Bundespolizei Ihr Computer wurde gesterrt - Entsperren Sie mit Ukash

cosinus · 28.09.2012, 14:50

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Mineor · 28.09.2012, 16:12

Hallo cosinus ,

hier das neue OTL Log-File

Code:

ATTFilter

OTL logfile created on: 28.09.2012 16:48:36 - Run 2
OTL by OldTimer - Version 3.2.68.0     Folder = C:\Users\Mineor\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 84,13% Memory free
6,69 Gb Paging File | 6,39 Gb Available in Paging File | 95,51% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,28 Gb Total Space | 78,06 Gb Free Space | 66,56% Space Free | Partition Type: NTFS
Drive D: | 83,01 Gb Total Space | 37,42 Gb Free Space | 45,08% Space Free | Partition Type: NTFS
Drive E: | 32,59 Gb Total Space | 6,53 Gb Free Space | 20,05% Space Free | Partition Type: NTFS
 
Computer Name: MINEOR-PC | User Name: Mineor | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.26 01:00:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mineor\Desktop\OTL.exe
PRC - [2009.11.22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 00:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.16 07:45:07 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.14 02:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.27 09:25:06 | 001,326,176 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012.06.27 09:25:04 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.05.08 19:00:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 19:00:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.05.25 05:03:26 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.01.29 23:17:14 | 000,292,944 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.11.22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009.04.11 00:28:18 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008.04.22 18:23:02 | 000,098,488 | ---- | M] (SiSoftware) [Auto | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 00:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 00:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.07.31 16:33:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007.07.31 16:29:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PdiPorts.sys -- (PdiPorts)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\amdiox86.sys -- (amdiox86)
DRV - [2012.05.08 19:00:10 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 19:00:10 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.05.06 23:17:44 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012.05.06 23:17:44 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.12.16 16:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2011.09.16 17:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011.07.29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011.05.25 06:25:48 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.05.25 06:25:48 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.05.25 04:25:20 | 000,245,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.12.02 05:34:32 | 000,052,096 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2010.06.17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.09 14:19:21 | 000,279,712 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.06.09 14:19:21 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.11.22 16:44:20 | 000,446,664 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009.11.10 13:55:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.11.10 13:55:24 | 000,079,504 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009.11.10 13:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.11.10 13:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.11.10 13:54:04 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009.11.10 13:53:56 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009.09.29 09:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009.09.29 09:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009.09.29 09:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009.04.10 22:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.02.20 07:17:50 | 000,095,760 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.01.13 19:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009.01.13 19:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009.01.13 19:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009.01.13 19:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008.12.20 02:08:28 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008.11.19 18:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.11.19 18:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.11.19 18:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008.10.29 17:29:54 | 000,043,520 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008.03.10 19:30:36 | 000,021,408 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008.02.22 15:54:52 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2007.07.31 16:29:04 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006.11.15 16:24:54 | 000,048,128 | ---- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atl01v32.sys -- (AtcL001)
DRV - [2006.10.18 07:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.daemonsearch.com/intl/
IE - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6
FF - prefs.js..extensions.enabledItems: {fd048119-78ee-487f-8fb1-1668d3a6859b}:2.6.1
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mineor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.23 06:35:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.21 14:51:02 | 000,000,000 | ---D | M]
 
[2008.10.12 15:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Extensions
[2012.09.25 23:38:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions
[2011.02.07 23:54:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.06 13:16:06 | 000,000,000 | ---D | M] ("PsicoTSI") -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}
[2008.06.24 15:46:07 | 000,000,000 | ---D | M] ("SkillRaise Tool") -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{90ab4b7a-dfc8-420b-a205-eae16593e719}
[2012.09.25 23:38:00 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2011.10.20 21:54:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.07.24 08:11:44 | 000,000,000 | ---D | M] (Alltid Hattrick Statistics) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{fd048119-78ee-487f-8fb1-1668d3a6859b}
[2009.04.21 20:46:58 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\moveplayer@movenetworks.com
[2011.09.07 00:01:50 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
[2012.07.23 06:35:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.03 21:39:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.21 14:51:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech CallCentral] C:\Program Files\Logitech\CallCentral\CallCentral.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000..\Run: [fekoklhqhdukcyv] C:\ProgramData\fekoklhq.exe ()
O4 - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000..\Run: [PlayNC Launcher]  File not found
O4 - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mineor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mineor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://E:\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - d:\ICQ7M\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - d:\ICQ7M\ICQ.exe File not found
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000\..Trusted Domains: blank ([]about in Computer)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F85BDFF-5784-407C-AF42-95A442EFB587}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mineor\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mineor\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2782d385-b8c3-11de-9f75-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{2782d385-b8c3-11de-9f75-001d602f414c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{385f6d89-e74d-11df-bce8-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{385f6d89-e74d-11df-bce8-001d602f414c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{42406e2c-1a27-11e0-b805-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{6701f21f-add3-11dd-bb59-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{6bd826ca-a2a2-11dd-82d6-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{6bd826ca-a2a2-11dd-82d6-001d602f414c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{7cdbbc66-3e5b-11e0-8616-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{7cdbbc66-3e5b-11e0-8616-001d602f414c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{beefae9f-1bfb-11df-8baf-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{beefae9f-1bfb-11df-8baf-001d602f414c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\cdstart.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe - (McAfee, Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: Start WingMan Profiler - hkey= - key= - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
MsConfig - StartUpReg: Steam - hkey= - key= - d:\steam\steam.exe (Valve Corporation)
MsConfig - StartUpReg: Windows Mobile-based device management - hkey= - key= - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vsmon - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.IV32 - C:\Windows\System32\ir32.dll ()
Drivers32: vidc.IV45 - C:\Windows\System32\ir41_qc.dll (Intel Corporation.)
Drivers32: VIDC.WMV3 - C:\Windows\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.27 14:37:14 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Mineor\Desktop\esetsmartinstaller_enu.exe
[2012.09.27 14:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.26 14:57:37 | 000,100,864 | ---- | C] (GMER) -- C:\ufdiypow.sys
[2012.09.26 01:00:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mineor\Desktop\OTL.exe
[2012.09.25 23:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ateisktyhgbvliw
[2012.09.25 10:40:03 | 000,000,000 | ---D | C] -- C:\Users\Mineor\AppData\Local\DOSBox
[2012.09.24 23:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warplanes
[2012.09.06 16:42:52 | 000,000,000 | ---D | C] -- C:\Users\Mineor\Documents\IAmAlive
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.28 14:13:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.28 14:08:29 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 14:08:29 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 13:20:32 | 000,349,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.27 18:25:32 | 000,513,501 | ---- | M] () -- C:\Users\Mineor\Desktop\adwcleaner.exe
[2012.09.27 17:45:05 | 000,001,356 | ---- | M] () -- C:\Users\Mineor\AppData\Local\d3d9caps.dat
[2012.09.27 14:35:53 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Mineor\Desktop\esetsmartinstaller_enu.exe
[2012.09.26 14:57:37 | 000,100,864 | ---- | M] (GMER) -- C:\ufdiypow.sys
[2012.09.26 14:53:10 | 000,000,160 | ---- | M] () -- C:\Users\Mineor\defogger_reenable
[2012.09.26 10:10:07 | 000,162,304 | ---- | M] () -- C:\Users\Mineor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.26 01:00:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mineor\Desktop\OTL.exe
[2012.09.26 00:07:32 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.25 23:44:30 | 000,076,346 | ---- | M] () -- C:\ProgramData\hjabjdlnztwiqna
[2012.09.25 23:44:24 | 000,088,064 | ---- | M] () -- C:\ProgramData\fekoklhq.exe
[2012.09.25 10:39:57 | 000,000,024 | ---- | M] () -- C:\Windows\.conf
[2012.09.24 23:20:41 | 000,000,564 | ---- | M] () -- C:\Users\Public\Desktop\World of Warplanes.lnk
[2012.09.21 21:39:08 | 000,731,246 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.21 21:39:08 | 000,681,400 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.21 21:39:08 | 000,164,970 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.21 21:39:08 | 000,135,734 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.06 16:41:59 | 000,000,702 | ---- | M] () -- C:\Users\Mineor\Desktop\IAmAlive_game - Verknüpfung.lnk
[2012.09.02 18:31:44 | 000,002,175 | ---- | M] () -- C:\Users\Mineor\Desktop\WOT Statistics.lnk
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.27 18:25:32 | 000,513,501 | ---- | C] () -- C:\Users\Mineor\Desktop\adwcleaner.exe
[2012.09.26 14:52:58 | 000,000,160 | ---- | C] () -- C:\Users\Mineor\defogger_reenable
[2012.09.26 00:07:32 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.25 23:44:29 | 000,088,064 | ---- | C] () -- C:\ProgramData\fekoklhq.exe
[2012.09.25 23:44:25 | 000,076,346 | ---- | C] () -- C:\ProgramData\hjabjdlnztwiqna
[2012.09.25 10:39:56 | 000,000,024 | ---- | C] () -- C:\Windows\.conf
[2012.09.24 23:20:41 | 000,000,564 | ---- | C] () -- C:\Users\Public\Desktop\World of Warplanes.lnk
[2012.09.06 16:41:59 | 000,000,702 | ---- | C] () -- C:\Users\Mineor\Desktop\IAmAlive_game - Verknüpfung.lnk
[2012.03.15 11:14:28 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.02.23 21:16:22 | 001,236,992 | ---- | C] () -- C:\Windows\System32\spk.dll
[2011.10.06 22:30:48 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.08.22 16:22:17 | 002,469,248 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011.08.22 16:22:17 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011.08.22 16:22:17 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011.08.22 16:22:17 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011.08.22 16:22:17 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011.07.23 20:41:26 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2011.07.23 20:41:26 | 000,001,320 | ---- | C] () -- C:\Windows\unins000.dat
[2011.07.13 22:07:54 | 000,022,252 | ---- | C] () -- C:\Users\Mineor\ESt2010_Harms_Arne_und_Harms_Stefanie.elfo
[2011.06.03 21:40:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.25 04:24:16 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.04.20 18:30:06 | 000,233,765 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.01.08 22:04:36 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.10.05 01:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys
[2009.12.02 13:33:06 | 000,000,760 | ---- | C] () -- C:\Users\Mineor\AppData\Roaming\setup_ldm.iss
[2008.12.19 00:22:20 | 000,000,442 | ---- | C] () -- C:\Users\Mineor\AppData\Roaming\mdbu.bin
[2008.06.17 16:26:32 | 000,000,020 | ---- | C] () -- C:\Users\Mineor\AppData\Roaming\AVSDVDPlayer.m3u
[2008.06.01 23:55:48 | 007,118,848 | ---- | C] () -- C:\ProgramData\sandra.mda
[2007.12.19 13:59:38 | 000,000,094 | ---- | C] () -- C:\Users\Mineor\AppData\Local\fusioncache.dat
[2007.12.15 22:33:46 | 000,000,010 | ---- | C] () -- C:\Users\Mineor\ho.dir
[2007.12.15 22:31:23 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.12.15 21:57:07 | 000,162,304 | ---- | C] () -- C:\Users\Mineor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.15 21:13:45 | 000,139,152 | ---- | C] () -- C:\Users\Mineor\AppData\Roaming\PnkBstrK.sys
[2007.12.15 18:44:38 | 000,001,356 | ---- | C] () -- C:\Users\Mineor\AppData\Local\d3d9caps.dat
[2005.04.08 04:16:43 | 000,092,573 | -H-- | C] () -- C:\Users\Mineor\AppData\Roaming\Mineorlog.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.10.28 23:29:51 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\4113C8D3B5AFC42F58618C8B41F8027C
[2008.12.01 12:11:58 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Acreon
[2009.11.19 17:17:09 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Advanced Chemistry Development
[2011.10.15 08:53:17 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Ashampoo
[2012.01.23 09:41:24 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Auslogics
[2010.11.26 21:00:25 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\calibre
[2012.07.11 18:02:02 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Canneverbe Limited
[2011.08.12 16:48:25 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Code Force Limited
[2008.02.28 13:31:03 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\CommunicaEtor
[2010.03.02 21:00:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Der Planer 4
[2010.10.28 15:19:51 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DisplayTune
[2011.10.22 09:27:17 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Dropbox
[2012.07.26 19:57:14 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DVDVideoSoft
[2011.10.20 21:54:25 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.12.24 18:10:13 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Echidna LLC
[2012.07.20 11:01:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\EoN
[2009.06.21 14:30:58 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FFSJ
[2010.04.21 22:45:37 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FileZilla
[2012.06.21 15:43:18 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FLAC to MP3 Converter
[2012.06.02 16:07:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\fotw
[2012.03.27 15:12:40 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Foxit Software
[2012.07.12 17:55:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Free Download Manager
[2010.08.30 10:29:02 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FreeOrion
[2011.07.03 00:03:40 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\GetRightToGo
[2008.06.27 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant
[2011.09.04 13:39:56 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\GrabIt
[2012.06.13 07:31:40 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ICQ
[2010.07.16 12:31:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Imperium Romanum
[2012.06.02 11:40:57 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Kalypso Media
[2009.12.02 13:33:10 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Leadertech
[2011.01.08 00:44:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ML
[2008.06.17 16:32:29 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\MPEG Streamclip
[2010.02.28 14:26:37 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\MudTV
[2009.10.25 18:21:01 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\NationRed
[2008.03.08 13:56:52 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Newsbin
[2009.10.08 16:45:29 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\OpenOffice.org
[2010.09.01 08:46:02 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ProtectDISC
[2009.01.25 19:47:21 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Silver Style Entertainment
[2012.06.14 13:10:39 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\six-updater
[2012.06.14 13:10:20 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\six-zsync
[2012.06.02 11:43:28 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\SKD
[2008.02.24 20:11:01 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Soldat
[2010.05.14 12:14:17 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Sony
[2010.05.14 12:06:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Sony Setup
[2008.10.20 12:27:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Stardock
[2009.07.10 14:08:23 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\streamripper
[2012.04.03 19:33:42 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\The Creative Assembly
[2009.02.08 12:36:38 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Tobit
[2012.01.26 08:47:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\TS3Client
[2011.09.28 08:48:33 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ts3overlay
[2007.12.19 14:48:50 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Turbine
[2012.07.18 07:57:41 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Unity
[2011.09.06 23:24:16 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Unzbin
[2012.09.24 23:21:47 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\wargaming.net
[2012.08.11 12:00:55 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\WOT Statistics
[2012.04.29 09:36:43 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\XMedia Recode
[2011.08.12 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ZombieDriver
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.10.28 23:29:51 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\4113C8D3B5AFC42F58618C8B41F8027C
[2008.12.01 12:11:58 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Acreon
[2010.09.03 11:59:43 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Adobe
[2009.11.19 17:17:09 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Advanced Chemistry Development
[2011.10.15 08:53:17 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Ashampoo
[2007.12.15 19:09:41 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ATI
[2012.01.23 09:41:24 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Auslogics
[2012.02.16 07:44:13 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Avira
[2009.10.17 21:20:06 | 000,000,000 | R--D | M] -- C:\Users\Mineor\AppData\Roaming\Brother
[2010.11.26 21:00:25 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\calibre
[2012.07.11 18:02:02 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Canneverbe Limited
[2011.08.12 16:48:25 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Code Force Limited
[2008.02.28 13:31:03 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\CommunicaEtor
[2010.03.02 21:00:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Der Planer 4
[2010.10.28 15:19:51 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DisplayTune
[2010.06.09 15:01:50 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DivX
[2011.10.22 09:27:17 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Dropbox
[2012.07.19 14:43:18 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\dvdcss
[2012.07.26 19:57:14 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DVDVideoSoft
[2011.10.20 21:54:25 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.12.24 18:10:13 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Echidna LLC
[2012.07.20 11:01:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\EoN
[2009.06.21 14:30:58 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FFSJ
[2010.04.21 22:45:37 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FileZilla
[2012.06.21 15:43:18 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FLAC to MP3 Converter
[2012.06.02 16:07:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\fotw
[2012.03.27 15:12:40 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Foxit Software
[2012.07.12 17:55:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Free Download Manager
[2010.08.30 10:29:02 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FreeOrion
[2011.07.03 00:03:40 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\GetRightToGo
[2008.06.27 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant
[2011.09.04 13:39:56 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\GrabIt
[2012.06.13 07:31:40 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ICQ
[2007.12.15 18:44:41 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Identities
[2010.07.16 12:31:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Imperium Romanum
[2008.01.30 19:54:07 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\InstallShield
[2012.06.02 11:40:57 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Kalypso Media
[2009.12.02 13:33:10 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Leadertech
[2010.02.27 12:07:53 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Logishrd
[2010.02.27 12:07:45 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Logitech
[2007.12.15 21:02:26 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Macromedia
[2010.10.28 21:34:24 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Media Center Programs
[2012.09.07 11:37:34 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Media Player Classic
[2012.07.24 00:10:40 | 000,000,000 | --SD | M] -- C:\Users\Mineor\AppData\Roaming\Microsoft
[2011.01.08 00:44:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ML
[2009.08.21 17:04:28 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Mozilla
[2008.06.17 16:32:29 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\MPEG Streamclip
[2010.02.28 14:26:37 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\MudTV
[2009.10.25 18:21:01 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\NationRed
[2010.04.24 10:25:26 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Nero
[2008.03.08 13:56:52 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Newsbin
[2009.10.08 16:45:29 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\OpenOffice.org
[2010.09.01 08:46:02 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ProtectDISC
[2011.10.25 23:08:26 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Real
[2008.06.04 13:42:50 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\SecuROM
[2009.01.25 19:47:21 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Silver Style Entertainment
[2012.06.14 13:10:39 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\six-updater
[2012.06.14 13:10:20 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\six-zsync
[2012.06.02 11:43:28 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\SKD
[2011.06.04 11:35:20 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Skype
[2011.06.04 09:00:32 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\skypePM
[2008.02.24 20:11:01 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Soldat
[2010.05.14 12:14:17 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Sony
[2010.05.14 12:06:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Sony Setup
[2008.10.20 12:27:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Stardock
[2009.07.10 14:08:23 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\streamripper
[2012.04.03 19:33:42 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\The Creative Assembly
[2009.02.08 12:36:38 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Tobit
[2012.01.26 08:47:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\TS3Client
[2011.09.28 08:48:33 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ts3overlay
[2007.12.19 14:48:50 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Turbine
[2008.10.25 23:19:12 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\U3
[2012.07.18 07:57:41 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Unity
[2011.09.06 23:24:16 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Unzbin
[2012.09.25 01:29:39 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\vlc
[2012.09.24 23:21:47 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\wargaming.net
[2012.01.26 08:47:15 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Winamp
[2007.12.16 15:13:57 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\WinRAR
[2012.08.11 12:00:55 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\WOT Statistics
[2012.04.29 09:36:43 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\XMedia Recode
[2011.08.12 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ZombieDriver
 
