\ctoss2k.sys
13:02:03.0713 3312 ossrv - ok
13:02:03.0749 3312 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:02:03.0776 3312 p2pimsvc - ok
13:02:03.0813 3312 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:02:03.0849 3312 p2psvc - ok
13:02:03.0871 3312 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:02:03.0896 3312 Parport - ok
13:02:03.0917 3312 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:02:03.0933 3312 partmgr - ok
13:02:03.0969 3312 pavboot (337a81b3ff34f9851d245d42a725fc22) C:\Windows\system32\Drivers\pavboot64.sys
13:02:03.0978 3312 pavboot - ok
13:02:04.0000 3312 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:02:04.0035 3312 PcaSvc - ok
13:02:04.0086 3312 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
13:02:04.0119 3312 pccsmcfd - ok
13:02:04.0147 3312 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:02:04.0167 3312 pci - ok
13:02:04.0188 3312 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:02:04.0198 3312 pciide - ok
13:02:04.0219 3312 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:02:04.0239 3312 pcmcia - ok
13:02:04.0244 3312 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:02:04.0254 3312 pcw - ok
13:02:04.0303 3312 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:02:04.0372 3312 PEAUTH - ok
13:02:04.0449 3312 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:02:04.0518 3312 PeerDistSvc - ok
13:02:04.0575 3312 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:02:04.0604 3312 PerfHost - ok
13:02:04.0715 3312 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:02:04.0794 3312 pla - ok
13:02:04.0834 3312 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:02:04.0860 3312 PlugPlay - ok
13:02:04.0875 3312 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:02:04.0903 3312 PNRPAutoReg - ok
13:02:04.0930 3312 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:02:04.0957 3312 PNRPsvc - ok
13:02:04.0988 3312 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:02:05.0042 3312 PolicyAgent - ok
13:02:05.0076 3312 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:02:05.0140 3312 Power - ok
13:02:05.0189 3312 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:02:05.0245 3312 PptpMiniport - ok
13:02:05.0271 3312 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:02:05.0291 3312 Processor - ok
13:02:05.0312 3312 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:02:05.0366 3312 ProfSvc - ok
13:02:05.0387 3312 Prot6Flt - ok
13:02:05.0417 3312 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:02:05.0427 3312 ProtectedStorage - ok
13:02:05.0459 3312 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:02:05.0533 3312 Psched - ok
13:02:05.0597 3312 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:02:05.0650 3312 ql2300 - ok
13:02:05.0729 3312 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:02:05.0750 3312 ql40xx - ok
13:02:05.0774 3312 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:02:05.0827 3312 QWAVE - ok
13:02:05.0843 3312 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:02:05.0874 3312 QWAVEdrv - ok
13:02:05.0926 3312 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
13:02:05.0945 3312 RapiMgr - ok
13:02:05.0956 3312 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:02:06.0014 3312 RasAcd - ok
13:02:06.0038 3312 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:02:06.0085 3312 RasAgileVpn - ok
13:02:06.0106 3312 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:02:06.0163 3312 RasAuto - ok
13:02:06.0192 3312 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:02:06.0264 3312 Rasl2tp - ok
13:02:06.0312 3312 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:02:06.0368 3312 RasMan - ok
13:02:06.0390 3312 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:02:06.0464 3312 RasPppoe - ok
13:02:06.0475 3312 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:02:06.0529 3312 RasSstp - ok
13:02:06.0556 3312 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:02:06.0606 3312 rdbss - ok
13:02:06.0610 3312 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:02:06.0640 3312 rdpbus - ok
13:02:06.0657 3312 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:02:06.0703 3312 RDPCDD - ok
13:02:06.0739 3312 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:02:06.0759 3312 RDPDR - ok
13:02:06.0775 3312 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:02:06.0816 3312 RDPENCDD - ok
13:02:06.0828 3312 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:02:06.0864 3312 RDPREFMP - ok
13:02:06.0903 3312 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:02:06.0951 3312 RDPWD - ok
13:02:06.0987 3312 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:02:07.0008 3312 rdyboost - ok
13:02:07.0029 3312 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:02:07.0083 3312 RemoteAccess - ok
13:02:07.0100 3312 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:02:07.0189 3312 RemoteRegistry - ok
13:02:07.0221 3312 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:02:07.0266 3312 RpcEptMapper - ok
13:02:07.0282 3312 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:02:07.0309 3312 RpcLocator - ok
13:02:07.0351 3312 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:02:07.0403 3312 RpcSs - ok
13:02:07.0430 3312 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:02:07.0481 3312 rspndr - ok
