Firefox zögert, Web.de Phishing Filter schlägt an

DerPhish · 16.10.2012, 17:47

Ich habe Vista immer ganz normal gebootet. Einschränkungen hatte ich keine bemerkt.

Ein leerer Ordner ("Tablet PC"), kein Ahnung ob da was drin war, und wenn ja, was.
Autostart ist leer, war es aber wohl auch schon vorher.
Hi-Rez Studios ist leer, da könnten Links zu Diagnoseprogrammen drin gelegen haben. Auch da bin ich mir nicht sicher, ob ich den Inhalt nicht schon selbst gelöscht habe.

Sonst meines Wissens alles da

cosinus · 17.10.2012, 13:00

Mach bitte einen (neuen) CustomScan mit OTL - das Log davon nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

DerPhish · 18.10.2012, 07:12

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 17.10.2012 14:22:39 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
64bit-Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 65,82% Memory free
8,22 Gb Paging File | 6,43 Gb Available in Paging File | 78,23% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 400,86 Gb Total Space | 181,99 Gb Free Space | 45,40% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 24,27 Gb Free Space | 12,43% Space Free | Partition Type: NTFS
Drive E: | 648,38 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 97,65 Gb Total Space | 15,95 Gb Free Space | 16,33% Space Free | Partition Type: NTFS
Drive G: | 181,80 Gb Total Space | 6,88 Gb Free Space | 3,78% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 83,06 Gb Free Space | 17,83% Space Free | Partition Type: NTFS
Drive J: | 14,95 Gb Total Space | 11,39 Gb Free Space | 76,18% Space Free | Partition Type: FAT32
Drive L: | 3,74 Gb Total Space | 3,74 Gb Free Space | 99,97% Space Free | Partition Type: FAT32
Drive X: | 2794,39 Gb Total Space | 1725,79 Gb Free Space | 61,76% Space Free | Partition Type: NTFS
 