< %APPDATA%\*.exe /s >
[2008.12.01 12:11:59 | 000,272,384 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe
[2008.06.27 23:01:06 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\46859686-D5B7-453F-BA6C-F4E9CA783CD8\AutoRunCE.exe
[2008.06.27 23:01:06 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\46859686-D5B7-453F-BA6C-F4E9CA783CD8\1\module.exe
[2008.06.27 23:01:20 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\4F829640-0E36-4CFA-B0A3-3DD57268234F\AutoRunCE.exe
[2008.06.27 23:01:20 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\4F829640-0E36-4CFA-B0A3-3DD57268234F\1\module.exe
[2008.06.27 23:01:02 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\65BF9666-D4BC-4F6C-995A-D7ECE06F34E5\AutoRunCE.exe
[2008.06.27 23:01:03 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\65BF9666-D4BC-4F6C-995A-D7ECE06F34E5\1\module.exe
[2008.06.27 23:01:07 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\65F7AFE0-737A-4053-A7ED-293A14114651\AutoRunCE.exe
[2008.06.27 23:01:07 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\65F7AFE0-737A-4053-A7ED-293A14114651\1\module.exe
[2008.06.27 23:00:52 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\6E909346-9C25-48EB-8A62-F7FB64ECBAD6\AutoRunCE.exe
[2008.06.27 23:01:00 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\6E909346-9C25-48EB-8A62-F7FB64ECBAD6\1\module.exe
[2008.06.27 23:01:03 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\7C6FF0FF-ACDF-4141-8082-0243F750A97C\AutoRunCE.exe
[2008.06.27 23:01:04 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\7C6FF0FF-ACDF-4141-8082-0243F750A97C\1\module.exe
[2008.06.27 23:01:11 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\7E31553A-7972-4BD9-96F7-7CE87866824B\AutoRunCE.exe
[2008.06.27 23:01:11 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\7E31553A-7972-4BD9-96F7-7CE87866824B\1\module.exe
[2008.06.27 23:01:18 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\92C3EBB4-3BC3-49CF-98FF-9D343402D8B4\AutoRunCE.exe
[2008.06.27 23:01:18 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\92C3EBB4-3BC3-49CF-98FF-9D343402D8B4\1\module.exe
[2008.06.27 23:01:19 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\9DB18DF2-E457-4507-8AED-7D34C1FCDC69\AutoRunCE.exe
[2008.06.27 23:01:19 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\9DB18DF2-E457-4507-8AED-7D34C1FCDC69\1\module.exe
[2008.06.27 23:01:17 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A07EF20F-29A1-4ACB-87FB-6C8F34548D0B\AutoRunCE.exe
[2008.06.27 23:01:17 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A07EF20F-29A1-4ACB-87FB-6C8F34548D0B\1\module.exe
[2008.06.27 23:01:16 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A1B03B87-BFC7-4E88-8D28-A4DEA8D86C16\AutoRunCE.exe
[2008.06.27 23:01:16 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A1B03B87-BFC7-4E88-8D28-A4DEA8D86C16\1\module.exe
[2008.06.27 23:01:08 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A20374A9-F6DF-4F0E-A514-80AE11911E31\AutoRunCE.exe
[2008.06.27 23:01:08 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A20374A9-F6DF-4F0E-A514-80AE11911E31\1\module.exe
[2008.06.27 23:01:12 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A28001B0-4591-4047-BD75-9404B82CACA6\AutoRunCE.exe
[2008.06.27 23:01:12 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A28001B0-4591-4047-BD75-9404B82CACA6\1\module.exe
[2008.06.27 23:01:13 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A81F510F-804B-42C9-B642-FF2E093C7DF4\AutoRunCE.exe
[2008.06.27 23:01:13 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A81F510F-804B-42C9-B642-FF2E093C7DF4\1\module.exe
[2008.06.27 23:01:09 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\CE43E84F-E708-46B3-952D-1AE6FD1E33C8\AutoRunCE.exe
[2008.06.27 23:01:10 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\CE43E84F-E708-46B3-952D-1AE6FD1E33C8\1\module.exe
[2008.06.27 23:01:14 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\D91323F7-12A1-4806-B6D1-553CAF8D7E1E\AutoRunCE.exe
[2008.06.27 23:01:15 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\D91323F7-12A1-4806-B6D1-553CAF8D7E1E\1\module.exe
[2008.06.27 23:01:21 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\DF26D0D3-CF79-41C5-9EA8-8D4A437EC91C\AutoRunCE.exe
[2008.06.27 23:01:21 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\DF26D0D3-CF79-41C5-9EA8-8D4A437EC91C\1\module.exe
[2008.06.27 23:01:05 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\FF788CD6-18AC-4F45-B6EC-62D518406E3E\AutoRunCE.exe
[2008.06.27 23:01:05 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\FF788CD6-18AC-4F45-B6EC-62D518406E3E\1\module.exe
[2007.08.01 01:30:32 | 000,333,072 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Setup.exe
[2007.08.01 01:29:36 | 000,161,040 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Drivers\Bin\DelDev.exe
[2003.11.11 05:55:38 | 000,116,880 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Drivers\Bin\setup.exe
[2007.08.01 01:30:32 | 000,578,832 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Drivers\Bin\Shutdown.exe
[2008.01.16 02:09:10 | 000,045,056 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Drivers\Bin\SLAUNCH.EXE
[2008.01.16 02:09:10 | 000,050,712 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Drivers\Bin\StripInf.exe
[2007.08.01 01:30:54 | 000,107,792 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Drivers\Bin\Update.exe
[2007.08.01 01:32:48 | 000,333,072 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Elevated\Setup.exe
[2007.04.11 04:34:14 | 000,363,536 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Redist\LASU\LogitechUpdate.exe
[2007.04.11 04:34:26 | 000,345,104 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Redist\LASU\LogitechUpdate2.exe
[2007.04.11 04:40:24 | 000,067,600 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Redist\LASU\LULnchr.exe
[2007.08.01 01:29:26 | 000,574,736 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Setup\Setup.exe
[2005.06.03 03:02:26 | 002,645,013 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\techsupt\DS9Engine\DS9Engine.exe
[2010.09.03 11:59:06 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Mineor\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.05.14 12:51:12 | 001,925,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Mineor\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2010.05.14 12:09:55 | 000,010,134 | R--- | M] () -- C:\Users\Mineor\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
[2009.12.02 13:33:10 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Mineor\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.08.11 11:58:43 | 000,332,328 | R--- | M] () -- C:\Users\Mineor\AppData\Roaming\Microsoft\Installer\{9C6C0D2A-E2C0-4160-B139-5951A72EC80F}\_4756E675CB4D491DA4D80F.exe
[2012.08.11 11:58:43 | 000,332,328 | R--- | M] () -- C:\Users\Mineor\AppData\Roaming\Microsoft\Installer\{9C6C0D2A-E2C0-4160-B139-5951A72EC80F}\_853F67D554F05449430E7E.exe
[2012.08.11 11:58:43 | 000,332,328 | R--- | M] () -- C:\Users\Mineor\AppData\Roaming\Microsoft\Installer\{9C6C0D2A-E2C0-4160-B139-5951A72EC80F}\_A4A4C973BC9DFB57F2B7BC.exe
[2008.03.27 20:26:56 | 000,010,134 | R--- | M] () -- C:\Users\Mineor\AppData\Roaming\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Users\Mineor\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2007.10.24 05:56:19 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\SoftwareDistribution\Download\849b321448ad54f888bc4129bd98f62b\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.26 00:15:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.26 00:15:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2007.10.24 06:11:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\SoftwareDistribution\Download\849b321448ad54f888bc4129bd98f62b\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys
[2008.02.26 00:15:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.12.16 09:53:43 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2007.12.16 09:53:43 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

cosinus · 28.09.2012, 18:39

Warum hast du OTL nicht neu runtergeladen?

Mineor · 28.09.2012, 19:15

Ohh , habe ich überlesen

sorry !

Hier der neue Log

Code:

ATTFilter

OTL logfile created on: 28.09.2012 20:28:56 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mineor\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 77,88% Memory free
6,69 Gb Paging File | 6,29 Gb Available in Paging File | 93,98% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,28 Gb Total Space | 78,05 Gb Free Space | 66,55% Space Free | Partition Type: NTFS
Drive D: | 83,01 Gb Total Space | 37,42 Gb Free Space | 45,08% Space Free | Partition Type: NTFS
Drive E: | 32,59 Gb Total Space | 6,53 Gb Free Space | 20,05% Space Free | Partition Type: NTFS
 
Computer Name: MINEOR-PC | User Name: Mineor | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.28 20:18:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mineor\Desktop\OTL.exe
PRC - [2009.11.22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 00:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.09.20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2005.02.16 01:44:24 | 000,412,672 | ---- | M] () -- C:\Programme\WinUHA\shellwinuha.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.16 07:45:07 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.14 02:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.27 09:25:06 | 001,326,176 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012.06.27 09:25:04 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.05.08 19:00:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 19:00:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.05.25 05:03:26 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.01.29 23:17:14 | 000,292,944 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.11.22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009.04.11 00:28:18 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008.04.22 18:23:02 | 000,098,488 | ---- | M] (SiSoftware) [Auto | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 00:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 00:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.07.31 16:33:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007.07.31 16:29:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PdiPorts.sys -- (PdiPorts)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\amdiox86.sys -- (amdiox86)
DRV - [2012.05.08 19:00:10 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 19:00:10 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.05.06 23:17:44 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012.05.06 23:17:44 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.12.16 16:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2011.09.16 17:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011.07.29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011.05.25 06:25:48 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.05.25 06:25:48 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.05.25 04:25:20 | 000,245,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.12.02 05:34:32 | 000,052,096 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2010.06.17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.09 14:19:21 | 000,279,712 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.06.09 14:19:21 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.11.22 16:44:20 | 000,446,664 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2009.11.10 13:55:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.11.10 13:55:24 | 000,079,504 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009.11.10 13:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.11.10 13:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.11.10 13:54:04 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009.11.10 13:53:56 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009.09.29 09:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009.09.29 09:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009.09.29 09:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009.04.10 22:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.02.20 07:17:50 | 000,095,760 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.01.13 19:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009.01.13 19:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009.01.13 19:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009.01.13 19:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008.12.20 02:08:28 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008.11.19 18:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.11.19 18:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.11.19 18:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008.10.29 17:29:54 | 000,043,520 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008.03.10 19:30:36 | 000,021,408 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008.02.22 15:54:52 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2007.07.31 16:29:04 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006.11.15 16:24:54 | 000,048,128 | ---- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atl01v32.sys -- (AtcL001)
DRV - [2006.10.18 07:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.daemonsearch.com/intl/
IE - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6
FF - prefs.js..extensions.enabledItems: {fd048119-78ee-487f-8fb1-1668d3a6859b}:2.6.1
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mineor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.23 06:35:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.21 14:51:02 | 000,000,000 | ---D | M]
 