13:02:07.0493 3312 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
13:02:07.0537 3312 s3cap - ok
13:02:07.0578 3312 SaiH0255 (248abd858ff7dcc966e5a54529ddd225) C:\Windows\system32\DRIVERS\SaiH0255.sys
13:02:07.0597 3312 SaiH0255 - ok
13:02:07.0620 3312 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:02:07.0631 3312 SamSs - ok
13:02:07.0641 3312 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:02:07.0663 3312 sbp2port - ok
13:02:07.0681 3312 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:02:07.0745 3312 SCardSvr - ok
13:02:07.0764 3312 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:02:07.0804 3312 scfilter - ok
13:02:07.0861 3312 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:02:07.0947 3312 Schedule - ok
13:02:07.0986 3312 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:02:08.0021 3312 SCPolicySvc - ok
13:02:08.0041 3312 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:02:08.0096 3312 SDRSVC - ok
13:02:08.0137 3312 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:02:08.0198 3312 secdrv - ok
13:02:08.0220 3312 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:02:08.0264 3312 seclogon - ok
13:02:08.0285 3312 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:02:08.0330 3312 SENS - ok
13:02:08.0341 3312 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:02:08.0365 3312 SensrSvc - ok
13:02:08.0381 3312 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:02:08.0392 3312 Serenum - ok
13:02:08.0412 3312 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:02:08.0441 3312 Serial - ok
13:02:08.0466 3312 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:02:08.0485 3312 sermouse - ok
13:02:08.0571 3312 ServiceLayer (12b41d84a4d058adc60853c365dbfcca) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
13:02:08.0599 3312 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
13:02:08.0599 3312 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
13:02:08.0634 3312 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:02:08.0689 3312 SessionEnv - ok
13:02:08.0704 3312 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:02:08.0722 3312 sffdisk - ok
13:02:08.0742 3312 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:02:08.0773 3312 sffp_mmc - ok
13:02:08.0786 3312 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:02:08.0812 3312 sffp_sd - ok
13:02:08.0821 3312 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:02:08.0843 3312 sfloppy - ok
13:02:08.0878 3312 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:02:08.0946 3312 SharedAccess - ok
13:02:09.0000 3312 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:02:09.0048 3312 ShellHWDetection - ok
13:02:09.0072 3312 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:02:09.0082 3312 SiSRaid2 - ok
13:02:09.0101 3312 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:02:09.0128 3312 SiSRaid4 - ok
13:02:09.0204 3312 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
13:02:09.0212 3312 SkypeUpdate - ok
13:02:09.0237 3312 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:02:09.0291 3312 Smb - ok
13:02:09.0341 3312 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:02:09.0368 3312 SNMPTRAP - ok
13:02:09.0383 3312 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:02:09.0393 3312 spldr - ok
13:02:09.0436 3312 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:02:09.0481 3312 Spooler - ok
13:02:09.0623 3312 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:02:09.0741 3312 sppsvc - ok
13:02:09.0797 3312 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:02:09.0840 3312 sppuinotify - ok
13:02:09.0882 3312 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:02:09.0928 3312 srv - ok
13:02:09.0947 3312 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:02:09.0981 3312 srv2 - ok
13:02:09.0993 3312 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:02:10.0041 3312 srvnet - ok
13:02:10.0075 3312 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:02:10.0138 3312 SSDPSRV - ok
13:02:10.0159 3312 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:02:10.0210 3312 SstpSvc - ok
13:02:10.0237 3312 StarOpen - ok
13:02:10.0281 3312 Steam Client Service - ok
13:02:10.0296 3312 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:02:10.0306 3312 stexstor - ok
13:02:10.0351 3312 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:02:10.0396 3312 stisvc - ok
13:02:10.0412 3312 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
13:02:10.0433 3312 storflt - ok
13:02:10.0449 3312 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
13:02:10.0486 3312 StorSvc - ok
13:02:10.0494 3312 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
13:02:10.0503 3312 storvsc - ok
13:02:10.0519 3312 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:02:10.0528 3312 swenum - ok
13:02:10.0564 3312 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:02:10.0618 3312 swprv - ok
13:02:10.0695 3312 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:02:10.0764 3312 SysMain - ok
13:02:10.0838 3312 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:02:10.0872 3312 TabletInputService - ok
13:02:10.0907 3312 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:02:10.0968 3312 TapiSrv - ok
13:02:10.0998 3312 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:02:11.0049 3312 TBS - ok