Computer Name: *****VISTA | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012.10.17 14:19:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
PRC - [2012.10.04 14:03:54 | 001,459,848 | ---- | M] (1und1 Mail und Media GmbH) -- C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe
PRC - [2012.08.22 23:51:50 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.08.19 22:45:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.06.08 17:02:06 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
PRC - [2012.05.21 01:52:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.21 01:52:42 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.04.13 10:12:00 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2011.02.02 11:12:34 | 001,215,216 | ---- | M] (Starfield Technologies, Inc.) -- C:\Program Files (x86)\Starfield\offSyncService.exe
PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.09.13 15:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.08.25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.06.09 12:47:52 | 001,689,088 | ---- | M] (Elgato Systems) -- C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
PRC - [2010.04.27 11:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\CalDigit\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.12.04 17:42:04 | 000,112,464 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files (x86)\Presto_PageManager_9\PMSpeed.exe
PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2008.08.13 05:49:30 | 000,405,504 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
PRC - [2007.08.23 01:02:02 | 000,028,672 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0400Mon.exe
PRC - [2007.04.02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.12.18 19:10:34 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMSave.dll
MOD - [2009.12.18 16:12:14 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMINSO.dll
MOD - [2009.12.08 10:51:40 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\ScanModule.dll
MOD - [2009.12.07 13:55:56 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMScnSet.dll
MOD - [2009.12.07 11:07:06 | 000,352,256 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMTree.dll
MOD - [2009.12.04 17:21:42 | 004,567,040 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMView.dll
MOD - [2009.12.04 17:21:18 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMISM.dll
MOD - [2009.12.04 17:20:52 | 000,323,584 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMAnoSet.dll
MOD - [2009.11.27 17:50:54 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMSet.dll
MOD - [2009.11.27 17:38:52 | 000,331,776 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMAppBar.dll
MOD - [2009.11.26 17:49:38 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\NetFun2k.dll
MOD - [2009.11.20 13:20:00 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMCommon.dll
MOD - [2009.11.20 11:30:46 | 001,032,192 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\SlideBarDLL.dll
MOD - [2009.11.11 17:21:04 | 000,450,560 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMPageVW.dll
MOD - [2009.11.11 17:20:58 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMDocVW.dll
MOD - [2009.11.09 18:35:52 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMImgVW.dll
MOD - [2009.10.22 17:50:08 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMStatus.dll
MOD - [2009.10.16 15:04:12 | 000,614,400 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMDB_N.dll
MOD - [2009.09.09 14:44:26 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMANO.dll
MOD - [2009.08.06 10:22:18 | 000,421,888 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\FT.dll
MOD - [2009.07.14 13:25:20 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMPDFView.dll
MOD - [2009.07.08 14:23:40 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PerformOcr.dll
MOD - [2009.06.26 09:03:42 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMApSet.dll
MOD - [2008.12.12 17:00:34 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\OutlookVBA.dll
MOD - [2008.12.12 16:52:04 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMProp.dll
MOD - [2008.11.17 14:56:24 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\nsSign.dll
MOD - [2008.08.25 17:19:34 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PHooKDlg.dll
MOD - [2008.08.25 16:16:44 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMIEVW.dll
MOD - [2008.04.24 10:46:06 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMImageSplitter.dll
MOD - [2007.08.31 17:51:04 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\PMVoice.dll
MOD - [2007.03.30 10:24:12 | 000,104,528 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\Qem.dll
MOD - [2007.03.30 10:01:28 | 000,038,992 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\NsOEMKey.dll
MOD - [2007.03.30 09:57:04 | 000,034,896 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\Import.dll
MOD - [2007.03.30 09:49:38 | 000,104,528 | ---- | M] () -- C:\Program Files (x86)\Presto_PageManager_9\ComClass.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.06.27 01:13:46 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2008.01.21 04:49:41 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.13 21:43:04 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 16:29:45 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- X:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2012.10.04 07:32:10 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.09.13 01:44:42 | 000,229,392 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012.08.22 23:51:50 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.08 17:02:06 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2012.05.21 01:52:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.21 01:52:42 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.04.13 10:12:00 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.02.02 11:12:34 | 001,215,216 | ---- | M] (Starfield Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Starfield\offSyncService.exe -- (File Backup)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 14:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.09.14 08:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV - [2009.09.14 08:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 01:21:06 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2008.05.21 13:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007.04.02 08:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.06.27 01:14:45 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.06.27 01:13:57 | 000,092,176 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.06.27 01:13:50 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.06.27 01:13:50 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.05.21 01:52:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.21 01:52:42 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.12.01 01:42:57 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2011.12.01 01:42:57 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2011.11.11 01:51:30 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.11.11 01:51:05 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2010.09.29 12:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ladfSBVMamd64.sys -- (LADF_SBVM)
DRV:64bit: - [2010.09.29 12:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ladfDHP2amd64.sys -- (LADF_DHP2)
DRV:64bit: - [2010.09.23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.06.25 16:08:56 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.06.09 18:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\nm3.sys -- (nm3)
DRV:64bit: - [2010.05.06 11:21:40 | 000,122,384 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.04.27 09:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 09:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.11.23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.06.10 15:46:00 | 000,031,744 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.03.05 13:31:45 | 000,496,760 | ---- | M] (TerraTec Provide) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\UDST7000BDA.sys -- (UDST7000BDA)
DRV:64bit: - [2009.02.03 17:46:14 | 000,077,952 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfsync04.sys -- (sfsync04)
DRV:64bit: - [2009.02.03 17:37:50 | 000,075,384 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfdrv01.sys -- (sfdrv01)
DRV:64bit: - [2008.11.04 10:52:36 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018unic.sys -- (s1018unic)
DRV:64bit: - [2008.11.04 10:52:36 | 000,132,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys -- (s1018mgmt)
DRV:64bit: - [2008.11.04 10:52:36 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018obex.sys -- (s1018obex)
DRV:64bit: - [2008.11.04 10:52:36 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys -- (s1018nd5)
DRV:64bit: - [2008.11.04 10:52:32 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys -- (s1018mdm)
DRV:64bit: - [2008.11.04 10:52:32 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys -- (s1018mdfl)
DRV:64bit: - [2008.11.04 10:52:30 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018bus.sys -- (s1018bus)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.07.14 09:54:46 | 000,993,280 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD)
DRV:64bit: - [2008.07.02 09:37:22 | 000,391,328 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2008.07.02 09:37:20 | 000,654,880 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2008.04.28 15:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008.01.21 04:47:20 | 000,119,296 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\irda.sys -- (irda)
DRV:64bit: - [2008.01.21 04:45:39 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)
DRV:64bit: - [2008.01.21 04:45:15 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\irsir.sys -- (irsir)
DRV:64bit: - [2008.01.09 13:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\seehcri.sys -- (seehcri)
DRV:64bit: - [2007.12.06 09:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2007.08.15 23:50:06 | 000,688,640 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2007.06.11 01:01:02 | 000,214,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\V0400Afx.sys -- (VF0400Afx)
DRV:64bit: - [2007.06.07 01:01:00 | 000,204,736 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\V0400Vid.sys -- (VF0400Vid)
DRV:64bit: - [2007.03.05 18:55:48 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\V0400VFx.sys -- (VF0400Vfx)
DRV:64bit: - [2006.06.14 16:58:10 | 000,014,192 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sfhlp02.sys -- (sfhlp02)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = 
IE - HKLM\..\SearchScopes,DefaultScope = 
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1942734557-2161052330-659072145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1942734557-2161052330-659072145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1942734557-2161052330-659072145-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1942734557-2161052330-659072145-1000\..\SearchScopes\{0C1B5B77-F0FC-4659-9792-C85A2AA70063}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1942734557-2161052330-659072145-1000\..\SearchScopes\{66827C45-3498-4C17-A277-7F6C51231A81}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1942734557-2161052330-659072145-1000\..\SearchScopes\{7107DDFE-86FE-4B91-AA15-C52E276181AF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&amp;sourceid=ie7&amp;rls=com.microsoft:{language}:{referrer:source}&amp;ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1942734557-2161052330-659072145-1000\..\SearchScopes\{86FA2E5E-1989-49CE-B07C-9C037E9EF651}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKU\S-1-5-21-1942734557-2161052330-659072145-1000\..\SearchScopes\{A4A9C786-956C-41CF-A32B-A5EBF6D8AD7D}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKU\S-1-5-21-1942734557-2161052330-659072145-1000\..\SearchScopes\{C4315BBB-ECF6-4CDF-8826-C103F129EA89}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3241949
IE - HKU\S-1-5-21-1942734557-2161052330-659072145-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1942734557-2161052330-659072145-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "WEB.DE Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: support@lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.9
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.2
FF - prefs.js..extensions.enabledItems: zoomext@starfield:1.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.132.0: C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF Reader\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@starfield.com/off: C:\Users\****\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, Inc.)
FF - HKCU\Software\MozillaPlugins\@starfield.com/wbe: C:\Users\****\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\****\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\****\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.13 21:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.13 21:43:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.13 21:43:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.13 21:43:00 | 000,000,000 | ---D | M]
 