[2008.10.12 15:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Extensions
[2012.09.25 23:38:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions
[2011.02.07 23:54:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.06 13:16:06 | 000,000,000 | ---D | M] ("PsicoTSI") -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}
[2008.06.24 15:46:07 | 000,000,000 | ---D | M] ("SkillRaise Tool") -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{90ab4b7a-dfc8-420b-a205-eae16593e719}
[2012.09.25 23:38:00 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2011.10.20 21:54:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.07.24 08:11:44 | 000,000,000 | ---D | M] (Alltid Hattrick Statistics) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{fd048119-78ee-487f-8fb1-1668d3a6859b}
[2009.04.21 20:46:58 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\moveplayer@movenetworks.com
[2011.09.07 00:01:50 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
[2012.07.23 06:35:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.03 21:39:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.21 14:51:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech CallCentral] C:\Program Files\Logitech\CallCentral\CallCentral.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000..\Run: [fekoklhqhdukcyv] C:\ProgramData\fekoklhq.exe ()
O4 - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000..\Run: [PlayNC Launcher]  File not found
O4 - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mineor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mineor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://E:\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - d:\ICQ7M\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - d:\ICQ7M\ICQ.exe File not found
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000\..Trusted Domains: blank ([]about in Computer)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F85BDFF-5784-407C-AF42-95A442EFB587}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mineor\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mineor\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2782d385-b8c3-11de-9f75-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{2782d385-b8c3-11de-9f75-001d602f414c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{385f6d89-e74d-11df-bce8-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{385f6d89-e74d-11df-bce8-001d602f414c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{42406e2c-1a27-11e0-b805-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{6701f21f-add3-11dd-bb59-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{6bd826ca-a2a2-11dd-82d6-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{6bd826ca-a2a2-11dd-82d6-001d602f414c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{7cdbbc66-3e5b-11e0-8616-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{7cdbbc66-3e5b-11e0-8616-001d602f414c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{beefae9f-1bfb-11df-8baf-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{beefae9f-1bfb-11df-8baf-001d602f414c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\cdstart.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe - (McAfee, Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: Start WingMan Profiler - hkey= - key= - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
MsConfig - StartUpReg: Steam - hkey= - key= - d:\steam\steam.exe (Valve Corporation)
MsConfig - StartUpReg: Windows Mobile-based device management - hkey= - key= - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vsmon - C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.IV32 - C:\Windows\System32\ir32.dll ()
Drivers32: vidc.IV45 - C:\Windows\System32\ir41_qc.dll (Intel Corporation.)
Drivers32: VIDC.WMV3 - C:\Windows\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.28 20:18:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mineor\Desktop\OTL.exe
[2012.09.27 14:37:14 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Mineor\Desktop\esetsmartinstaller_enu.exe
[2012.09.27 14:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.26 14:57:37 | 000,100,864 | ---- | C] (GMER) -- C:\ufdiypow.sys
[2012.09.25 23:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ateisktyhgbvliw
[2012.09.25 10:40:03 | 000,000,000 | ---D | C] -- C:\Users\Mineor\AppData\Local\DOSBox
[2012.09.24 23:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warplanes
[2012.09.06 16:42:52 | 000,000,000 | ---D | C] -- C:\Users\Mineor\Documents\IAmAlive
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.28 20:18:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mineor\Desktop\OTL.exe
[2012.09.28 14:13:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.28 14:08:29 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 14:08:29 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 13:20:32 | 000,349,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.27 18:25:32 | 000,513,501 | ---- | M] () -- C:\Users\Mineor\Desktop\adwcleaner.exe
[2012.09.27 17:45:05 | 000,001,356 | ---- | M] () -- C:\Users\Mineor\AppData\Local\d3d9caps.dat
[2012.09.27 14:35:53 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Mineor\Desktop\esetsmartinstaller_enu.exe
[2012.09.26 14:57:37 | 000,100,864 | ---- | M] (GMER) -- C:\ufdiypow.sys
[2012.09.26 14:53:10 | 000,000,160 | ---- | M] () -- C:\Users\Mineor\defogger_reenable
[2012.09.26 10:10:07 | 000,162,304 | ---- | M] () -- C:\Users\Mineor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.26 00:07:32 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.25 23:44:30 | 000,076,346 | ---- | M] () -- C:\ProgramData\hjabjdlnztwiqna
[2012.09.25 23:44:24 | 000,088,064 | ---- | M] () -- C:\ProgramData\fekoklhq.exe
[2012.09.25 10:39:57 | 000,000,024 | ---- | M] () -- C:\Windows\.conf
[2012.09.24 23:20:41 | 000,000,564 | ---- | M] () -- C:\Users\Public\Desktop\World of Warplanes.lnk
[2012.09.21 21:39:08 | 000,731,246 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.21 21:39:08 | 000,681,400 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.21 21:39:08 | 000,164,970 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.21 21:39:08 | 000,135,734 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.06 16:41:59 | 000,000,702 | ---- | M] () -- C:\Users\Mineor\Desktop\IAmAlive_game - Verknüpfung.lnk
[2012.09.02 18:31:44 | 000,002,175 | ---- | M] () -- C:\Users\Mineor\Desktop\WOT Statistics.lnk
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.27 18:25:32 | 000,513,501 | ---- | C] () -- C:\Users\Mineor\Desktop\adwcleaner.exe
[2012.09.26 14:52:58 | 000,000,160 | ---- | C] () -- C:\Users\Mineor\defogger_reenable
[2012.09.26 00:07:32 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.25 23:44:29 | 000,088,064 | ---- | C] () -- C:\ProgramData\fekoklhq.exe
[2012.09.25 23:44:25 | 000,076,346 | ---- | C] () -- C:\ProgramData\hjabjdlnztwiqna
[2012.09.25 10:39:56 | 000,000,024 | ---- | C] () -- C:\Windows\.conf
[2012.09.24 23:20:41 | 000,000,564 | ---- | C] () -- C:\Users\Public\Desktop\World of Warplanes.lnk
[2012.09.06 16:41:59 | 000,000,702 | ---- | C] () -- C:\Users\Mineor\Desktop\IAmAlive_game - Verknüpfung.lnk
[2012.03.15 11:14:28 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.02.23 21:16:22 | 001,236,992 | ---- | C] () -- C:\Windows\System32\spk.dll
[2011.10.06 22:30:48 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.08.22 16:22:17 | 002,469,248 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011.08.22 16:22:17 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011.08.22 16:22:17 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011.08.22 16:22:17 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011.08.22 16:22:17 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011.07.23 20:41:26 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2011.07.23 20:41:26 | 000,001,320 | ---- | C] () -- C:\Windows\unins000.dat
[2011.07.13 22:07:54 | 000,022,252 | ---- | C] () -- C:\Users\Mineor\ESt2010_Harms_Arne_und_Harms_Stefanie.elfo
[2011.06.03 21:40:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.25 04:24:16 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.04.20 18:30:06 | 000,233,765 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.01.08 22:04:36 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.10.05 01:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys
[2009.12.02 13:33:06 | 000,000,760 | ---- | C] () -- C:\Users\Mineor\AppData\Roaming\setup_ldm.iss
[2008.12.19 00:22:20 | 000,000,442 | ---- | C] () -- C:\Users\Mineor\AppData\Roaming\mdbu.bin
[2008.06.17 16:26:32 | 000,000,020 | ---- | C] () -- C:\Users\Mineor\AppData\Roaming\AVSDVDPlayer.m3u
[2008.06.01 23:55:48 | 007,118,848 | ---- | C] () -- C:\ProgramData\sandra.mda
[2007.12.19 13:59:38 | 000,000,094 | ---- | C] () -- C:\Users\Mineor\AppData\Local\fusioncache.dat
[2007.12.15 22:33:46 | 000,000,010 | ---- | C] () -- C:\Users\Mineor\ho.dir
[2007.12.15 22:31:23 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.12.15 21:57:07 | 000,162,304 | ---- | C] () -- C:\Users\Mineor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.15 21:13:45 | 000,139,152 | ---- | C] () -- C:\Users\Mineor\AppData\Roaming\PnkBstrK.sys
[2007.12.15 18:44:38 | 000,001,356 | ---- | C] () -- C:\Users\Mineor\AppData\Local\d3d9caps.dat
[2005.04.08 04:16:43 | 000,092,573 | -H-- | C] () -- C:\Users\Mineor\AppData\Roaming\Mineorlog.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.10.28 23:29:51 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\4113C8D3B5AFC42F58618C8B41F8027C
[2008.12.01 12:11:58 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Acreon
[2009.11.19 17:17:09 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Advanced Chemistry Development
[2011.10.15 08:53:17 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Ashampoo
[2012.01.23 09:41:24 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Auslogics
[2010.11.26 21:00:25 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\calibre
[2012.07.11 18:02:02 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Canneverbe Limited
[2011.08.12 16:48:25 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Code Force Limited
[2008.02.28 13:31:03 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\CommunicaEtor
[2010.03.02 21:00:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Der Planer 4
[2010.10.28 15:19:51 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DisplayTune
[2011.10.22 09:27:17 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Dropbox
[2012.07.26 19:57:14 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DVDVideoSoft
[2011.10.20 21:54:25 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.12.24 18:10:13 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Echidna LLC
[2012.07.20 11:01:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\EoN
[2009.06.21 14:30:58 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FFSJ
[2010.04.21 22:45:37 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FileZilla
[2012.06.21 15:43:18 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FLAC to MP3 Converter
[2012.06.02 16:07:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\fotw
[2012.03.27 15:12:40 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Foxit Software
[2012.07.12 17:55:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Free Download Manager
[2010.08.30 10:29:02 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FreeOrion
[2011.07.03 00:03:40 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\GetRightToGo
[2008.06.27 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant
[2011.09.04 13:39:56 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\GrabIt
[2012.06.13 07:31:40 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ICQ
[2010.07.16 12:31:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Imperium Romanum
[2012.06.02 11:40:57 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Kalypso Media
[2009.12.02 13:33:10 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Leadertech
[2011.01.08 00:44:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ML
[2008.06.17 16:32:29 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\MPEG Streamclip
[2010.02.28 14:26:37 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\MudTV
[2009.10.25 18:21:01 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\NationRed
[2008.03.08 13:56:52 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Newsbin
[2009.10.08 16:45:29 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\OpenOffice.org
[2010.09.01 08:46:02 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ProtectDISC
[2009.01.25 19:47:21 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Silver Style Entertainment
[2012.06.14 13:10:39 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\six-updater
[2012.06.14 13:10:20 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\six-zsync
[2012.06.02 11:43:28 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\SKD
[2008.02.24 20:11:01 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Soldat
[2010.05.14 12:14:17 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Sony
[2010.05.14 12:06:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Sony Setup
[2008.10.20 12:27:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Stardock
[2009.07.10 14:08:23 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\streamripper
[2012.04.03 19:33:42 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\The Creative Assembly
[2009.02.08 12:36:38 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Tobit
[2012.01.26 08:47:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\TS3Client
[2011.09.28 08:48:33 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ts3overlay
[2007.12.19 14:48:50 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Turbine
[2012.07.18 07:57:41 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Unity
[2011.09.06 23:24:16 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Unzbin
[2012.09.24 23:21:47 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\wargaming.net
[2012.08.11 12:00:55 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\WOT Statistics
[2012.04.29 09:36:43 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\XMedia Recode
[2011.08.12 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ZombieDriver
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.10.28 23:29:51 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\4113C8D3B5AFC42F58618C8B41F8027C
[2008.12.01 12:11:58 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Acreon
[2010.09.03 11:59:43 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Adobe
[2009.11.19 17:17:09 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Advanced Chemistry Development
[2011.10.15 08:53:17 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Ashampoo
[2007.12.15 19:09:41 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ATI
[2012.01.23 09:41:24 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Auslogics
[2012.02.16 07:44:13 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Avira
[2009.10.17 21:20:06 | 000,000,000 | R--D | M] -- C:\Users\Mineor\AppData\Roaming\Brother
[2010.11.26 21:00:25 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\calibre
[2012.07.11 18:02:02 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Canneverbe Limited
[2011.08.12 16:48:25 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Code Force Limited
[2008.02.28 13:31:03 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\CommunicaEtor
[2010.03.02 21:00:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Der Planer 4
[2010.10.28 15:19:51 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DisplayTune
[2010.06.09 15:01:50 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DivX
[2011.10.22 09:27:17 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Dropbox
[2012.07.19 14:43:18 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\dvdcss
[2012.07.26 19:57:14 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DVDVideoSoft
[2011.10.20 21:54:25 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.12.24 18:10:13 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Echidna LLC
[2012.07.20 11:01:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\EoN
[2009.06.21 14:30:58 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FFSJ
[2010.04.21 22:45:37 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FileZilla
[2012.06.21 15:43:18 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FLAC to MP3 Converter
[2012.06.02 16:07:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\fotw
[2012.03.27 15:12:40 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Foxit Software
[2012.07.12 17:55:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Free Download Manager
[2010.08.30 10:29:02 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FreeOrion
[2011.07.03 00:03:40 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\GetRightToGo
[2008.06.27 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant
[2011.09.04 13:39:56 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\GrabIt
[2012.06.13 07:31:40 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ICQ
[2007.12.15 18:44:41 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Identities
[2010.07.16 12:31:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Imperium Romanum
[2008.01.30 19:54:07 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\InstallShield
[2012.06.02 11:40:57 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Kalypso Media
[2009.12.02 13:33:10 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Leadertech
[2010.02.27 12:07:53 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Logishrd
[2010.02.27 12:07:45 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Logitech
[2007.12.15 21:02:26 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Macromedia
[2010.10.28 21:34:24 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Media Center Programs
[2012.09.07 11:37:34 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Media Player Classic
[2012.07.24 00:10:40 | 000,000,000 | --SD | M] -- C:\Users\Mineor\AppData\Roaming\Microsoft
[2011.01.08 00:44:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ML
[2009.08.21 17:04:28 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Mozilla
[2008.06.17 16:32:29 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\MPEG Streamclip
[2010.02.28 14:26:37 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\MudTV
[2009.10.25 18:21:01 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\NationRed
[2010.04.24 10:25:26 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Nero
[2008.03.08 13:56:52 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Newsbin
[2009.10.08 16:45:29 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\OpenOffice.org
[2010.09.01 08:46:02 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ProtectDISC
[2011.10.25 23:08:26 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Real
[2008.06.04 13:42:50 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\SecuROM
[2009.01.25 19:47:21 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Silver Style Entertainment
[2012.06.14 13:10:39 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\six-updater
[2012.06.14 13:10:20 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\six-zsync
[2012.06.02 11:43:28 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\SKD
[2011.06.04 11:35:20 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Skype
[2011.06.04 09:00:32 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\skypePM
[2008.02.24 20:11:01 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Soldat
[2010.05.14 12:14:17 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Sony
[2010.05.14 12:06:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Sony Setup
[2008.10.20 12:27:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Stardock
[2009.07.10 14:08:23 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\streamripper
[2012.04.03 19:33:42 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\The Creative Assembly
[2009.02.08 12:36:38 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Tobit
[2012.01.26 08:47:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\TS3Client
[2011.09.28 08:48:33 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ts3overlay
[2007.12.19 14:48:50 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Turbine
[2008.10.25 23:19:12 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\U3
[2012.07.18 07:57:41 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Unity
[2011.09.06 23:24:16 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Unzbin
[2012.09.25 01:29:39 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\vlc
[2012.09.24 23:21:47 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\wargaming.net
[2012.01.26 08:47:15 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Winamp
[2007.12.16 15:13:57 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\WinRAR
[2012.08.11 12:00:55 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\WOT Statistics
[2012.04.29 09:36:43 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\XMedia Recode
[2011.08.12 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ZombieDriver
 
< %APPDATA%\*.exe /s >
[2008.12.01 12:11:59 | 000,272,384 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe
[2008.06.27 23:01:06 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\46859686-D5B7-453F-BA6C-F4E9CA783CD8\AutoRunCE.exe
[2008.06.27 23:01:06 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\46859686-D5B7-453F-BA6C-F4E9CA783CD8\1\module.exe
[2008.06.27 23:01:20 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\4F829640-0E36-4CFA-B0A3-3DD57268234F\AutoRunCE.exe
[2008.06.27 23:01:20 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\4F829640-0E36-4CFA-B0A3-3DD57268234F\1\module.exe
[2008.06.27 23:01:02 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\65BF9666-D4BC-4F6C-995A-D7ECE06F34E5\AutoRunCE.exe
[2008.06.27 23:01:03 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\65BF9666-D4BC-4F6C-995A-D7ECE06F34E5\1\module.exe
[2008.06.27 23:01:07 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\65F7AFE0-737A-4053-A7ED-293A14114651\AutoRunCE.exe
[2008.06.27 23:01:07 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\65F7AFE0-737A-4053-A7ED-293A14114651\1\module.exe
[2008.06.27 23:00:52 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\6E909346-9C25-48EB-8A62-F7FB64ECBAD6\AutoRunCE.exe
[2008.06.27 23:01:00 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\6E909346-9C25-48EB-8A62-F7FB64ECBAD6\1\module.exe
[2008.06.27 23:01:03 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\7C6FF0FF-ACDF-4141-8082-0243F750A97C\AutoRunCE.exe
[2008.06.27 23:01:04 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\7C6FF0FF-ACDF-4141-8082-0243F750A97C\1\module.exe
[2008.06.27 23:01:11 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\7E31553A-7972-4BD9-96F7-7CE87866824B\AutoRunCE.exe
[2008.06.27 23:01:11 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\7E31553A-7972-4BD9-96F7-7CE87866824B\1\module.exe
[2008.06.27 23:01:18 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\92C3EBB4-3BC3-49CF-98FF-9D343402D8B4\AutoRunCE.exe
[2008.06.27 23:01:18 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\92C3EBB4-3BC3-49CF-98FF-9D343402D8B4\1\module.exe
[2008.06.27 23:01:19 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\9DB18DF2-E457-4507-8AED-7D34C1FCDC69\AutoRunCE.exe
[2008.06.27 23:01:19 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\9DB18DF2-E457-4507-8AED-7D34C1FCDC69\1\module.exe
[2008.06.27 23:01:17 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A07EF20F-29A1-4ACB-87FB-6C8F34548D0B\AutoRunCE.exe
[2008.06.27 23:01:17 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A07EF20F-29A1-4ACB-87FB-6C8F34548D0B\1\module.exe
[2008.06.27 23:01:16 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A1B03B87-BFC7-4E88-8D28-A4DEA8D86C16\AutoRunCE.exe
[2008.06.27 23:01:16 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A1B03B87-BFC7-4E88-8D28-A4DEA8D86C16\1\module.exe
[2008.06.27 23:01:08 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A20374A9-F6DF-4F0E-A514-80AE11911E31\AutoRunCE.exe
[2008.06.27 23:01:08 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A20374A9-F6DF-4F0E-A514-80AE11911E31\1\module.exe
[2008.06.27 23:01:12 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A28001B0-4591-4047-BD75-9404B82CACA6\AutoRunCE.exe
[2008.06.27 23:01:12 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A28001B0-4591-4047-BD75-9404B82CACA6\1\module.exe
[2008.06.27 23:01:13 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A81F510F-804B-42C9-B642-FF2E093C7DF4\AutoRunCE.exe
[2008.06.27 23:01:13 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A81F510F-804B-42C9-B642-FF2E093C7DF4\1\module.exe
[2008.06.27 23:01:09 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\CE43E84F-E708-46B3-952D-1AE6FD1E33C8\AutoRunCE.exe
[2008.06.27 23:01:10 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\CE43E84F-E708-46B3-952D-1AE6FD1E33C8\1\module.exe
[2008.06.27 23:01:14 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\D91323F7-12A1-4806-B6D1-553CAF8D7E1E\AutoRunCE.exe
[2008.06.27 23:01:15 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\D91323F7-12A1-4806-B6D1-553CAF8D7E1E\1\module.exe
[2008.06.27 23:01:21 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\DF26D0D3-CF79-41C5-9EA8-8D4A437EC91C\AutoRunCE.exe
[2008.06.27 23:01:21 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\DF26D0D3-CF79-41C5-9EA8-8D4A437EC91C\1\module.exe
[2008.06.27 23:01:05 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\FF788CD6-18AC-4F45-B6EC-62D518406E3E\AutoRunCE.exe
[2008.06.27 23:01:05 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\FF788CD6-18AC-4F45-B6EC-62D518406E3E\1\module.exe
[2007.08.01 01:30:32 | 000,333,072 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Setup.exe
[2007.08.01 01:29:36 | 000,161,040 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Drivers\Bin\DelDev.exe
[2003.11.11 05:55:38 | 000,116,880 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Drivers\Bin\setup.exe
[2007.08.01 01:30:32 | 000,578,832 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Drivers\Bin\Shutdown.exe
[2008.01.16 02:09:10 | 000,045,056 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Drivers\Bin\SLAUNCH.EXE
[2008.01.16 02:09:10 | 000,050,712 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Drivers\Bin\StripInf.exe
[2007.08.01 01:30:54 | 000,107,792 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Drivers\Bin\Update.exe
[2007.08.01 01:32:48 | 000,333,072 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Elevated\Setup.exe
[2007.04.11 04:34:14 | 000,363,536 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Redist\LASU\LogitechUpdate.exe
[2007.04.11 04:34:26 | 000,345,104 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Redist\LASU\LogitechUpdate2.exe
[2007.04.11 04:40:24 | 000,067,600 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Redist\LASU\LULnchr.exe
[2007.08.01 01:29:26 | 000,574,736 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Setup\Setup.exe
[2005.06.03 03:02:26 | 002,645,013 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\techsupt\DS9Engine\DS9Engine.exe
[2010.09.03 11:59:06 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Mineor\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.05.14 12:51:12 | 001,925,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Mineor\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2010.05.14 12:09:55 | 000,010,134 | R--- | M] () -- C:\Users\Mineor\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
[2009.12.02 13:33:10 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Mineor\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.08.11 11:58:43 | 000,332,328 | R--- | M] () -- C:\Users\Mineor\AppData\Roaming\Microsoft\Installer\{9C6C0D2A-E2C0-4160-B139-5951A72EC80F}\_4756E675CB4D491DA4D80F.exe
[2012.08.11 11:58:43 | 000,332,328 | R--- | M] () -- C:\Users\Mineor\AppData\Roaming\Microsoft\Installer\{9C6C0D2A-E2C0-4160-B139-5951A72EC80F}\_853F67D554F05449430E7E.exe
[2012.08.11 11:58:43 | 000,332,328 | R--- | M] () -- C:\Users\Mineor\AppData\Roaming\Microsoft\Installer\{9C6C0D2A-E2C0-4160-B139-5951A72EC80F}\_A4A4C973BC9DFB57F2B7BC.exe
[2008.03.27 20:26:56 | 000,010,134 | R--- | M] () -- C:\Users\Mineor\AppData\Roaming\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Users\Mineor\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2007.10.24 05:56:19 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\SoftwareDistribution\Download\849b321448ad54f888bc4129bd98f62b\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.26 00:15:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.26 00:15:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2007.10.24 06:11:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\SoftwareDistribution\Download\849b321448ad54f888bc4129bd98f62b\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys
[2008.02.26 00:15:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.12.16 09:53:43 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2007.12.16 09:53:43 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

cosinus · 28.09.2012, 19:50

Code:

ATTFilter

[ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

ZoneAlarm ist kontraproduktiver Müll, bitte umgehend deinstallieren und die Windows-Firewall einschalten!
Mach danach bitte wieder ein neues OTL-Log

Mineor · 28.09.2012, 20:19

Hier das neue Log :

Code:

ATTFilter

OTL logfile created on: 28.09.2012 21:05:02 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mineor\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 84,47% Memory free
6,69 Gb Paging File | 6,40 Gb Available in Paging File | 95,70% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,28 Gb Total Space | 78,40 Gb Free Space | 66,84% Space Free | Partition Type: NTFS
Drive D: | 83,01 Gb Total Space | 37,42 Gb Free Space | 45,08% Space Free | Partition Type: NTFS
Drive E: | 32,59 Gb Total Space | 6,53 Gb Free Space | 20,05% Space Free | Partition Type: NTFS
 