13:02:11.0148 3312 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:02:11.0206 3312 Tcpip - ok
13:02:11.0305 3312 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:02:11.0359 3312 TCPIP6 - ok
13:02:11.0416 3312 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:02:11.0456 3312 tcpipreg - ok
13:02:11.0478 3312 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:02:11.0491 3312 TDPIPE - ok
13:02:11.0508 3312 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:02:11.0528 3312 TDTCP - ok
13:02:11.0561 3312 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:02:11.0611 3312 tdx - ok
13:02:11.0640 3312 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:02:11.0652 3312 TermDD - ok
13:02:11.0697 3312 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:02:11.0745 3312 TermService - ok
13:02:11.0772 3312 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:02:11.0800 3312 Themes - ok
13:02:11.0823 3312 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:02:11.0857 3312 THREADORDER - ok
13:02:11.0867 3312 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:02:11.0926 3312 TrkWks - ok
13:02:11.0962 3312 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:02:12.0024 3312 TrustedInstaller - ok
13:02:12.0045 3312 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:02:12.0078 3312 tssecsrv - ok
13:02:12.0105 3312 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:02:12.0116 3312 TsUsbFlt - ok
13:02:12.0304 3312 TuneUp.UtilitiesSvc (286809293bc5ae5d6a1a381b53c72d1a) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
13:02:12.0348 3312 TuneUp.UtilitiesSvc - ok
13:02:12.0383 3312 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
13:02:12.0392 3312 TuneUpUtilitiesDrv - ok
13:02:12.0481 3312 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:02:12.0544 3312 tunnel - ok
13:02:12.0564 3312 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:02:12.0575 3312 uagp35 - ok
13:02:12.0612 3312 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:02:12.0670 3312 udfs - ok
13:02:12.0696 3312 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:02:12.0723 3312 UI0Detect - ok
13:02:12.0754 3312 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:02:12.0765 3312 uliagpkx - ok
13:02:12.0798 3312 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
13:02:12.0819 3312 umbus - ok
13:02:12.0832 3312 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:02:12.0846 3312 UmPass - ok
13:02:12.0875 3312 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
13:02:12.0904 3312 UmRdpService - ok
13:02:12.0933 3312 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:02:12.0987 3312 upnphost - ok
13:02:13.0020 3312 upperdev (7168819f30fe9622284ea19bde7f8ab4) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
13:02:13.0049 3312 upperdev - ok
13:02:13.0077 3312 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:02:13.0117 3312 usbccgp - ok
13:02:13.0139 3312 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:02:13.0156 3312 usbcir - ok
13:02:13.0174 3312 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:02:13.0205 3312 usbehci - ok
13:02:13.0256 3312 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:02:13.0290 3312 usbhub - ok
13:02:13.0307 3312 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
13:02:13.0322 3312 usbohci - ok
13:02:13.0341 3312 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:02:13.0355 3312 usbprint - ok
13:02:13.0372 3312 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:02:13.0390 3312 usbscan - ok
13:02:13.0414 3312 usbser (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
13:02:13.0436 3312 usbser - ok
13:02:13.0450 3312 UsbserFilt (66c25cb20b2974e0c0cfdab49fb72a02) C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
13:02:13.0495 3312 UsbserFilt - ok
13:02:13.0518 3312 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:02:13.0544 3312 USBSTOR - ok
13:02:13.0568 3312 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
13:02:13.0579 3312 usbuhci - ok
13:02:13.0610 3312 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
13:02:13.0627 3312 usb_rndisx - ok
13:02:13.0648 3312 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:02:13.0691 3312 UxSms - ok
13:02:13.0743 3312 UxTuneUp (594df74ec1411592585d8fe8165d0816) C:\Windows\System32\uxtuneup.dll
13:02:13.0751 3312 UxTuneUp - ok
13:02:13.0789 3312 V0330VID (102f170cf0f5304acf7fb663b7adb5e0) C:\Windows\system32\DRIVERS\V0330Vid.sys
13:02:13.0819 3312 V0330VID - ok
13:02:13.0846 3312 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:02:13.0859 3312 VaultSvc - ok
13:02:13.0893 3312 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:02:13.0903 3312 vdrvroot - ok
13:02:13.0946 3312 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:02:14.0015 3312 vds - ok
13:02:14.0034 3312 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:02:14.0048 3312 vga - ok
13:02:14.0058 3312 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:02:14.0110 3312 VgaSave - ok
13:02:14.0143 3312 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:02:14.0164 3312 vhdmp - ok
13:02:14.0173 3312 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:02:14.0183 3312 viaide - ok
13:02:14.0195 3312 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
13:02:14.0219 3312 vmbus - ok
13:02:14.0242 3312 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:02:14.0280 3312 VMBusHID - ok
13:02:14.0287 3312 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:02:14.0307 3312 volmgr - ok
13:02:14.0333 3312 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:02:14.0347 3312 volmgrx - ok
13:02:14.0368 3312 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:02:14.0384 3312 volsnap - ok
13:02:14.0398 3312 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:02:14.0409 3312 vsmraid - ok
13:02:14.0479 3312 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:02:14.0564 3312 VSS - ok
13:02:14.0630 3312 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:02:14.0654 3312 vwifibus - ok
13:02:14.0693 3312 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:02:14.0754 3312 W32Time - ok
13:02:14.0787 3312 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:02:14.0816 3312 WacomPen - ok
13:02:14.0867 3312 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:02:14.0929 3312 WANARP - ok
13:02:14.0933 3312 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:02:14.0997 3312 Wanarpv6 - ok
13:02:15.0073 3312 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:02:15.0115 3312 wbengine - ok
13:02:15.0170 3312 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:02:15.0201 3312 WbioSrvc - ok
13:02:15.0242 3312 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
13:02:15.0259 3312 WcesComm - ok
13:02:15.0288 3312 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:02:15.0312 3312 wcncsvc - ok
13:02:15.0327 3312 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:02:15.0353 3312 WcsPlugInService - ok
13:02:15.0379 3312 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:02:15.0390 3312 Wd - ok
13:02:15.0423 3312 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:02:15.0450 3312 Wdf01000 - ok
13:02:15.0464 3312 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:02:15.0505 3312 WdiServiceHost - ok
13:02:15.0509 3312 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:02:15.0539 3312 WdiSystemHost - ok
13:02:15.0577 3312 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:02:15.0616 3312 WebClient - ok
13:02:15.0650 3312 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:02:15.0702 3312 Wecsvc - ok
13:02:15.0722 3312 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:02:15.0787 3312 wercplsupport - ok
13:02:15.0800 3312 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:02:15.0850 3312 WerSvc - ok
13:02:15.0865 3312 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:02:15.0911 3312 WfpLwf - ok
13:02:15.0920 3312 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:02:15.0931 3312 WIMMount - ok
13:02:15.0950 3312 WinDefend - ok
13:02:15.0969 3312 WinHttpAutoProxySvc - ok
13:02:16.0014 3312 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:02:16.0086 3312 Winmgmt - ok
13:02:16.0175 3312 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:02:16.0252 3312 WinRM - ok
13:02:16.0338 3312 WINUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.SYS
13:02:16.0364 3312 WINUSB - ok
13:02:16.0414 3312 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:02:16.0464 3312 Wlansvc - ok
13:02:16.0483 3312 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:02:16.0511 3312 WmiAcpi - ok
13:02:16.0550 3312 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:02:16.0590 3312 wmiApSrv - ok
13:02:16.0617 3312 WMPNetworkSvc - ok
13:02:16.0638 3312 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:02:16.0655 3312 WPCSvc - ok
13:02:16.0680 3312 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:02:16.0715 3312 WPDBusEnum - ok
13:02:16.0734 3312 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:02:16.0777 3312 ws2ifsl - ok
13:02:16.0800 3312 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
13:02:16.0835 3312 wscsvc - ok
13:02:16.0839 3312 WSearch - ok
13:02:16.0947 3312 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:02:17.0075 3312 wuauserv - ok
13:02:17.0146 3312 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:02:17.0207 3312 WudfPf - ok
13:02:17.0236 3312 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:02:17.0302 3312 WUDFRd - ok
13:02:17.0337 3312 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:02:17.0392 3312 wudfsvc - ok
13:02:17.0427 3312 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:02:17.0487 3312 WwanSvc - ok
13:02:17.0528 3312 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:02:17.0706 3312 \Device\Harddisk0\DR0 - ok
13:02:17.0708 3312 Boot (0x1200) (fcf9bb6a767bdf8c50c7ce20f528edfa) \Device\Harddisk0\DR0\Partition0
13:02:17.0709 3312 \Device\Harddisk0\DR0\Partition0 - ok
13:02:17.0724 3312 Boot (0x1200) (e17768d03d1d4f86f64e744d094017a7) \Device\Harddisk0\DR0\Partition1
13:02:17.0725 3312 \Device\Harddisk0\DR0\Partition1 - ok
13:02:17.0726 3312 ============================================================
13:02:17.0726 3312 Scan finished
13:02:17.0726 3312 ============================================================
13:02:17.0743 3300 Detected object count: 2
13:02:17.0743 3300 Actual detected object count: 2
13:03:07.0702 3300 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:07.0702 3300 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:03:07.0702 3300 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
13:03:07.0702 3300 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
[/code]