Computer Name: MINEOR-PC | User Name: Mineor | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.28 21:04:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mineor\Desktop\OTL.exe
PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 00:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.09.20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2005.02.16 01:44:24 | 000,412,672 | ---- | M] () -- C:\Programme\WinUHA\shellwinuha.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.16 07:45:07 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.14 02:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.27 09:25:06 | 001,326,176 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012.06.27 09:25:04 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.05.08 19:00:10 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 19:00:10 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.05.25 05:03:26 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.04.21 19:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.01.29 23:17:14 | 000,292,944 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.04.11 00:28:18 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008.04.22 18:23:02 | 000,098,488 | ---- | M] (SiSoftware) [Auto | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 00:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 00:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.07.31 16:33:36 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007.07.31 16:29:48 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PdiPorts.sys -- (PdiPorts)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\amdiox86.sys -- (amdiox86)
DRV - [2012.05.08 19:00:10 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 19:00:10 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.05.06 23:17:44 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012.05.06 23:17:44 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.12.16 16:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2011.09.16 17:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011.07.29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011.05.25 06:25:48 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2011.05.25 06:25:48 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011.05.25 04:25:20 | 000,245,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.12.02 05:34:32 | 000,052,096 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2010.06.17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.09 14:19:21 | 000,279,712 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.06.09 14:19:21 | 000,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.11.10 13:55:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.11.10 13:55:24 | 000,079,504 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009.11.10 13:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.11.10 13:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.11.10 13:54:04 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009.11.10 13:53:56 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009.09.29 09:11:22 | 000,012,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgbtport.sys -- (LgBttPort)
DRV - [2009.09.29 09:11:20 | 000,012,928 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgvmodem.sys -- (LGVMODEM)
DRV - [2009.09.29 09:11:20 | 000,010,496 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lgbtbus.sys -- (lgbusenum)
DRV - [2009.04.10 22:42:54 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.02.20 07:17:50 | 000,095,760 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.01.13 19:13:52 | 000,049,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009.01.13 19:13:44 | 000,014,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009.01.13 19:13:28 | 000,029,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009.01.13 19:13:20 | 000,019,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2008.12.20 02:08:28 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008.11.19 18:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.11.19 18:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.11.19 18:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008.10.29 17:29:54 | 000,043,520 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008.03.10 19:30:36 | 000,021,408 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008.02.22 15:54:52 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2007.07.31 16:29:04 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006.11.15 16:24:54 | 000,048,128 | ---- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atl01v32.sys -- (AtcL001)
DRV - [2006.10.18 07:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.daemonsearch.com/intl/
IE - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6
FF - prefs.js..extensions.enabledItems: {fd048119-78ee-487f-8fb1-1668d3a6859b}:2.6.1
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mineor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.23 06:35:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.21 14:51:02 | 000,000,000 | ---D | M]
 
[2008.10.12 15:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Extensions
[2012.09.25 23:38:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions
[2011.02.07 23:54:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.06 13:16:06 | 000,000,000 | ---D | M] ("PsicoTSI") -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}
[2008.06.24 15:46:07 | 000,000,000 | ---D | M] ("SkillRaise Tool") -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{90ab4b7a-dfc8-420b-a205-eae16593e719}
[2012.09.25 23:38:00 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2011.10.20 21:54:26 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.07.24 08:11:44 | 000,000,000 | ---D | M] (Alltid Hattrick Statistics) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{fd048119-78ee-487f-8fb1-1668d3a6859b}
[2009.04.21 20:46:58 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\moveplayer@movenetworks.com
[2011.09.07 00:01:50 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
[2012.07.23 06:35:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.03 21:39:41 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.21 14:51:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programme\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CheckPoint Cleanup] C:\Users\Mineor\AppData\Local\Temp\cpes_clean_launcher.exe ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech CallCentral] C:\Program Files\Logitech\CallCentral\CallCentral.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000..\Run: [fekoklhqhdukcyv] C:\ProgramData\fekoklhq.exe ()
O4 - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000..\Run: [PlayNC Launcher]  File not found
O4 - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mineor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mineor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://E:\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - d:\ICQ7M\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - d:\ICQ7M\ICQ.exe File not found
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000\..Trusted Domains: blank ([]about in Computer)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.7.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F85BDFF-5784-407C-AF42-95A442EFB587}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mineor\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mineor\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2782d385-b8c3-11de-9f75-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{2782d385-b8c3-11de-9f75-001d602f414c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{385f6d89-e74d-11df-bce8-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{385f6d89-e74d-11df-bce8-001d602f414c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{42406e2c-1a27-11e0-b805-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{6701f21f-add3-11dd-bb59-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{6bd826ca-a2a2-11dd-82d6-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{6bd826ca-a2a2-11dd-82d6-001d602f414c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{7cdbbc66-3e5b-11e0-8616-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{7cdbbc66-3e5b-11e0-8616-001d602f414c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{beefae9f-1bfb-11df-8baf-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{beefae9f-1bfb-11df-8baf-001d602f414c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\cdstart.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe - (McAfee, Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: Start WingMan Profiler - hkey= - key= - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
MsConfig - StartUpReg: Steam - hkey= - key= - d:\steam\steam.exe (Valve Corporation)
MsConfig - StartUpReg: Windows Mobile-based device management - hkey= - key= - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vsmon - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\System32\divx.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.IV32 - C:\Windows\System32\ir32.dll ()
Drivers32: vidc.IV45 - C:\Windows\System32\ir41_qc.dll (Intel Corporation.)
Drivers32: VIDC.WMV3 - C:\Windows\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.28 20:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ZA_PreservedFiles
[2012.09.28 20:18:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mineor\Desktop\OTL.exe
[2012.09.27 14:37:14 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Mineor\Desktop\esetsmartinstaller_enu.exe
[2012.09.27 14:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.26 14:57:37 | 000,100,864 | ---- | C] (GMER) -- C:\ufdiypow.sys
[2012.09.25 23:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ateisktyhgbvliw
[2012.09.25 10:40:03 | 000,000,000 | ---D | C] -- C:\Users\Mineor\AppData\Local\DOSBox
[2012.09.24 23:20:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warplanes
[2012.09.06 16:42:52 | 000,000,000 | ---D | C] -- C:\Users\Mineor\Documents\IAmAlive
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.28 21:04:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mineor\Desktop\OTL.exe
[2012.09.28 21:00:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.28 14:08:29 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 14:08:29 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.28 13:20:32 | 000,349,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.27 18:25:32 | 000,513,501 | ---- | M] () -- C:\Users\Mineor\Desktop\adwcleaner.exe
[2012.09.27 17:45:05 | 000,001,356 | ---- | M] () -- C:\Users\Mineor\AppData\Local\d3d9caps.dat
[2012.09.27 14:35:53 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Mineor\Desktop\esetsmartinstaller_enu.exe
[2012.09.26 14:57:37 | 000,100,864 | ---- | M] (GMER) -- C:\ufdiypow.sys
[2012.09.26 14:53:10 | 000,000,160 | ---- | M] () -- C:\Users\Mineor\defogger_reenable
[2012.09.26 10:10:07 | 000,162,304 | ---- | M] () -- C:\Users\Mineor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.26 00:07:32 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.25 23:44:30 | 000,076,346 | ---- | M] () -- C:\ProgramData\hjabjdlnztwiqna
[2012.09.25 23:44:24 | 000,088,064 | ---- | M] () -- C:\ProgramData\fekoklhq.exe
[2012.09.25 10:39:57 | 000,000,024 | ---- | M] () -- C:\Windows\.conf
[2012.09.24 23:20:41 | 000,000,564 | ---- | M] () -- C:\Users\Public\Desktop\World of Warplanes.lnk
[2012.09.21 21:39:08 | 000,731,246 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.21 21:39:08 | 000,681,400 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.21 21:39:08 | 000,164,970 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.21 21:39:08 | 000,135,734 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.06 16:41:59 | 000,000,702 | ---- | M] () -- C:\Users\Mineor\Desktop\IAmAlive_game - Verknüpfung.lnk
[2012.09.02 18:31:44 | 000,002,175 | ---- | M] () -- C:\Users\Mineor\Desktop\WOT Statistics.lnk
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[5 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.27 18:25:32 | 000,513,501 | ---- | C] () -- C:\Users\Mineor\Desktop\adwcleaner.exe
[2012.09.26 14:52:58 | 000,000,160 | ---- | C] () -- C:\Users\Mineor\defogger_reenable
[2012.09.26 00:07:32 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.09.25 23:44:29 | 000,088,064 | ---- | C] () -- C:\ProgramData\fekoklhq.exe
[2012.09.25 23:44:25 | 000,076,346 | ---- | C] () -- C:\ProgramData\hjabjdlnztwiqna
[2012.09.25 10:39:56 | 000,000,024 | ---- | C] () -- C:\Windows\.conf
[2012.09.24 23:20:41 | 000,000,564 | ---- | C] () -- C:\Users\Public\Desktop\World of Warplanes.lnk
[2012.09.06 16:41:59 | 000,000,702 | ---- | C] () -- C:\Users\Mineor\Desktop\IAmAlive_game - Verknüpfung.lnk
[2012.03.15 11:14:28 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012.02.23 21:16:22 | 001,236,992 | ---- | C] () -- C:\Windows\System32\spk.dll
[2011.10.06 22:30:48 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011.08.22 16:22:17 | 002,469,248 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011.08.22 16:22:17 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011.08.22 16:22:17 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011.08.22 16:22:17 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011.08.22 16:22:17 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011.07.23 20:41:26 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe
[2011.07.23 20:41:26 | 000,001,320 | ---- | C] () -- C:\Windows\unins000.dat
[2011.07.13 22:07:54 | 000,022,252 | ---- | C] () -- C:\Users\Mineor\ESt2010_Harms_Arne_und_Harms_Stefanie.elfo
[2011.06.03 21:40:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.25 04:24:16 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.04.20 18:30:06 | 000,233,765 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.01.08 22:04:36 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.10.05 01:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys
[2009.12.02 13:33:06 | 000,000,760 | ---- | C] () -- C:\Users\Mineor\AppData\Roaming\setup_ldm.iss
[2008.12.19 00:22:20 | 000,000,442 | ---- | C] () -- C:\Users\Mineor\AppData\Roaming\mdbu.bin
[2008.06.17 16:26:32 | 000,000,020 | ---- | C] () -- C:\Users\Mineor\AppData\Roaming\AVSDVDPlayer.m3u
[2008.06.01 23:55:48 | 007,118,848 | ---- | C] () -- C:\ProgramData\sandra.mda
[2007.12.19 13:59:38 | 000,000,094 | ---- | C] () -- C:\Users\Mineor\AppData\Local\fusioncache.dat
[2007.12.15 22:33:46 | 000,000,010 | ---- | C] () -- C:\Users\Mineor\ho.dir
[2007.12.15 22:31:23 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.12.15 21:57:07 | 000,162,304 | ---- | C] () -- C:\Users\Mineor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.15 21:13:45 | 000,139,152 | ---- | C] () -- C:\Users\Mineor\AppData\Roaming\PnkBstrK.sys
[2007.12.15 18:44:38 | 000,001,356 | ---- | C] () -- C:\Users\Mineor\AppData\Local\d3d9caps.dat
[2005.04.08 04:16:43 | 000,092,573 | -H-- | C] () -- C:\Users\Mineor\AppData\Roaming\Mineorlog.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.10.28 23:29:51 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\4113C8D3B5AFC42F58618C8B41F8027C
[2008.12.01 12:11:58 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Acreon
[2009.11.19 17:17:09 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Advanced Chemistry Development
[2011.10.15 08:53:17 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Ashampoo
[2012.01.23 09:41:24 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Auslogics
[2010.11.26 21:00:25 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\calibre
[2012.07.11 18:02:02 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Canneverbe Limited
[2011.08.12 16:48:25 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Code Force Limited
[2008.02.28 13:31:03 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\CommunicaEtor
[2010.03.02 21:00:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Der Planer 4
[2010.10.28 15:19:51 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DisplayTune
[2011.10.22 09:27:17 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Dropbox
[2012.07.26 19:57:14 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DVDVideoSoft
[2011.10.20 21:54:25 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.12.24 18:10:13 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Echidna LLC
[2012.07.20 11:01:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\EoN
[2009.06.21 14:30:58 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FFSJ
[2010.04.21 22:45:37 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FileZilla
[2012.06.21 15:43:18 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FLAC to MP3 Converter
[2012.06.02 16:07:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\fotw
[2012.03.27 15:12:40 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Foxit Software
[2012.07.12 17:55:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Free Download Manager
[2010.08.30 10:29:02 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FreeOrion
[2011.07.03 00:03:40 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\GetRightToGo
[2008.06.27 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant
[2011.09.04 13:39:56 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\GrabIt
[2012.06.13 07:31:40 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ICQ
[2010.07.16 12:31:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Imperium Romanum
[2012.06.02 11:40:57 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Kalypso Media
[2009.12.02 13:33:10 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Leadertech
[2011.01.08 00:44:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ML
[2008.06.17 16:32:29 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\MPEG Streamclip
[2010.02.28 14:26:37 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\MudTV
[2009.10.25 18:21:01 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\NationRed
[2008.03.08 13:56:52 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Newsbin
[2009.10.08 16:45:29 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\OpenOffice.org
[2010.09.01 08:46:02 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ProtectDISC
[2009.01.25 19:47:21 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Silver Style Entertainment
[2012.06.14 13:10:39 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\six-updater
[2012.06.14 13:10:20 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\six-zsync
[2012.06.02 11:43:28 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\SKD
[2008.02.24 20:11:01 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Soldat
[2010.05.14 12:14:17 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Sony
[2010.05.14 12:06:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Sony Setup
[2008.10.20 12:27:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Stardock
[2009.07.10 14:08:23 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\streamripper
[2012.04.03 19:33:42 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\The Creative Assembly
[2009.02.08 12:36:38 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Tobit
[2012.01.26 08:47:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\TS3Client
[2011.09.28 08:48:33 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ts3overlay
[2007.12.19 14:48:50 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Turbine
[2012.07.18 07:57:41 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Unity
[2011.09.06 23:24:16 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Unzbin
[2012.09.24 23:21:47 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\wargaming.net
[2012.08.11 12:00:55 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\WOT Statistics
[2012.04.29 09:36:43 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\XMedia Recode
[2011.08.12 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ZombieDriver
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.10.28 23:29:51 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\4113C8D3B5AFC42F58618C8B41F8027C
[2008.12.01 12:11:58 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Acreon
[2010.09.03 11:59:43 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Adobe
[2009.11.19 17:17:09 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Advanced Chemistry Development
[2011.10.15 08:53:17 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Ashampoo
[2007.12.15 19:09:41 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ATI
[2012.01.23 09:41:24 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Auslogics
[2012.02.16 07:44:13 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Avira
[2009.10.17 21:20:06 | 000,000,000 | R--D | M] -- C:\Users\Mineor\AppData\Roaming\Brother
[2010.11.26 21:00:25 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\calibre
[2012.07.11 18:02:02 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Canneverbe Limited
[2011.08.12 16:48:25 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Code Force Limited
[2008.02.28 13:31:03 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\CommunicaEtor
[2010.03.02 21:00:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Der Planer 4
[2010.10.28 15:19:51 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DisplayTune
[2010.06.09 15:01:50 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DivX
[2011.10.22 09:27:17 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Dropbox
[2012.07.19 14:43:18 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\dvdcss
[2012.07.26 19:57:14 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DVDVideoSoft
[2011.10.20 21:54:25 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.12.24 18:10:13 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Echidna LLC
[2012.07.20 11:01:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\EoN
[2009.06.21 14:30:58 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FFSJ
[2010.04.21 22:45:37 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FileZilla
[2012.06.21 15:43:18 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FLAC to MP3 Converter
[2012.06.02 16:07:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\fotw
[2012.03.27 15:12:40 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Foxit Software
[2012.07.12 17:55:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Free Download Manager
[2010.08.30 10:29:02 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\FreeOrion
[2011.07.03 00:03:40 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\GetRightToGo
[2008.06.27 20:16:16 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant
[2011.09.04 13:39:56 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\GrabIt
[2012.06.13 07:31:40 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ICQ
[2007.12.15 18:44:41 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Identities
[2010.07.16 12:31:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Imperium Romanum
[2008.01.30 19:54:07 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\InstallShield
[2012.06.02 11:40:57 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Kalypso Media
[2009.12.02 13:33:10 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Leadertech
[2010.02.27 12:07:53 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Logishrd
[2010.02.27 12:07:45 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Logitech
[2007.12.15 21:02:26 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Macromedia
[2010.10.28 21:34:24 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Media Center Programs
[2012.09.07 11:37:34 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Media Player Classic
[2012.07.24 00:10:40 | 000,000,000 | --SD | M] -- C:\Users\Mineor\AppData\Roaming\Microsoft
[2011.01.08 00:44:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ML
[2009.08.21 17:04:28 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Mozilla
[2008.06.17 16:32:29 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\MPEG Streamclip
[2010.02.28 14:26:37 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\MudTV
[2009.10.25 18:21:01 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\NationRed
[2010.04.24 10:25:26 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Nero
[2008.03.08 13:56:52 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Newsbin
[2009.10.08 16:45:29 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\OpenOffice.org
[2010.09.01 08:46:02 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ProtectDISC
[2011.10.25 23:08:26 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Real
[2008.06.04 13:42:50 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\SecuROM
[2009.01.25 19:47:21 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Silver Style Entertainment
[2012.06.14 13:10:39 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\six-updater
[2012.06.14 13:10:20 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\six-zsync
[2012.06.02 11:43:28 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\SKD
[2011.06.04 11:35:20 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Skype
[2011.06.04 09:00:32 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\skypePM
[2008.02.24 20:11:01 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Soldat
[2010.05.14 12:14:17 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Sony
[2010.05.14 12:06:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Sony Setup
[2008.10.20 12:27:30 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Stardock
[2009.07.10 14:08:23 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\streamripper
[2012.04.03 19:33:42 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\The Creative Assembly
[2009.02.08 12:36:38 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Tobit
[2012.01.26 08:47:11 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\TS3Client
[2011.09.28 08:48:33 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ts3overlay
[2007.12.19 14:48:50 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Turbine
[2008.10.25 23:19:12 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\U3
[2012.07.18 07:57:41 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Unity
[2011.09.06 23:24:16 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Unzbin
[2012.09.25 01:29:39 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\vlc
[2012.09.24 23:21:47 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\wargaming.net
[2012.01.26 08:47:15 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\Winamp
[2007.12.16 15:13:57 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\WinRAR
[2012.08.11 12:00:55 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\WOT Statistics
[2012.04.29 09:36:43 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\XMedia Recode
[2011.08.12 21:25:35 | 000,000,000 | ---D | M] -- C:\Users\Mineor\AppData\Roaming\ZombieDriver
 