Alt 01.06.2012, 14:17   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner,Auswertung von Log OTL - Standard

BKA Trojaner,Auswertung von Log OTL



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.06.2012, 20:15   #15
MK-13
 
BKA Trojaner,Auswertung von Log OTL - Standard

BKA Trojaner,Auswertung von Log OTL



hi,so hier der log.Was nun der BKA Trojaner?

und dann noch die meldung(bild)?
gruss




Code:
ATTFilter
ComboFix 12-06-01.02 - mk-13 01.06.2012  20:56:57.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2047.1180 [GMT 2:00]
ausgeführt von:: c:\users\mk-13\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-01 bis 2012-06-01  ))))))))))))))))))))))))))))))
.
.
2012-06-01 19:04 . 2012-06-01 19:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-01 10:49 . 2012-05-14 23:41	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{91707E59-29C4-4A77-B469-A9B773DBE7E8}\mpengine.dll
2012-05-31 20:29 . 2012-05-31 20:29	--------	d-----w-	C:\_OTL
2012-05-29 18:41 . 2012-05-29 18:41	--------	d-----w-	c:\program files (x86)\ESET
2012-05-27 13:08 . 2003-02-02 17:06	153088	----a-w-	c:\windows\SysWow64\UNRAR3.dll
2012-05-27 13:08 . 2002-03-05 22:00	75264	----a-w-	c:\windows\SysWow64\unacev2.dll
2012-05-27 13:08 . 2012-05-27 13:08	--------	d-----w-	c:\program files (x86)\Trojan Remover
2012-05-27 13:08 . 2012-05-27 13:08	--------	d-----w-	c:\users\mk-13\AppData\Roaming\Simply Super Software
2012-05-27 13:08 . 2012-05-27 13:08	--------	d-----w-	c:\programdata\Simply Super Software
2012-05-20 06:45 . 2004-04-18 21:42	733184	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-05-20 06:45 . 2004-04-18 21:40	69715	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-05-20 06:45 . 2004-04-18 21:39	266240	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-05-20 06:45 . 2004-04-18 21:39	172032	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-05-20 06:45 . 2004-04-18 21:39	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-05-20 06:45 . 2012-05-20 06:45	303236	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2012-05-20 06:45 . 2012-05-20 06:45	180356	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-05-10 04:07 . 2012-03-03 06:35	1544704	----a-w-	c:\windows\system32\DWrite.dll
2012-05-10 04:07 . 2012-03-03 05:31	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-05-10 04:07 . 2012-03-31 06:05	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-10 04:07 . 2012-03-31 03:10	3146240	----a-w-	c:\windows\system32\win32k.sys
2012-05-10 04:07 . 2012-03-31 04:39	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-10 04:07 . 2012-03-31 04:39	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-10 04:07 . 2012-03-17 07:58	75120	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-05-10 04:07 . 2012-03-30 11:35	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-05-10 04:07 . 2012-03-31 05:40	1367552	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-10 04:07 . 2012-03-31 04:29	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-16 18:51 . 2011-10-28 19:18	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-04-04 13:56 . 2012-04-09 22:29	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-11 19:13 . 2012-03-11 19:13	41200	----a-w-	c:\windows\system32\cmdcsr.dll
2012-03-07 08:56 . 2012-03-07 08:56	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2012-03-07 08:56 . 2012-03-07 08:56	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2012-03-07 08:02 . 2012-03-05 21:48	50552	----a-w-	c:\windows\system32\drivers\GDBehave.sys
2012-03-07 08:02 . 2012-03-05 21:48	111992	----a-w-	c:\windows\system32\drivers\MiniIcpt.sys
2012-03-07 08:02 . 2012-03-05 21:48	65912	----a-w-	c:\windows\system32\drivers\gdwfpcd64.sys
2012-03-07 07:51 . 2011-07-23 08:38	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-07 07:44 . 2012-03-07 07:44	525544	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-05 22:04 . 2012-03-05 22:04	106648	----a-w-	c:\windows\system32\drivers\GRD.sys
2012-03-05 21:49 . 2012-03-05 21:49	59256	----a-w-	c:\windows\system32\drivers\PktIcpt.sys
2006-05-03 10:06	163328	--sh--r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AsioThk32Reg"="CTASIO.DLL" [2007-04-09 80896]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-29 32768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-01-23 1238800]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-03-07 296056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Power Manager"="c:\program files (x86)\Gembird\Power Manager\pm.exe" -winstartup
"CTxfiHlp"=CTXFIHLP.EXE
"NokiaMServer"=c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]
R3 SaiH0255;SaiH0255;c:\windows\system32\DRIVERS\SaiH0255.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot64.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-14 361984]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-08 2028864]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 GETNDIS;VIA Velocity-Familie-Gigabit-Ethernet-Adaptertreiber;c:\windows\system32\DRIVERS\getn62a.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
S3 V0330VID;WebCam Vista/Live! Cam Chat VF0330;c:\windows\system32\DRIVERS\V0330Vid.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"combofix"="c:\combofix\CF10177.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Alles mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Free YouTube to Mp3 Converter - c:\users\mk-13\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Videos mit FDM herunterladen - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
TCP: DhcpNameServer = 82.144.41.8 82.145.9.8
TCP: Interfaces\{46BA4379-16EF-49BC-97B3-4731536627D7}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\mk-13\AppData\Roaming\Mozilla\Firefox\Profiles\68rg2x0i.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1C58C548-120C-1FC0-8D7A-D4BFE78398C8}*]
"paiocamcaicliimbkbdmcpccechmgkeg"=hex:6b,61,63,61,64,65,61,6c,68,66,70,68,61,
   6d,6e,6b,6f,68,62,6b,6f,69,00,77
"abomicdkdejjcdlknofmcaedmcaacjkein"=hex:6b,61,63,61,64,65,61,6c,68,66,70,68,
   61,6d,6e,6b,6f,68,62,6b,6f,69,00,00
"abomicdkdejjcdlknofmcaedmcaacjkehn"=hex:6b,61,63,61,64,65,61,6c,68,66,70,68,
   61,6d,6e,6b,6f,68,62,6b,6f,69,00,00
"paiocamcaicliimbkbdmcpccechmgkdg"=hex:6b,61,63,61,64,65,61,6c,68,66,70,68,61,
   6d,6e,6b,6f,68,62,6b,6f,69,00,77
.
[HKEY_USERS\S-1-5-21-510965291-3660956245-2123504699-1001\Software\SecuROM\License information*]
"datasecu"=hex:ef,a7,ed,96,d0,75,99,bd,25,77,dc,53,01,f8,e4,49,27,9c,7b,42,60,
   7a,4e,11,91,37,a2,04,f9,57,1c,3c,0e,3d,83,1e,f9,d6,ee,0b,a4,d0,5a,14,0e,df,\
"rkeysecu"=hex:f2,eb,21,cd,d0,e4,bf,9b,b0,a3,a3,ca,d0,82,91,a1
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-01  21:09:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-01 19:09
.
Vor Suchlauf: 13 Verzeichnis(se), 28.970.176.512 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 28.391.260.160 Bytes frei
.
- - End Of File - - 639EF1A6122210F0D6DD8D504EA51E40
         