< %APPDATA%\*.exe /s >
[2008.12.01 12:11:59 | 000,272,384 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\Acreon\WowMatrix\Modules\curl.exe
[2008.06.27 23:01:06 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\46859686-D5B7-453F-BA6C-F4E9CA783CD8\AutoRunCE.exe
[2008.06.27 23:01:06 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\46859686-D5B7-453F-BA6C-F4E9CA783CD8\1\module.exe
[2008.06.27 23:01:20 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\4F829640-0E36-4CFA-B0A3-3DD57268234F\AutoRunCE.exe
[2008.06.27 23:01:20 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\4F829640-0E36-4CFA-B0A3-3DD57268234F\1\module.exe
[2008.06.27 23:01:02 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\65BF9666-D4BC-4F6C-995A-D7ECE06F34E5\AutoRunCE.exe
[2008.06.27 23:01:03 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\65BF9666-D4BC-4F6C-995A-D7ECE06F34E5\1\module.exe
[2008.06.27 23:01:07 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\65F7AFE0-737A-4053-A7ED-293A14114651\AutoRunCE.exe
[2008.06.27 23:01:07 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\65F7AFE0-737A-4053-A7ED-293A14114651\1\module.exe
[2008.06.27 23:00:52 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\6E909346-9C25-48EB-8A62-F7FB64ECBAD6\AutoRunCE.exe
[2008.06.27 23:01:00 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\6E909346-9C25-48EB-8A62-F7FB64ECBAD6\1\module.exe
[2008.06.27 23:01:03 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\7C6FF0FF-ACDF-4141-8082-0243F750A97C\AutoRunCE.exe
[2008.06.27 23:01:04 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\7C6FF0FF-ACDF-4141-8082-0243F750A97C\1\module.exe
[2008.06.27 23:01:11 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\7E31553A-7972-4BD9-96F7-7CE87866824B\AutoRunCE.exe
[2008.06.27 23:01:11 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\7E31553A-7972-4BD9-96F7-7CE87866824B\1\module.exe
[2008.06.27 23:01:18 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\92C3EBB4-3BC3-49CF-98FF-9D343402D8B4\AutoRunCE.exe
[2008.06.27 23:01:18 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\92C3EBB4-3BC3-49CF-98FF-9D343402D8B4\1\module.exe
[2008.06.27 23:01:19 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\9DB18DF2-E457-4507-8AED-7D34C1FCDC69\AutoRunCE.exe
[2008.06.27 23:01:19 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\9DB18DF2-E457-4507-8AED-7D34C1FCDC69\1\module.exe
[2008.06.27 23:01:17 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A07EF20F-29A1-4ACB-87FB-6C8F34548D0B\AutoRunCE.exe
[2008.06.27 23:01:17 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A07EF20F-29A1-4ACB-87FB-6C8F34548D0B\1\module.exe
[2008.06.27 23:01:16 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A1B03B87-BFC7-4E88-8D28-A4DEA8D86C16\AutoRunCE.exe
[2008.06.27 23:01:16 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A1B03B87-BFC7-4E88-8D28-A4DEA8D86C16\1\module.exe
[2008.06.27 23:01:08 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A20374A9-F6DF-4F0E-A514-80AE11911E31\AutoRunCE.exe
[2008.06.27 23:01:08 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A20374A9-F6DF-4F0E-A514-80AE11911E31\1\module.exe
[2008.06.27 23:01:12 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A28001B0-4591-4047-BD75-9404B82CACA6\AutoRunCE.exe
[2008.06.27 23:01:12 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A28001B0-4591-4047-BD75-9404B82CACA6\1\module.exe
[2008.06.27 23:01:13 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A81F510F-804B-42C9-B642-FF2E093C7DF4\AutoRunCE.exe
[2008.06.27 23:01:13 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\A81F510F-804B-42C9-B642-FF2E093C7DF4\1\module.exe
[2008.06.27 23:01:09 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\CE43E84F-E708-46B3-952D-1AE6FD1E33C8\AutoRunCE.exe
[2008.06.27 23:01:10 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\CE43E84F-E708-46B3-952D-1AE6FD1E33C8\1\module.exe
[2008.06.27 23:01:14 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\D91323F7-12A1-4806-B6D1-553CAF8D7E1E\AutoRunCE.exe
[2008.06.27 23:01:15 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\D91323F7-12A1-4806-B6D1-553CAF8D7E1E\1\module.exe
[2008.06.27 23:01:21 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\DF26D0D3-CF79-41C5-9EA8-8D4A437EC91C\AutoRunCE.exe
[2008.06.27 23:01:21 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\DF26D0D3-CF79-41C5-9EA8-8D4A437EC91C\1\module.exe
[2008.06.27 23:01:05 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\FF788CD6-18AC-4F45-B6EC-62D518406E3E\AutoRunCE.exe
[2008.06.27 23:01:05 | 000,057,856 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\GoPal Assistant\Library\FF788CD6-18AC-4F45-B6EC-62D518406E3E\1\module.exe
[2007.08.01 01:30:32 | 000,333,072 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Setup.exe
[2007.08.01 01:29:36 | 000,161,040 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Drivers\Bin\DelDev.exe
[2003.11.11 05:55:38 | 000,116,880 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Drivers\Bin\setup.exe
[2007.08.01 01:30:32 | 000,578,832 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Drivers\Bin\Shutdown.exe
[2008.01.16 02:09:10 | 000,045,056 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Drivers\Bin\SLAUNCH.EXE
[2008.01.16 02:09:10 | 000,050,712 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Drivers\Bin\StripInf.exe
[2007.08.01 01:30:54 | 000,107,792 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Drivers\Bin\Update.exe
[2007.08.01 01:32:48 | 000,333,072 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Elevated\Setup.exe
[2007.04.11 04:34:14 | 000,363,536 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Redist\LASU\LogitechUpdate.exe
[2007.04.11 04:34:26 | 000,345,104 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Redist\LASU\LogitechUpdate2.exe
[2007.04.11 04:40:24 | 000,067,600 | ---- | M] (Logitech Inc.) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Redist\LASU\LULnchr.exe
[2007.08.01 01:29:26 | 000,574,736 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\Setup\Setup.exe
[2005.06.03 03:02:26 | 002,645,013 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Mineor\AppData\Roaming\Logitech\CallCentral_10.4.6.1138\techsupt\DS9Engine\DS9Engine.exe
[2010.09.03 11:59:06 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Mineor\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.05.14 12:51:12 | 001,925,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Mineor\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2010.05.14 12:09:55 | 000,010,134 | R--- | M] () -- C:\Users\Mineor\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
[2009.12.02 13:33:10 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Mineor\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.08.11 11:58:43 | 000,332,328 | R--- | M] () -- C:\Users\Mineor\AppData\Roaming\Microsoft\Installer\{9C6C0D2A-E2C0-4160-B139-5951A72EC80F}\_4756E675CB4D491DA4D80F.exe
[2012.08.11 11:58:43 | 000,332,328 | R--- | M] () -- C:\Users\Mineor\AppData\Roaming\Microsoft\Installer\{9C6C0D2A-E2C0-4160-B139-5951A72EC80F}\_853F67D554F05449430E7E.exe
[2012.08.11 11:58:43 | 000,332,328 | R--- | M] () -- C:\Users\Mineor\AppData\Roaming\Microsoft\Installer\{9C6C0D2A-E2C0-4160-B139-5951A72EC80F}\_A4A4C973BC9DFB57F2B7BC.exe
[2008.03.27 20:26:56 | 000,010,134 | R--- | M] () -- C:\Users\Mineor\AppData\Roaming\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Mineor\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Users\Mineor\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 00:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2007.10.24 05:56:19 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=224505155EC3E36D7A1F36E446F04C2A -- C:\Windows\SoftwareDistribution\Download\849b321448ad54f888bc4129bd98f62b\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16584_none_daff695624a08568\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.26 00:15:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.26 00:15:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2007.10.24 06:11:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=BFD3DF48C9ED81934FE21E8E3CFC2496 -- C:\Windows\SoftwareDistribution\Download\849b321448ad54f888bc4129bd98f62b\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20707_none_dbe288453d7a8ed6\atapi.sys
[2008.02.26 00:15:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 00:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 00:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 00:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 00:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 00:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 00:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.12.16 09:53:43 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2007.12.16 09:53:43 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 00:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 00:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >

cosinus · 28.09.2012, 20:31

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - user.js - File not found
[2011.02.07 23:54:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.04.21 20:46:58 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\moveplayer@movenetworks.com
[2011.09.07 00:01:50 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
O4 - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000..\Run: [fekoklhqhdukcyv] C:\ProgramData\fekoklhq.exe ()
O4 - HKU\S-1-5-21-3581189367-4221141018-2697986107-1000..\Run: [PlayNC Launcher]  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2782d385-b8c3-11de-9f75-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{2782d385-b8c3-11de-9f75-001d602f414c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{385f6d89-e74d-11df-bce8-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{385f6d89-e74d-11df-bce8-001d602f414c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{42406e2c-1a27-11e0-b805-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{6701f21f-add3-11dd-bb59-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{6bd826ca-a2a2-11dd-82d6-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{6bd826ca-a2a2-11dd-82d6-001d602f414c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{7cdbbc66-3e5b-11e0-8616-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{7cdbbc66-3e5b-11e0-8616-001d602f414c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{beefae9f-1bfb-11df-8baf-001d602f414c}\Shell - "" = AutoRun
O33 - MountPoints2\{beefae9f-1bfb-11df-8baf-001d602f414c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\cdstart.exe
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF
:Files
C:\ProgramData\ateisktyhgbvliw
C:\ProgramData\hjabjdlnztwiqna
C:\ProgramData\*.exe
C:\Windows\.conf
C:\Users\Mineor\AppData\Roaming\4113C8D3B5AFC42F58618C8B41F8027C
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Mineor · 28.09.2012, 20:52

Hier das File :

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins folder moved successfully.
C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc folder moved successfully.
C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\moveplayer@movenetworks.com\platform folder moved successfully.
C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\moveplayer@movenetworks.com\META-INF folder moved successfully.
C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\moveplayer@movenetworks.com\components folder moved successfully.
C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\moveplayer@movenetworks.com folder moved successfully.
C:\Users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi moved successfully.
Registry value HKEY_USERS\S-1-5-21-3581189367-4221141018-2697986107-1000\Software\Microsoft\Windows\CurrentVersion\Run\\fekoklhqhdukcyv deleted successfully.
C:\ProgramData\fekoklhq.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3581189367-4221141018-2697986107-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2782d385-b8c3-11de-9f75-001d602f414c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2782d385-b8c3-11de-9f75-001d602f414c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2782d385-b8c3-11de-9f75-001d602f414c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2782d385-b8c3-11de-9f75-001d602f414c}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{385f6d89-e74d-11df-bce8-001d602f414c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{385f6d89-e74d-11df-bce8-001d602f414c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{385f6d89-e74d-11df-bce8-001d602f414c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{385f6d89-e74d-11df-bce8-001d602f414c}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42406e2c-1a27-11e0-b805-001d602f414c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42406e2c-1a27-11e0-b805-001d602f414c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6701f21f-add3-11dd-bb59-001d602f414c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6701f21f-add3-11dd-bb59-001d602f414c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bd826ca-a2a2-11dd-82d6-001d602f414c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6bd826ca-a2a2-11dd-82d6-001d602f414c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bd826ca-a2a2-11dd-82d6-001d602f414c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6bd826ca-a2a2-11dd-82d6-001d602f414c}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7cdbbc66-3e5b-11e0-8616-001d602f414c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7cdbbc66-3e5b-11e0-8616-001d602f414c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7cdbbc66-3e5b-11e0-8616-001d602f414c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7cdbbc66-3e5b-11e0-8616-001d602f414c}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beefae9f-1bfb-11df-8baf-001d602f414c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beefae9f-1bfb-11df-8baf-001d602f414c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{beefae9f-1bfb-11df-8baf-001d602f414c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{beefae9f-1bfb-11df-8baf-001d602f414c}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\cdstart.exe not found.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
========== FILES ==========
C:\ProgramData\ateisktyhgbvliw folder moved successfully.
C:\ProgramData\hjabjdlnztwiqna moved successfully.
File\Folder C:\ProgramData\*.exe not found.
C:\Windows\.conf moved successfully.
C:\Users\Mineor\AppData\Roaming\4113C8D3B5AFC42F58618C8B41F8027C folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Mineor\Desktop\cmd.bat deleted successfully.
C:\Users\Mineor\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Mineor
->Temp folder emptied: 83485332 bytes
->Temporary Internet Files folder emptied: 243924888 bytes
->Java cache emptied: 41261674 bytes
->FireFox cache emptied: 60597437 bytes
->Flash cache emptied: 2007303 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1107792 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 413,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 09282012_214224

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus · 28.09.2012, 21:09

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Mineor · 28.09.2012, 21:22

Hier das Log vom TDSS :

Code:

ATTFilter

22:21:33.0204 4560  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:21:33.0219 4560  ============================================================
22:21:33.0219 4560  Current date / time: 2012/09/28 22:21:33.0219
22:21:33.0219 4560  SystemInfo:
22:21:33.0219 4560  
22:21:33.0219 4560  OS Version: 6.0.6002 ServicePack: 2.0
22:21:33.0219 4560  Product type: Workstation
22:21:33.0219 4560  ComputerName: MINEOR-PC
22:21:33.0219 4560  UserName: Mineor
22:21:33.0219 4560  Windows directory: C:\Windows
22:21:33.0219 4560  System windows directory: C:\Windows
22:21:33.0219 4560  Processor architecture: Intel x86
22:21:33.0219 4560  Number of processors: 2
22:21:33.0219 4560  Page size: 0x1000
22:21:33.0219 4560  Boot type: Normal boot
22:21:33.0219 4560  ============================================================
22:21:34.0233 4560  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:21:34.0233 4560  ============================================================
22:21:34.0233 4560  \Device\Harddisk0\DR0:
22:21:34.0233 4560  MBR partitions:
22:21:34.0233 4560  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEA8F800
22:21:34.0233 4560  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEA90000, BlocksNum 0xA607A63
22:21:34.0233 4560  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x19097A68, BlocksNum 0x412D598
22:21:34.0233 4560  ============================================================
22:21:34.0280 4560  C: <-> \Device\Harddisk0\DR0\Partition1
22:21:34.0327 4560  D: <-> \Device\Harddisk0\DR0\Partition2
22:21:34.0577 4560  E: <-> \Device\Harddisk0\DR0\Partition3
22:21:34.0577 4560  ============================================================
22:21:34.0577 4560  Initialize success
22:21:34.0577 4560  ============================================================
22:21:53.0359 4736  ============================================================
22:21:53.0359 4736  Scan started
22:21:53.0359 4736  Mode: Manual; SigCheck; TDLFS; 
22:21:53.0359 4736  ============================================================
22:21:54.0482 4736  ================ Scan system memory ========================
22:21:54.0482 4736  System memory - ok
22:21:54.0482 4736  ================ Scan services =============================
22:21:56.0042 4736  [ E6F53D6C0DEA3D375362265E175CA638 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
22:21:56.0120 4736  acedrv11 - ok
22:21:56.0167 4736  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
22:21:56.0183 4736  ACPI - ok
22:21:56.0229 4736  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:21:56.0245 4736  adp94xx - ok
22:21:56.0261 4736  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:21:56.0276 4736  adpahci - ok
22:21:56.0307 4736  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
22:21:56.0323 4736  adpu160m - ok
22:21:56.0323 4736  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:21:56.0339 4736  adpu320 - ok
22:21:56.0370 4736  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:21:56.0417 4736  AeLookupSvc - ok
22:21:56.0541 4736  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
22:21:56.0651 4736  AFD - ok
22:21:56.0666 4736  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:21:56.0682 4736  agp440 - ok
22:21:56.0697 4736  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
22:21:56.0713 4736  aic78xx - ok
22:21:56.0744 4736  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
22:21:56.0900 4736  ALG - ok
22:21:56.0963 4736  [ 90395B64600EBB4552E26E178C94B2E4 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:21:56.0994 4736  aliide - ok
22:21:57.0025 4736  [ D16B67B26A1096EDF8B57D03513ECFA7 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:21:57.0087 4736  AMD External Events Utility - ok
22:21:57.0119 4736  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:21:57.0119 4736  amdagp - ok
22:21:57.0119 4736  [ 0577DF1D323FE75A739C787893D300EA ] amdide          C:\Windows\system32\drivers\amdide.sys
22:21:57.0134 4736  amdide - ok
22:21:57.0165 4736  amdiox86 - ok
22:21:57.0165 4736  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
22:21:57.0368 4736  AmdK7 - ok
22:21:57.0415 4736  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:21:57.0462 4736  AmdK8 - ok
22:21:58.0507 4736  [ AEAE5ECBEAA0107D36C0B94EF341ABC7 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:21:58.0757 4736  amdkmdag - ok
22:21:58.0803 4736  [ 60643C3ABE28015269A62EB3DD4A49F4 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
22:21:58.0835 4736  amdkmdap - ok
22:21:59.0505 4736  [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:21:59.0521 4736  AntiVirSchedulerService - ok
22:21:59.0568 4736  [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:21:59.0583 4736  AntiVirService - ok
22:21:59.0646 4736  [ DFAE18C675D71FD06D57DC69D2913975 ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
22:21:59.0708 4736  AppHostSvc - ok
22:21:59.0755 4736  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
22:21:59.0817 4736  Appinfo - ok
22:21:59.0833 4736  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys
22:21:59.0849 4736  arc - ok
22:21:59.0864 4736  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:21:59.0880 4736  arcsas - ok
22:22:00.0535 4736  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:22:00.0582 4736  aspnet_state - ok
22:22:00.0644 4736  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:22:00.0675 4736  AsyncMac - ok
22:22:00.0707 4736  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
22:22:00.0707 4736  atapi - ok
22:22:00.0753 4736  [ 3D23496E749B75675D9B266CB29E9742 ] AtcL001         C:\Windows\system32\DRIVERS\atl01v32.sys
22:22:00.0785 4736  AtcL001 - ok
22:22:00.0800 4736  AtiHDAudioService - ok
22:22:00.0863 4736  [ D7672D90EF03D0E2EFDB02DF5045A359 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
22:22:00.0863 4736  AtiHdmiService - ok
22:22:01.0081 4736  [ AEAE5ECBEAA0107D36C0B94EF341ABC7 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:22:01.0221 4736  atikmdag - ok
22:22:01.0284 4736  [ F9C24D25D9FF29F894995A64812B4D85 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
22:22:01.0299 4736  atksgt - ok
22:22:01.0346 4736  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:22:01.0393 4736  AudioEndpointBuilder - ok
22:22:01.0409 4736  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:22:01.0424 4736  Audiosrv - ok
22:22:01.0502 4736  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
22:22:01.0518 4736  avgntflt - ok
22:22:01.0580 4736  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
22:22:01.0596 4736  avipbb - ok
22:22:01.0643 4736  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
22:22:01.0643 4736  avkmgr - ok
22:22:01.0674 4736  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:22:01.0721 4736  Beep - ok
22:22:01.0814 4736  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
22:22:01.0877 4736  BFE - ok
22:22:01.0939 4736  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
22:22:02.0001 4736  BITS - ok
22:22:02.0001 4736  blbdrive - ok
22:22:02.0048 4736  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:22:02.0079 4736  bowser - ok
22:22:02.0111 4736  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
22:22:02.0142 4736  BrFiltLo - ok
22:22:02.0142 4736  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
22:22:02.0173 4736  BrFiltUp - ok
22:22:02.0220 4736  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
22:22:02.0251 4736  Browser - ok
22:22:02.0267 4736  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
22:22:02.0298 4736  Brserid - ok
22:22:02.0313 4736  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
22:22:02.0345 4736  BrSerWdm - ok
22:22:02.0345 4736  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
22:22:02.0391 4736  BrUsbMdm - ok
22:22:02.0391 4736  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
22:22:02.0438 4736  BrUsbSer - ok
22:22:02.0438 4736  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:22:02.0469 4736  BTHMODEM - ok
22:22:02.0516 4736  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:22:02.0532 4736  cdfs - ok
22:22:02.0594 4736  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:22:02.0625 4736  cdrom - ok
22:22:02.0657 4736  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
22:22:02.0688 4736  CertPropSvc - ok
22:22:02.0703 4736  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
22:22:02.0750 4736  circlass - ok
22:22:02.0781 4736  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
22:22:02.0813 4736  CLFS - ok
22:22:02.0859 4736  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:22:02.0875 4736  clr_optimization_v2.0.50727_32 - ok
22:22:02.0953 4736  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:22:03.0000 4736  clr_optimization_v4.0.30319_32 - ok
22:22:03.0031 4736  [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:22:03.0062 4736  cmdide - ok
22:22:03.0078 4736  [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:22:03.0078 4736  Compbatt - ok
22:22:03.0093 4736  COMSysApp - ok
22:22:03.0109 4736  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:22:03.0109 4736  crcdisk - ok
22:22:03.0125 4736  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
22:22:03.0171 4736  Crusoe - ok
22:22:03.0218 4736  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:22:03.0249 4736  CryptSvc - ok
22:22:03.0296 4736  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:22:03.0327 4736  DcomLaunch - ok
22:22:03.0374 4736  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:22:03.0405 4736  DfsC - ok
22:22:03.0499 4736  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
22:22:03.0624 4736  DFSR - ok
22:22:03.0639 4736  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
22:22:03.0671 4736  Dhcp - ok
22:22:03.0702 4736  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
22:22:03.0717 4736  disk - ok
22:22:03.0764 4736  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:22:03.0795 4736  Dnscache - ok
22:22:03.0811 4736  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:22:03.0827 4736  dot3svc - ok
22:22:03.0873 4736  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
22:22:03.0905 4736  DPS - ok
22:22:03.0936 4736  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:22:03.0967 4736  drmkaud - ok
22:22:04.0014 4736  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:22:04.0029 4736  DXGKrnl - ok
22:22:04.0076 4736  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
22:22:04.0123 4736  E1G60 - ok
22:22:04.0154 4736  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
22:22:04.0185 4736  EapHost - ok
22:22:04.0217 4736  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
22:22:04.0232 4736  Ecache - ok
22:22:04.0310 4736  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:22:04.0326 4736  ehRecvr - ok
22:22:04.0357 4736  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
22:22:04.0373 4736  ehSched - ok
22:22:04.0373 4736  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
22:22:04.0388 4736  ehstart - ok
22:22:04.0404 4736  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:22:04.0419 4736  elxstor - ok
22:22:04.0451 4736  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
22:22:04.0482 4736  EMDMgmt - ok
22:22:04.0544 4736  [ 539CA34FBC74EC366A0D751028C32A08 ] epmntdrv        C:\Windows\system32\epmntdrv.sys
22:22:04.0560 4736  epmntdrv ( UnsignedFile.Multi.Generic ) - warning
22:22:04.0560 4736  epmntdrv - detected UnsignedFile.Multi.Generic (1)
22:22:04.0591 4736  [ 1F2F4AB15CE03ECC257FEB2F6DC5A013 ] EuGdiDrv        C:\Windows\system32\EuGdiDrv.sys
22:22:04.0591 4736  EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
22:22:04.0591 4736  EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
22:22:04.0638 4736  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
22:22:04.0669 4736  EventSystem - ok
22:22:04.0700 4736  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
22:22:04.0731 4736  exfat - ok
22:22:04.0747 4736  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:22:04.0778 4736  fastfat - ok
22:22:04.0825 4736  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:22:04.0856 4736  fdc - ok
22:22:04.0887 4736  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:22:04.0903 4736  fdPHost - ok
22:22:04.0934 4736  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:22:04.0965 4736  FDResPub - ok
22:22:04.0981 4736  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:22:04.0981 4736  FileInfo - ok
22:22:04.0997 4736  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:22:05.0028 4736  Filetrace - ok
22:22:05.0043 4736  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:22:05.0090 4736  flpydisk - ok
22:22:05.0121 4736  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:22:05.0137 4736  FltMgr - ok
22:22:05.0215 4736  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
22:22:05.0262 4736  FontCache - ok
22:22:05.0324 4736  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:22:05.0355 4736  FontCache3.0.0.0 - ok
22:22:05.0433 4736  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:22:05.0465 4736  Fs_Rec - ok
22:22:05.0480 4736  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:22:05.0496 4736  gagp30kx - ok
22:22:05.0558 4736  [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
22:22:05.0558 4736  ggflt - ok
22:22:05.0574 4736  [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
22:22:05.0589 4736  ggsemc - ok
22:22:05.0792 4736  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
22:22:05.0823 4736  gpsvc - ok
22:22:05.0917 4736  [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:22:05.0964 4736  HdAudAddService - ok
22:22:06.0011 4736  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:22:06.0057 4736  HDAudBus - ok
22:22:06.0073 4736  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:22:06.0135 4736  HidBth - ok
22:22:06.0135 4736  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
22:22:06.0182 4736  HidIr - ok
22:22:06.0245 4736  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
22:22:06.0260 4736  hidserv - ok
22:22:06.0338 4736  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:22:06.0432 4736  HidUsb - ok
22:22:06.0479 4736  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:22:06.0510 4736  hkmsvc - ok
22:22:06.0525 4736  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
22:22:06.0541 4736  HpCISSs - ok
22:22:06.0572 4736  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:22:06.0603 4736  HTTP - ok
22:22:06.0635 4736  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
22:22:06.0650 4736  i2omp - ok
22:22:06.0697 4736  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:22:06.0713 4736  i8042prt - ok
22:22:06.0728 4736  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
22:22:06.0744 4736  iaStorV - ok
22:22:06.0915 4736  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:22:07.0040 4736  IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:22:07.0040 4736  IDriverT - detected UnsignedFile.Multi.Generic (1)
22:22:07.0181 4736  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:22:07.0274 4736  idsvc - ok
22:22:07.0290 4736  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:22:07.0305 4736  iirsp - ok
22:22:07.0539 4736  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:22:07.0633 4736  IKEEXT - ok
22:22:07.0711 4736  [ 97469037714070E45194ED318D636401 ] intelide        C:\Windows\system32\drivers\intelide.sys
22:22:07.0727 4736  intelide - ok
22:22:07.0758 4736  [ CE44CC04262F28216DD4341E9E36A16F ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:22:07.0805 4736  intelppm - ok
22:22:07.0867 4736  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:22:07.0883 4736  IPBusEnum - ok
22:22:07.0992 4736  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:22:08.0085 4736  IpFilterDriver - ok
22:22:08.0117 4736  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:22:08.0195 4736  iphlpsvc - ok
22:22:08.0195 4736  IpInIp - ok
22:22:08.0226 4736  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
22:22:08.0288 4736  IPMIDRV - ok
22:22:08.0351 4736  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
22:22:08.0413 4736  IPNAT - ok
22:22:08.0444 4736  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:22:08.0475 4736  IRENUM - ok
22:22:08.0491 4736  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:22:08.0491 4736  isapnp - ok
22:22:08.0538 4736  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
22:22:08.0553 4736  iScsiPrt - ok
22:22:08.0585 4736  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
22:22:08.0600 4736  iteatapi - ok
22:22:08.0600 4736  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
22:22:08.0616 4736  iteraid - ok
22:22:08.0663 4736  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:22:08.0663 4736  kbdclass - ok
22:22:08.0741 4736  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:22:08.0819 4736  kbdhid - ok
22:22:08.0850 4736  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
22:22:08.0897 4736  KeyIso - ok
22:22:09.0068 4736  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:22:09.0131 4736  KSecDD - ok
22:22:09.0287 4736  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:22:09.0380 4736  KtmRm - ok
22:22:09.0427 4736  [ 7C7E894B3F40748E06BB18CE1F66352F ] L8042Kbd        C:\Windows\system32\DRIVERS\L8042Kbd.sys
22:22:09.0443 4736  L8042Kbd - ok
22:22:09.0458 4736  [ 5F9734F12443502E13BC80734AFACB20 ] L8042mou        C:\Windows\system32\DRIVERS\L8042mou.Sys
22:22:09.0474 4736  L8042mou - ok
22:22:09.0505 4736  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:22:09.0536 4736  LanmanServer - ok
22:22:09.0677 4736  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:22:09.0770 4736  LanmanWorkstation - ok
22:22:10.0035 4736  [ A15A462F3BBB68974419B7158F4B3647 ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
22:22:10.0035 4736  LBTServ - ok
22:22:10.0098 4736  [ 4DD47B5AF0B24871EBB9EFC012A7474E ] LgBttPort       C:\Windows\system32\DRIVERS\lgbtport.sys
22:22:10.0129 4736  LgBttPort - ok
22:22:10.0223 4736  [ 1D038CA6C529203087A990E5E97887B4 ] lgbusenum       C:\Windows\system32\DRIVERS\lgbtbus.sys
22:22:10.0269 4736  lgbusenum - ok
22:22:10.0316 4736  [ 26F1976A330195D62A6224C76968CF0D ] LGVMODEM        C:\Windows\system32\DRIVERS\lgvmodem.sys
22:22:10.0363 4736  LGVMODEM - ok
22:22:10.0394 4736  [ F5E165B4E3DF145F6E8BF3C0573F94D8 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
22:22:10.0410 4736  LHidFilt - ok
22:22:10.0535 4736  [ 8CCF9ED46D52AF1375875F74A91FFACF ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
22:22:10.0550 4736  lirsgt - ok
22:22:10.0628 4736  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:22:10.0706 4736  lltdsvc - ok
22:22:10.0737 4736  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:22:10.0800 4736  lmhosts - ok
22:22:10.0815 4736  [ B46E39B8AE439D7CE75A923E7F950040 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
22:22:10.0815 4736  LMouFilt - ok
22:22:10.0847 4736  [ 3E42560B84441323A688F84737B92B97 ] LMouKE          C:\Windows\system32\DRIVERS\LMouKE.Sys
22:22:10.0862 4736  LMouKE - ok
22:22:10.0925 4736  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:22:10.0956 4736  LSI_FC - ok
22:22:10.0987 4736  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:22:11.0003 4736  LSI_SAS - ok
22:22:11.0049 4736  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:22:11.0065 4736  LSI_SCSI - ok
22:22:11.0112 4736  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
22:22:11.0143 4736  luafv - ok
22:22:11.0159 4736  [ 9BBD8674C1D3811B851C8CF8A8E30E2C ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
22:22:11.0159 4736  LUsbFilt - ok
22:22:11.0658 4736  [ 08CE822A336A6D2D0182110D5F3448F1 ] LVcKap          C:\Windows\system32\DRIVERS\LVcKap.sys
22:22:11.0939 4736  LVcKap - ok
22:22:12.0001 4736  [ 98DE6336EA14889B9B04EFC7CC7B484A ] LVCOMSer        C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
22:22:12.0017 4736  LVCOMSer - ok
22:22:12.0063 4736  [ D313CE0CA15941D2655DEB3718DB74B5 ] LVSrvLauncher   C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
22:22:12.0079 4736  LVSrvLauncher - ok
22:22:12.0204 4736  [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
22:22:12.0219 4736  McComponentHostService - ok
22:22:12.0251 4736  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:22:12.0282 4736  Mcx2Svc - ok
22:22:12.0297 4736  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys
22:22:12.0313 4736  megasas - ok
22:22:12.0360 4736  [ 42C2CBB8700F2B82F53404E1B6A59807 ] MHIKEY10        C:\Windows\system32\Drivers\MHIKEY10.sys
22:22:12.0391 4736  MHIKEY10 - ok
22:22:12.0422 4736  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
22:22:12.0438 4736  MMCSS - ok
22:22:12.0469 4736  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
22:22:12.0500 4736  Modem - ok
22:22:12.0547 4736  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:22:12.0578 4736  monitor - ok
22:22:12.0594 4736  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:22:12.0594 4736  mouclass - ok
22:22:12.0609 4736  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:22:12.0641 4736  mouhid - ok
22:22:12.0687 4736  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
22:22:12.0687 4736  MountMgr - ok
22:22:12.0797 4736  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:22:12.0828 4736  MozillaMaintenance - ok
22:22:12.0890 4736  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:22:12.0937 4736  mpio - ok
22:22:12.0953 4736  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:22:12.0984 4736  mpsdrv - ok
22:22:13.0031 4736  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:22:13.0046 4736  MpsSvc - ok
22:22:13.0062 4736  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
22:22:13.0077 4736  Mraid35x - ok
22:22:13.0124 4736  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:22:13.0155 4736  MRxDAV - ok
22:22:13.0202 4736  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:22:13.0249 4736  mrxsmb - ok
22:22:13.0296 4736  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:22:13.0296 4736  mrxsmb10 - ok
22:22:13.0327 4736  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:22:13.0374 4736  mrxsmb20 - ok
22:22:13.0389 4736  [ 742AED7939E734C36B7E8D6228CE26B7 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:22:13.0389 4736  msahci - ok
22:22:13.0405 4736  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:22:13.0421 4736  msdsm - ok
22:22:13.0452 4736  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
22:22:13.0514 4736  MSDTC - ok
22:22:13.0561 4736  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:22:13.0592 4736  Msfs - ok
22:22:13.0670 4736  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:22:13.0686 4736  msisadrv - ok
22:22:13.0748 4736  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:22:13.0779 4736  MSiSCSI - ok
22:22:13.0779 4736  msiserver - ok
22:22:13.0795 4736  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:22:13.0826 4736  MSKSSRV - ok
22:22:13.0857 4736  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:22:13.0889 4736  MSPCLOCK - ok
22:22:13.0904 4736  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:22:13.0935 4736  MSPQM - ok
22:22:13.0967 4736  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:22:13.0982 4736  MsRPC - ok
22:22:13.0998 4736  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:22:14.0013 4736  mssmbios - ok
22:22:14.0013 4736  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:22:14.0045 4736  MSTEE - ok
22:22:14.0076 4736  [ DCDAAB8697A47894A554050CE18D0B56 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
22:22:14.0123 4736  MTsensor - ok
22:22:14.0169 4736  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
22:22:14.0201 4736  Mup - ok
22:22:14.0372 4736  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
22:22:14.0435 4736  napagent - ok
22:22:14.0497 4736  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:22:14.0528 4736  NativeWifiP - ok
22:22:14.0559 4736  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:22:14.0575 4736  NDIS - ok
22:22:14.0622 4736  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:22:14.0669 4736  NdisTapi - ok
22:22:14.0700 4736  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:22:14.0731 4736  Ndisuio - ok
22:22:14.0731 4736  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:22:14.0747 4736  NdisWan - ok
22:22:14.0762 4736  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:22:14.0778 4736  NDProxy - ok
22:22:14.0809 4736  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:22:14.0856 4736  NetBIOS - ok
22:22:14.0871 4736  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
22:22:14.0887 4736  netbt - ok
22:22:14.0903 4736  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
22:22:14.0918 4736  Netlogon - ok