Miniaturansicht angehängter Grafiken
BKA Trojaner,Auswertung von Log OTL-.jpg  

Geändert von MK-13 (01.06.2012 um 20:35 Uhr)

Antwort

Themen zu BKA Trojaner,Auswertung von Log OTL
anwendung, bildschirm, brenner, comodo, defekt, euro, fehler, gesperrt, hängen, internet, kaspersky, locker, log, mahnung, mail, malware, nicht mehr, nicht sicher, prblem, prüfen, rechner, rescue cd, screen, security, seite, starten, system, trojaner, usb, windowsunlocker, zip-datei, öffnen




Ähnliche Themen: BKA Trojaner,Auswertung von Log OTL


  1. GVU Trojaner, OTL.txt, OTL Auswertung
    Log-Analyse und Auswertung - 24.02.2013 (2)
  2. GVU Trojaner, OTL.txt, OTL Auswertung
    Plagegeister aller Art und deren Bekämpfung - 25.01.2013 (2)
  3. Trojaner LOG - Auswertung
    Log-Analyse und Auswertung - 03.11.2012 (1)
  4. GVU-Trojaner Logfiles Auswertung
    Log-Analyse und Auswertung - 30.07.2012 (4)
  5. GVU/BKA Trojaner OTL.log zur Auswertung
    Log-Analyse und Auswertung - 04.07.2012 (3)
  6. OTL Auswertung nach Hijackthis Online-Auswertung
    Log-Analyse und Auswertung - 11.11.2011 (3)
  7. BKA-Trojaner - Auswertung
    Plagegeister aller Art und deren Bekämpfung - 07.09.2011 (42)
  8. BKA Trojaner brauche LOG Auswertung
    Log-Analyse und Auswertung - 29.08.2011 (17)
  9. BKA-Trojaner Log-Auswertung
    Log-Analyse und Auswertung - 19.08.2011 (1)
  10. BKA-Trojaner LOG-AUswertung
    Log-Analyse und Auswertung - 11.08.2011 (11)
  11. BKA Trojaner - Auswertung der Logdatei
    Log-Analyse und Auswertung - 27.07.2011 (1)
  12. Auswertung BKA/Trojaner
    Log-Analyse und Auswertung - 19.06.2011 (8)
  13. BKA-Trojaner otl.txt auswertung
    Log-Analyse und Auswertung - 24.05.2011 (4)
  14. Auswertung Trojaner ?!
    Log-Analyse und Auswertung - 24.08.2008 (3)
  15. Trojaner auswertung gebeten !??
    Log-Analyse und Auswertung - 30.12.2007 (0)
  16. Trojaner? Bitte um auswertung
    Log-Analyse und Auswertung - 28.12.2007 (0)
  17. Log 'Auswertung, Trojaner? Problem
    Log-Analyse und Auswertung - 25.08.2006 (4)

Zum Thema BKA Trojaner,Auswertung von Log OTL - HI und Gruss an alle.Ich habe mich hier angemeldet,da ich jetzt nicht weiterkomme.Mein Prblem: vor 3 Tagen habe ich eine Mail erhalten in der wurde ich angeblich Elite-Mitglied (wo weiss - BKA Trojaner,Auswertung von Log OTL...
Archiv
Du betrachtest: BKA Trojaner,Auswertung von Log OTL auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.