22:22:14.0949 4736  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
22:22:14.0981 4736  Netman - ok
22:22:15.0027 4736  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:22:15.0043 4736  NetMsmqActivator - ok
22:22:15.0043 4736  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:22:15.0059 4736  NetPipeActivator - ok
22:22:15.0137 4736  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
22:22:15.0183 4736  netprofm - ok
22:22:15.0199 4736  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:22:15.0215 4736  NetTcpActivator - ok
22:22:15.0215 4736  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:22:15.0230 4736  NetTcpPortSharing - ok
22:22:15.0246 4736  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:22:15.0261 4736  nfrd960 - ok
22:22:15.0308 4736  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:22:15.0339 4736  NlaSvc - ok
22:22:15.0417 4736  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:22:15.0449 4736  Npfs - ok
22:22:15.0511 4736  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
22:22:15.0558 4736  nsi - ok
22:22:15.0558 4736  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:22:15.0589 4736  nsiproxy - ok
22:22:15.0667 4736  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:22:15.0745 4736  Ntfs - ok
22:22:15.0761 4736  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
22:22:15.0823 4736  ntrigdigi - ok
22:22:15.0885 4736  [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
22:22:15.0885 4736  NuidFltr - ok
22:22:15.0901 4736  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
22:22:15.0917 4736  Null - ok
22:22:15.0932 4736  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:22:15.0948 4736  nvraid - ok
22:22:15.0963 4736  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:22:15.0979 4736  nvstor - ok
22:22:16.0010 4736  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:22:16.0010 4736  nv_agp - ok
22:22:16.0026 4736  NwlnkFlt - ok
22:22:16.0026 4736  NwlnkFwd - ok
22:22:16.0073 4736  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
22:22:16.0104 4736  ohci1394 - ok
22:22:16.0182 4736  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:22:16.0197 4736  ose - ok
22:22:16.0712 4736  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:22:16.0915 4736  osppsvc - ok
22:22:16.0993 4736  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
22:22:17.0040 4736  p2pimsvc - ok
22:22:17.0055 4736  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:22:17.0087 4736  p2psvc - ok
22:22:17.0118 4736  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
22:22:17.0165 4736  Parport - ok
22:22:17.0211 4736  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:22:17.0243 4736  partmgr - ok
22:22:17.0258 4736  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
22:22:17.0289 4736  Parvdm - ok
22:22:17.0414 4736  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:22:17.0414 4736  PcaSvc - ok
22:22:17.0461 4736  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
22:22:17.0461 4736  pci - ok
22:22:17.0508 4736  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
22:22:17.0508 4736  pciide - ok
22:22:17.0523 4736  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:22:17.0539 4736  pcmcia - ok
22:22:17.0555 4736  PdiPorts - ok
22:22:17.0570 4736  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:22:17.0633 4736  PEAUTH - ok
22:22:17.0711 4736  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
22:22:17.0804 4736  pla - ok
22:22:17.0882 4736  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:22:17.0898 4736  PlugPlay - ok
22:22:17.0960 4736  [ A1DD33D16F277CE34124EE52AB2C0F14 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
22:22:17.0976 4736  PnkBstrA - ok
22:22:17.0991 4736  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
22:22:18.0007 4736  PNRPAutoReg - ok
22:22:18.0054 4736  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
22:22:18.0085 4736  PNRPsvc - ok
22:22:18.0132 4736  [ E56E57CFB75B1EE2BB001AD036C27FBB ] Point32         C:\Windows\system32\DRIVERS\point32k.sys
22:22:18.0132 4736  Point32 - ok
22:22:18.0257 4736  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:22:18.0350 4736  PolicyAgent - ok
22:22:18.0397 4736  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:22:18.0459 4736  PptpMiniport - ok
22:22:18.0491 4736  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys
22:22:18.0537 4736  Processor - ok
22:22:18.0569 4736  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:22:18.0631 4736  ProfSvc - ok
22:22:18.0647 4736  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:22:18.0662 4736  ProtectedStorage - ok
22:22:18.0740 4736  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
22:22:18.0771 4736  PSched - ok
22:22:18.0865 4736  [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
22:22:18.0865 4736  PSI - ok
22:22:18.0912 4736  PxHelp20 - ok
22:22:18.0959 4736  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:22:18.0990 4736  ql2300 - ok
22:22:19.0021 4736  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:22:19.0021 4736  ql40xx - ok
22:22:19.0115 4736  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
22:22:19.0177 4736  QWAVE - ok
22:22:19.0193 4736  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:22:19.0208 4736  QWAVEdrv - ok
22:22:19.0271 4736  [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll
22:22:19.0302 4736  RapiMgr - ok
22:22:19.0395 4736  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:22:19.0473 4736  RasAcd - ok
22:22:19.0520 4736  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
22:22:19.0551 4736  RasAuto - ok
22:22:19.0598 4736  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:22:19.0645 4736  Rasl2tp - ok
22:22:19.0692 4736  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
22:22:19.0723 4736  RasMan - ok
22:22:19.0739 4736  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:22:19.0770 4736  RasPppoe - ok
22:22:19.0785 4736  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:22:19.0817 4736  RasSstp - ok
22:22:19.0832 4736  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:22:19.0879 4736  rdbss - ok
22:22:19.0910 4736  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:22:19.0941 4736  RDPCDD - ok
22:22:19.0957 4736  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
22:22:20.0004 4736  rdpdr - ok
22:22:20.0082 4736  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:22:20.0113 4736  RDPENCDD - ok
22:22:20.0160 4736  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:22:20.0207 4736  RDPWD - ok
22:22:20.0253 4736  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:22:20.0269 4736  RemoteAccess - ok
22:22:20.0316 4736  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:22:20.0347 4736  RemoteRegistry - ok
22:22:20.0378 4736  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
22:22:20.0409 4736  RpcLocator - ok
22:22:20.0425 4736  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
22:22:20.0456 4736  RpcSs - ok
22:22:20.0472 4736  [ 5E01AB8AB1ACF8850B2D64A6FD068E46 ] RTL8023xp       C:\Windows\system32\DRIVERS\Rtnicxp.sys
22:22:20.0503 4736  RTL8023xp - ok
22:22:20.0519 4736  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
22:22:20.0534 4736  SamSs - ok
22:22:20.0675 4736  [ A4D65B2568F09ED2597BDB1F145153D7 ] SANDRA          C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys
22:22:20.0675 4736  SANDRA - ok
22:22:20.0737 4736  [ 6CFE2C7E666648083F67EA9A6918CFE4 ] SandraAgentSrv  C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
22:22:20.0737 4736  SandraAgentSrv - ok
22:22:20.0799 4736  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:22:20.0815 4736  sbp2port - ok
22:22:20.0862 4736  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:22:20.0893 4736  SCardSvr - ok
22:22:21.0127 4736  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
22:22:21.0189 4736  Schedule - ok
22:22:21.0189 4736  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:22:21.0205 4736  SCPolicySvc - ok
22:22:21.0252 4736  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:22:21.0283 4736  SDRSVC - ok
22:22:21.0314 4736  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:22:21.0361 4736  secdrv - ok
22:22:21.0361 4736  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
22:22:21.0392 4736  seclogon - ok
22:22:21.0829 4736  [ F70A51EB03EE7046784EF62EFCE9528E ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
22:22:21.0907 4736  Secunia PSI Agent - ok
22:22:22.0141 4736  [ AD56CEB08EEB517332355FDE9E5939C8 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
22:22:22.0203 4736  Secunia Update Agent - ok
22:22:22.0250 4736  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
22:22:22.0297 4736  SENS - ok
22:22:22.0344 4736  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:22:22.0375 4736  Serenum - ok
22:22:22.0391 4736  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:22:22.0422 4736  Serial - ok
22:22:22.0469 4736  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:22:22.0515 4736  sermouse - ok
22:22:22.0547 4736  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:22:22.0578 4736  SessionEnv - ok
22:22:22.0593 4736  [ 103B79418DA647736EE95645F305F68A ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:22:22.0640 4736  sffdisk - ok
22:22:22.0656 4736  [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:22:22.0687 4736  sffp_mmc - ok
22:22:22.0687 4736  [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:22:22.0718 4736  sffp_sd - ok
22:22:22.0734 4736  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
22:22:22.0781 4736  sfloppy - ok
22:22:22.0827 4736  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:22:22.0859 4736  SharedAccess - ok
22:22:22.0937 4736  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:22:22.0999 4736  ShellHWDetection - ok
22:22:23.0030 4736  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:22:23.0046 4736  sisagp - ok
22:22:23.0061 4736  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
22:22:23.0061 4736  SiSRaid2 - ok
22:22:23.0061 4736  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:22:23.0077 4736  SiSRaid4 - ok
22:22:23.0545 4736  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
22:22:23.0732 4736  slsvc - ok
22:22:23.0779 4736  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
22:22:23.0826 4736  SLUINotify - ok
22:22:23.0857 4736  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:22:23.0888 4736  Smb - ok
22:22:23.0919 4736  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:22:23.0935 4736  SNMPTRAP - ok
22:22:24.0419 4736  [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
22:22:24.0434 4736  Sony PC Companion - ok
22:22:24.0528 4736  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
22:22:24.0528 4736  spldr - ok
22:22:24.0590 4736  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
22:22:24.0653 4736  Spooler - ok
22:22:24.0871 4736  [ D390675B8CE45E5FB359338E5E649329 ] sptd            C:\Windows\System32\Drivers\sptd.sys
22:22:24.0902 4736  sptd - ok
22:22:24.0965 4736  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:22:25.0011 4736  srv - ok
22:22:25.0043 4736  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:22:25.0074 4736  srv2 - ok
22:22:25.0121 4736  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:22:25.0121 4736  srvnet - ok
22:22:25.0183 4736  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:22:25.0199 4736  SSDPSRV - ok
22:22:25.0339 4736  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
22:22:25.0339 4736  ssmdrv - ok
22:22:25.0433 4736  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:22:25.0479 4736  SstpSvc - ok
22:22:25.0511 4736  Steam Client Service - ok
22:22:25.0573 4736  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
22:22:25.0604 4736  stisvc - ok
22:22:25.0635 4736  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:22:25.0651 4736  swenum - ok
22:22:25.0729 4736  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
22:22:25.0745 4736  swprv - ok
22:22:25.0760 4736  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
22:22:25.0776 4736  Symc8xx - ok
22:22:25.0776 4736  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
22:22:25.0791 4736  Sym_hi - ok
22:22:25.0791 4736  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
22:22:25.0791 4736  Sym_u3 - ok
22:22:25.0823 4736  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
22:22:25.0854 4736  SysMain - ok
22:22:25.0869 4736  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:22:25.0885 4736  TabletInputService - ok
22:22:25.0932 4736  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:22:25.0963 4736  TapiSrv - ok
22:22:25.0994 4736  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
22:22:26.0025 4736  TBS - ok
22:22:26.0181 4736  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:22:26.0213 4736  Tcpip - ok
22:22:26.0525 4736  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
22:22:26.0587 4736  Tcpip6 - ok
22:22:26.0634 4736  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:22:26.0696 4736  tcpipreg - ok
22:22:26.0743 4736  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:22:26.0774 4736  TDPIPE - ok
22:22:26.0790 4736  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:22:26.0821 4736  TDTCP - ok
22:22:26.0852 4736  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:22:26.0883 4736  tdx - ok
22:22:26.0930 4736  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:22:26.0946 4736  TermDD - ok
22:22:27.0149 4736  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
22:22:27.0227 4736  TermService - ok
22:22:27.0258 4736  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
22:22:27.0273 4736  Themes - ok
22:22:27.0289 4736  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
22:22:27.0320 4736  THREADORDER - ok
22:22:27.0367 4736  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
22:22:27.0429 4736  TrkWks - ok
22:22:27.0476 4736  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:22:27.0523 4736  TrustedInstaller - ok
22:22:27.0539 4736  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:22:27.0570 4736  tssecsrv - ok
22:22:27.0585 4736  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
22:22:27.0601 4736  tunmp - ok
22:22:27.0632 4736  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:22:27.0663 4736  tunnel - ok
22:22:27.0695 4736  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:22:27.0710 4736  uagp35 - ok
22:22:27.0757 4736  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:22:27.0819 4736  udfs - ok
22:22:27.0851 4736  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:22:27.0866 4736  UI0Detect - ok
22:22:27.0897 4736  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:22:27.0897 4736  uliagpkx - ok
22:22:27.0913 4736  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys
22:22:27.0929 4736  uliahci - ok
22:22:27.0929 4736  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
22:22:27.0944 4736  UlSata - ok
22:22:27.0960 4736  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
22:22:27.0960 4736  ulsata2 - ok
22:22:28.0007 4736  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:22:28.0038 4736  umbus - ok
22:22:28.0085 4736  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
22:22:28.0116 4736  upnphost - ok
22:22:28.0163 4736  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:22:28.0209 4736  usbaudio - ok
22:22:28.0256 4736  [ 9419FAAC6552A51542DBBA02971C841C ] usbbus          C:\Windows\system32\DRIVERS\lgusbbus.sys
22:22:28.0287 4736  usbbus - ok
22:22:28.0334 4736  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:22:28.0365 4736  usbccgp - ok
22:22:28.0397 4736  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:22:28.0475 4736  usbcir - ok
22:22:28.0521 4736  [ C0A466FA4FFEC464320E159BC1BBDC0C ] UsbDiag         C:\Windows\system32\DRIVERS\lgusbdiag.sys
22:22:28.0568 4736  UsbDiag - ok
22:22:28.0599 4736  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:22:28.0631 4736  usbehci - ok
22:22:28.0677 4736  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:22:28.0693 4736  usbhub - ok
22:22:28.0724 4736  [ F74A54774A9B0AFEB3C40ADEC68AA600 ] USBModem        C:\Windows\system32\DRIVERS\lgusbmodem.sys
22:22:28.0771 4736  USBModem - ok
22:22:28.0818 4736  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
22:22:28.0865 4736  usbohci - ok
22:22:28.0896 4736  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:22:28.0911 4736  usbprint - ok
22:22:28.0958 4736  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:22:28.0989 4736  usbscan - ok
22:22:29.0021 4736  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:22:29.0036 4736  USBSTOR - ok
22:22:29.0052 4736  [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
22:22:29.0099 4736  usbuhci - ok
22:22:29.0145 4736  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
22:22:29.0177 4736  UxSms - ok
22:22:29.0192 4736  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
22:22:29.0223 4736  vds - ok
22:22:29.0255 4736  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:22:29.0286 4736  vga - ok
22:22:29.0333 4736  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:22:29.0395 4736  VgaSave - ok
22:22:29.0411 4736  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:22:29.0411 4736  viaagp - ok
22:22:29.0473 4736  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
22:22:29.0551 4736  ViaC7 - ok
22:22:29.0551 4736  [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide          C:\Windows\system32\drivers\viaide.sys
22:22:29.0567 4736  viaide - ok
22:22:29.0582 4736  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:22:29.0598 4736  volmgr - ok
22:22:29.0645 4736  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:22:29.0676 4736  volmgrx - ok
22:22:29.0785 4736  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:22:29.0816 4736  volsnap - ok
22:22:29.0863 4736  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:22:29.0863 4736  vsmraid - ok
22:22:29.0925 4736  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
22:22:30.0019 4736  VSS - ok
22:22:30.0066 4736  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
22:22:30.0113 4736  W32Time - ok
22:22:30.0253 4736  [ 9CA92191C8F18E8B491A5B28E63C07B7 ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
22:22:30.0347 4736  W3SVC - ok
22:22:30.0362 4736  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:22:30.0409 4736  WacomPen - ok
22:22:30.0456 4736  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
22:22:30.0487 4736  Wanarp - ok
22:22:30.0503 4736  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:22:30.0518 4736  Wanarpv6 - ok
22:22:30.0565 4736  [ 9CA92191C8F18E8B491A5B28E63C07B7 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
22:22:30.0596 4736  WAS - ok
22:22:30.0659 4736  [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
22:22:30.0737 4736  WcesComm - ok
22:22:30.0768 4736  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:22:30.0830 4736  wcncsvc - ok
22:22:30.0861 4736  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:22:30.0877 4736  WcsPlugInService - ok
22:22:30.0924 4736  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys
22:22:30.0924 4736  Wd - ok
22:22:30.0971 4736  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:22:31.0002 4736  Wdf01000 - ok
22:22:31.0049 4736  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:22:31.0064 4736  WdiServiceHost - ok
22:22:31.0080 4736  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:22:31.0111 4736  WdiSystemHost - ok
22:22:31.0189 4736  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
22:22:31.0205 4736  WebClient - ok
22:22:31.0267 4736  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:22:31.0298 4736  Wecsvc - ok
22:22:31.0329 4736  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:22:31.0345 4736  wercplsupport - ok
22:22:31.0361 4736  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:22:31.0376 4736  WerSvc - ok
22:22:31.0704 4736  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
22:22:31.0766 4736  WinDefend - ok
22:22:31.0797 4736  WinHttpAutoProxySvc - ok
22:22:31.0922 4736  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:22:31.0938 4736  Winmgmt - ok
22:22:32.0515 4736  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:22:32.0593 4736  WinRM - ok
22:22:32.0671 4736  [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb          C:\Windows\system32\DRIVERS\winusb.sys
22:22:32.0718 4736  winusb - ok
22:22:32.0780 4736  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:22:32.0796 4736  Wlansvc - ok
22:22:32.0858 4736  [ 59C90BC8317BD3F6E5559A4DEAF35090 ] WmBEnum         C:\Windows\system32\drivers\WmBEnum.sys
22:22:32.0874 4736  WmBEnum - ok
22:22:32.0889 4736  [ 999A4539AD634A741AFD357E290BD461 ] WmFilter        C:\Windows\system32\drivers\WmFilter.sys
22:22:32.0889 4736  WmFilter - ok
22:22:32.0921 4736  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:22:32.0952 4736  WmiAcpi - ok
22:22:32.0999 4736  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:22:33.0014 4736  wmiApSrv - ok
22:22:33.0482 4736  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:22:33.0623 4736  WMPNetworkSvc - ok
22:22:33.0654 4736  [ 0B8C64B13776F17537F0705FE62799C6 ] WmVirHid        C:\Windows\system32\drivers\WmVirHid.sys
22:22:33.0685 4736  WmVirHid - ok
22:22:33.0701 4736  [ 8D388AEB1A12C1192AA9B4EBCEABCBA6 ] WmXlCore        C:\Windows\system32\drivers\WmXlCore.sys
22:22:33.0716 4736  WmXlCore - ok
22:22:33.0794 4736  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:22:33.0872 4736  WPCSvc - ok
22:22:33.0903 4736  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:22:33.0935 4736  WPDBusEnum - ok
22:22:33.0981 4736  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
22:22:33.0997 4736  WpdUsb - ok
22:22:34.0403 4736  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:22:34.0496 4736  WPFFontCache_v0400 - ok
22:22:34.0543 4736  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:22:34.0605 4736  ws2ifsl - ok
22:22:34.0668 4736  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
22:22:34.0683 4736  wscsvc - ok
22:22:34.0683 4736  WSearch - ok
22:22:35.0027 4736  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
22:22:35.0105 4736  wuauserv - ok
22:22:35.0167 4736  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:22:35.0183 4736  WUDFRd - ok
22:22:35.0198 4736  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:22:35.0261 4736  wudfsvc - ok
22:22:35.0339 4736  [ F35663B3D640D751A4D7EB29D105C994 ] XBCD            C:\Windows\system32\Drivers\xbcd.sys
22:22:35.0370 4736  XBCD ( UnsignedFile.Multi.Generic ) - warning
22:22:35.0370 4736  XBCD - detected UnsignedFile.Multi.Generic (1)
22:22:35.0417 4736  [ C6CA0CC2F7FCDCFE5B551335BFE6D696 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
22:22:35.0448 4736  yukonwlh - ok
22:22:35.0463 4736  ================ Scan global ===============================
22:22:35.0510 4736  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
22:22:35.0666 4736  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:22:35.0744 4736  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:22:35.0853 4736  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
22:22:35.0853 4736  [Global] - ok
22:22:35.0853 4736  ================ Scan MBR ==================================
22:22:35.0900 4736  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:22:37.0039 4736  \Device\Harddisk0\DR0 - ok
22:22:37.0039 4736  ================ Scan VBR ==================================
22:22:37.0070 4736  [ 0943D7D8B42A2A5BC56E88D7BCB09FDF ] \Device\Harddisk0\DR0\Partition1
22:22:37.0148 4736  \Device\Harddisk0\DR0\Partition1 - ok
22:22:37.0195 4736  [ 66DED9B937896EC03310895B9ED66F59 ] \Device\Harddisk0\DR0\Partition2
22:22:37.0320 4736  \Device\Harddisk0\DR0\Partition2 - ok
22:22:37.0382 4736  [ 861816EC8DEE42ADE30463A1F6764FAB ] \Device\Harddisk0\DR0\Partition3
22:22:37.0507 4736  \Device\Harddisk0\DR0\Partition3 - ok
22:22:37.0507 4736  ============================================================
22:22:37.0507 4736  Scan finished
22:22:37.0507 4736  ============================================================
22:22:37.0523 4728  Detected object count: 4
22:22:37.0523 4728  Actual detected object count: 4
22:23:08.0629 4728  epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:08.0629 4728  epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:23:08.0629 4728  EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:08.0629 4728  EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:23:08.0629 4728  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:08.0629 4728  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
22:23:08.0629 4728  XBCD ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:08.0629 4728  XBCD ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 28.09.2012, 21:32

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Mineor · 28.09.2012, 21:54

hier der Combofix-Log :

Code:

ATTFilter

ComboFix 12-09-27.03 - Mineor 28.09.2012  22:45:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3326.2231 [GMT 2:00]
ausgeführt von:: c:\users\Mineor\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.url
c:\programdata\xml21F4.tmp
c:\programdata\xml35B1.tmp
c:\programdata\xml3C28.tmp
c:\programdata\xml3CB5.tmp
c:\programdata\xmlE83D.tmp
c:\users\Mineor\AppData\Local\._Revolution_
c:\users\Mineor\AppData\Local\assembly\tmp
c:\users\Mineor\AppData\Roaming\FFSJ
c:\users\Mineor\AppData\Roaming\FFSJ\FFSJ.cfg
c:\users\Mineor\AppData\Roaming\Mineorlog.dat
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-28 bis 2012-09-28  ))))))))))))))))))))))))))))))
.
.
2012-09-28 20:50 . 2012-09-28 20:50	--------	d-----w-	c:\users\Mineor\AppData\Local\temp
2012-09-28 20:50 . 2012-09-28 20:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-28 19:42 . 2012-09-28 19:42	--------	d-----w-	C:\_OTL
2012-09-28 18:59 . 2012-09-28 18:59	--------	d-----w-	c:\programdata\ZA_PreservedFiles
2012-09-27 12:36 . 2012-09-27 12:36	--------	d-----w-	c:\program files\ESET
2012-09-26 12:57 . 2012-09-26 12:57	100864	----a-w-	C:\ufdiypow.sys
2012-09-25 08:40 . 2012-09-25 08:40	--------	d-----w-	c:\users\Mineor\AppData\Local\DOSBox
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 15:04 . 2010-10-28 19:34	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-27 10:47 . 2012-07-23 22:10	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-07-27 10:47 . 2011-09-06 09:22	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-12 14:36 . 2012-07-12 14:36	86528	----a-w-	c:\windows\system32\iesysprep.dll
2012-07-12 14:36 . 2012-07-12 14:36	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-07-12 14:36 . 2012-07-12 14:36	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-07-12 14:36 . 2012-07-12 14:36	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-07-12 14:36 . 2012-07-12 14:36	161792	----a-w-	c:\windows\system32\msls31.dll
2012-07-12 14:36 . 2012-07-12 14:36	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-07-12 14:36 . 2012-07-12 14:36	74752	----a-w-	c:\windows\system32\iesetup.dll
2012-07-12 14:36 . 2012-07-12 14:36	63488	----a-w-	c:\windows\system32\tdc.ocx
2012-07-12 14:36 . 2012-07-12 14:36	367104	----a-w-	c:\windows\system32\html.iec
2012-07-12 14:36 . 2012-07-12 14:36	23552	----a-w-	c:\windows\system32\licmgr10.dll
2012-07-12 14:36 . 2012-07-12 14:36	152064	----a-w-	c:\windows\system32\wextract.exe
2012-07-12 14:36 . 2012-07-12 14:36	150528	----a-w-	c:\windows\system32\iexpress.exe
2012-07-12 14:36 . 2012-07-12 14:36	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-07-12 14:35 . 2012-07-12 14:35	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-07-12 14:35 . 2012-07-12 14:35	35840	----a-w-	c:\windows\system32\imgutil.dll
2012-07-12 14:35 . 2012-07-12 14:35	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-07-12 14:35 . 2012-07-12 14:35	1800192	----a-w-	c:\windows\system32\jscript9.dll
2012-07-12 14:35 . 2012-07-12 14:35	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-07-12 14:35 . 2012-07-12 14:35	11776	----a-w-	c:\windows\system32\mshta.exe
2012-07-12 14:35 . 2012-07-12 14:35	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-07-12 14:35 . 2012-07-12 14:35	101888	----a-w-	c:\windows\system32\admparse.dll
2012-07-14 00:15 . 2011-09-06 09:19	136672	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2012-05-31 445624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-06 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-31 563984]
"Logitech CallCentral"="c:\program files\Logitech\CallCentral\CallCentral.exe" [2007-07-31 774416]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-01-07 1496968]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-01-07 1468296]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-10 22:28	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
2009-01-21 12:19	92168	----a-w-	c:\program files\Logitech\Gaming Software\LWEMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2012-09-16 05:44	1353080	----a-w-	d:\steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile-based device management]
2006-11-02 09:45	215552	----a-w-	c:\windows\WindowsMobile\wmdSync.exe
.
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 10034496
*Deregistered* - 10034496
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-17 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2009-01-07 19:23]
.
2011-06-03 c:\windows\Tasks\{7551541A-296E-4E0D-A6CB-50ED9D74C512}.job
- c:\program files\Skype\Phone\Skype.exe [2011-05-26 19:50]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.daemonsearch.com/intl/
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: An OneNote s&enden - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Free YouTube Download - c:\users\Mineor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Mineor\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - e:\micros~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - e:\micros~1\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - d:\icq7m\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Mineor\AppData\Roaming\Mozilla\Firefox\Profiles\daqvfycw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-28 22:50
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3581189367-4221141018-2697986107-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:61,42,00,72,b4,25,13,a6,e0,c6,7f,7a,f6,ba,ba,93,94,d9,9c,27,74,39,98,
   ac,4a,da,f4,79,7a,8e,30,12,d0,07,36,ca,7b,e7,9d,94,c8,fd,6d,c0,e3,95,68,94,\
"??"=hex:5c,f1,83,89,34,2e,c3,29,75,49,0f,ac,fc,c3,b8,aa
.
[HKEY_USERS\S-1-5-21-3581189367-4221141018-2697986107-1000\Software\SecuROM\License information*]
"datasecu"=hex:f6,d4,69,ec,23,5d,9b,da,8b,5d,2b,55,56,66,01,0d,c4,f0,e0,c1,25,
   22,36,12,f0,bd,ee,c1,04,a3,37,31,78,ad,6a,27,40,34,5e,a0,46,fd,c9,7b,f9,cc,\
"rkeysecu"=hex:7c,dd,7c,89,14,13,27,e6,27,99,91,f1,69,e9,9e,10
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\ACPI\PNP0F03\4&1f265bde&0\Device Parameters\Interrupt Management]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Enum\ACPI\PNP0F03\4&1f265bde&0\Device Parameters\LMouKE]
@DACL=(02 0000)
"ModelDetected"="3"
"Acceleration"="Low"
"MappingButton1"="1000"
"MappingButton2"="0100"
"Orientation"="0"
"MouseSpeedY"="50"
"MouseSpeedX"="50"
"Prescaler"="0x1000"
"AccelerationScale"="0x1000"
.
Zeit der Fertigstellung: 2012-09-28  22:53:04
ComboFix-quarantined-files.txt  2012-09-28 20:53
.
Vor Suchlauf: 16 Verzeichnis(se), 80.787.505.152 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 80.706.658.304 Bytes frei
.
- - End Of File - - A4846912951DFC46860D49350E9E5498

cosinus · 28.09.2012, 22:22

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Mineor · 28.09.2012, 23:20

Hallo ,

hier die Logs von OSAM und aswMBR.exe . GMER funktionierte nicht (absturz)

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 00:05:37 on 29.09.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Microsoft_Hardware_Launch_IType_exe.job" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itype.exe
"{7551541A-296E-4E0D-A6CB-50ED9D74C512}.job" - "Skype Technologies S.A." - C:\Program Files\Skype\Phone\Skype.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"PCWizard.cpl" - ? - C:\Windows\system32\PCWizard.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
"XBCDSU.cpl" - "Redcl0ud" - C:\Windows\system32\XBCDSU.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"AMD Function Driver for HD Audio Service" (AtiHDAudioService) - ? - C:\Windows\System32\drivers\AtihdLH3.sys  (File not found)
"AMD IO Driver" (amdiox86) - ? - C:\Windows\System32\DRIVERS\amdiox86.sys  (File not found)
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Mineor\AppData\Local\Temp\catchme.sys  (File not found)
"epmntdrv" (epmntdrv) - ? - C:\Windows\system32\epmntdrv.sys  (File found, but it contains no detailed information)
"EuGdiDrv" (EuGdiDrv) - ? - C:\Windows\system32\EuGdiDrv.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"Portrait Displays low level device driver" (PdiPorts) - ? - C:\Windows\System32\Drivers\PdiPorts.sys  (File not found)
"PSI" (PSI) - "Secunia" - C:\Windows\System32\DRIVERS\psi_mf.sys
"PxHelp20" (PxHelp20) - ? - C:\Windows\System32\DRIVERS\PxHelp20.sys  (File not found)
"SANDRA" (SANDRA) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"ufdiypow" (ufdiypow) - ? - C:\Users\Mineor\AppData\Local\Temp\ufdiypow.sys  (Hidden registry entry, rootkit activity | File not found)
"XBCD Kernel Module" (XBCD) - "Redcl0ud" - C:\Windows\System32\Drivers\xbcd.sys

[Explorer]
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{653DCCC2-13DB-45B2-A389-427885776CFE} "Activities Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplact.dll
{124597D8-850A-41AE-849C-017A4FA99CA2} "Buttons Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplbtn.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{8BE13461-936F-11D1-A87D-444553540000} "Eraser Shell Extension" - "-" - d:\Eraser\erasext.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL
{3BEABCC1-BF31-42df-88D9-A2955D6B8528} "IntelliPoint Sensitivity Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplsens.dll
{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} "IntelliType Pro Key Settings Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll
{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} "IntelliType Pro Scrolling Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll
{1825D0FA-5B0C-4e20-A929-3EFD15B6DF71} "IntelliType Pro Touchpad Control Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcpltp.dll
{A2569D1F-4E06-43EC-9825-0088B471BE47} "IntelliType Pro Wireless Control Panel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll
{97FA8AA2-EE77-4FF2-9449-424D8924EF21} "IntelliType Pro Zooming Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\kbcplext.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{AF90F543-6A3A-4C1B-8B16-ECEC073E69BE} "Wheel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwhl.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)
{20082881-FC36-4E47-9A7A-644C95FF749F} "Wireless Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliPoint\ipcplwir.dll
{ABE00001-0123-ABED-1248-0248ADFA1909} "Zoom Player ShellExt" - ? -   (File not found | COM-object registry key not found)
Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.7.0_05" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_05" - ? - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\npjpi160_33.dll  (File not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.5.1" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
"ICQ7M" - ? - d:\ICQ7M\ICQ.exe  (File not found)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - E:\MICROS~1\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{E5A1691B-D188-4419-AD02-90002030B8EE} "FlashFXP Helper for Internet Explorer" - "IniCom Networks, Inc." - C:\PROGRA~1\FlashFXP\IEFlash.dll
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} "Free Download Manager" - ? - C:\Program Files\Free Download Manager\iefdm2.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Mineor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Sony PC Companion" - "Sony" - "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"ControlCenter3" - "Brother Industries, Ltd." - C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
"EvtMgr6" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
"IntelliPoint" - "Microsoft Corporation" - "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"itype" - "Microsoft Corporation" - "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
"Logitech CallCentral" - "Logitech Inc." - "C:\Program Files\Logitech\CallCentral\CallCentral.exe" /hide
"LogitechCommunicationsManager" - "Logitech Inc." - "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira Realtime Protection" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Scheduler" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"LVCOMSer" (LVCOMSer) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
"LVSrvLauncher" (LVSrvLauncher) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - "McAfee, Inc." - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files\Secunia\PSI\PSIA.exe
"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files\Secunia\PSI\sua.exe
"SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
"Sony PC Companion" (Sony PC Companion) - "Avanquest Software" - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe

===[ Logfile end ]=========================================[ Logfile end ]===

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-29 00:16:12
-----------------------------
00:16:12.148    OS Version: Windows 6.0.6002 Service Pack 2
00:16:12.148    Number of processors: 2 586 0x4303
00:16:12.163    ComputerName: MINEOR-PC  UserName: Mineor
00:16:12.803    Initialize success
00:16:20.665    AVAST engine defs: 12092800
00:16:51.725    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
00:16:51.725    Disk 0 Vendor: ST3250410AS 3.AAC Size: 238475MB BusType: 3
00:16:51.772    Disk 0 MBR read successfully
00:16:51.772    Disk 0 MBR scan
00:16:51.772    Disk 0 Windows VISTA default MBR code
00:16:51.787    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       120095 MB offset 2048
00:16:51.834    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        85007 MB offset 245956608
00:16:51.881    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        33370 MB offset 420051560
00:16:51.959    Disk 0 scanning sectors +488394752
00:16:52.115    Disk 0 scanning C:\Windows\system32\drivers
00:17:10.445    Service scanning
00:17:35.296    Modules scanning
00:17:41.957    Disk 0 trace - called modules:
00:17:41.988    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
00:17:41.988    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8630f3b8]
00:17:41.988    3 CLASSPNP.SYS[8b9a88b3] -> nt!IofCallDriver -> [0x86107918]
00:17:42.004    5 acpi.sys[806096bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x85751b98]
00:17:42.004    Scan finished successfully
00:18:01.332    Disk 0 MBR has been saved successfully to "C:\Users\Mineor\Desktop\MBR.dat"
00:18:01.348    The log file has been saved successfully to "C:\Users\Mineor\Desktop\aswMBR.txt"

aswMBR musste ich nochmal starten , da das Programm abgestürzt war.

cosinus · 28.09.2012, 23:57

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

28.09.2012, 18:39	#18
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizei Ihr Computer wurde gesterrt - Entsperren Sie mit Ukash Warum hast du OTL nicht neu runtergeladen? __________________ __________________

28.09.2012, 23:57	#30
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizei Ihr Computer wurde gesterrt - Entsperren Sie mit Ukash Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Bundespolizei Ihr Computer wurde gesterrt - Entsperren Sie mit Ukash

Plagegeister aller Art und deren Bekämpfung: Bundespolizei Ihr Computer wurde gesterrt - Entsperren Sie mit Ukash