[2011.10.04 00:56:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2011.03.26 21:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.10.04 00:56:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2012.10.13 03:28:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\sd6qyevz.default\extensions
[2011.03.06 18:16:02 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\sd6qyevz.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2012.10.03 00:26:31 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\sd6qyevz.default\extensions\foxmarks@kei.com
[2012.07.29 10:02:31 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\sd6qyevz.default\extensions\support@lastpass.com
[2012.10.13 03:28:13 | 000,565,762 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\sd6qyevz.default\extensions\toolbar@web.de.xpi
[2011.10.15 01:08:04 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\sd6qyevz.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012.10.13 03:28:24 | 000,000,911 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\sd6qyevz.default\searchplugins\11-suche.xml
[2012.10.13 03:28:25 | 000,002,273 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\sd6qyevz.default\searchplugins\englische-ergebnisse.xml
[2012.10.13 03:28:24 | 000,010,563 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\sd6qyevz.default\searchplugins\gmx-suche.xml
[2012.10.13 03:28:24 | 000,002,432 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\sd6qyevz.default\searchplugins\lastminute.xml
[2012.10.13 03:28:24 | 000,005,545 | ---- | M] () -- C:\Users\****\AppData\Roaming\mozilla\firefox\profiles\sd6qyevz.default\searchplugins\webde-suche.xml
[2012.10.13 21:42:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.13 21:42:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2009.06.30 02:00:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.10.13 21:43:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.26 21:09:58 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.30 07:32:24 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.26 21:09:58 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.26 21:09:58 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.26 21:09:58 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.26 21:09:58 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\****\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Online File Folder plugin 1.0.0.18 (Enabled) = C:\Users\****\AppData\Roaming\Mozilla\plugins\npoff.dll
CHR - plugin: Web-Based Email plug-in 1.0.0.14 (Enabled) = C:\Users\****\AppData\Roaming\Mozilla\plugins\npwbe.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF Reader\npnitromozilla.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\****\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
 
O1 HOSTS File: ([2012.03.12 21:44:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (WEB.DE MailCheck BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3:64bit: - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (WEB.DE MailCheck) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3:64bit: - HKU\S-1-5-21-1942734557-2161052330-659072145-1000\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-1942734557-2161052330-659072145-1000\..\Toolbar\WebBrowser: (WEB.DE MailCheck) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [MailCheck IE Broker] C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\CalDigit\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PMSpeed] C:\Program Files (x86)\Presto_PageManager_9\PMSpeed.EXE (NewSoft Technology Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [V0400Mon.exe] C:\Windows\V0400Mon.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-1942734557-2161052330-659072145-1000..\Run: [Google Update] "C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKU\S-1-5-21-1942734557-2161052330-659072145-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1942734557-2161052330-659072145-1000..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O4 - HKU\S-1-5-21-1942734557-2161052330-659072145-1000..\Run: [SoftAuto.exe] C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1942734557-2161052330-659072145-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1942734557-2161052330-659072145-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1942734557-2161052330-659072145-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1942734557-2161052330-659072145-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1942734557-2161052330-659072145-1000\..Trusted Domains: heise.de ([www] http in Vertrauenswürdige Sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{348FDDCC-286F-4EE8-8D63-E52199428218}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{35C5DD4E-9415-47EA-8A86-1D2BAA666773}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder\Liam\1208 Liam Aug 12\2012_08_13_383.JPG
O24 - Desktop BackupWallPaper: D:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder\Liam\1208 Liam Aug 12\2012_08_13_383.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002.06.17 21:40:00 | 000,053,248 | R--- | M] () - E:\autoplay.exe -- [ CDFS ]
O32 - AutoRun File - [2001.07.23 21:25:04 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012.10.14 21:18:14 | 000,000,216 | ---- | M] () - L:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1942734557-2161052330-659072145-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XFR1 - C:\Windows\SysWow64\xfcodec.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.17 14:18:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.10.13 21:42:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.13 03:34:58 | 002,322,184 | ---- | C] (ESET) -- C:\Users\****\Desktop\esetsmartinstaller_enu.exe
[2012.10.08 22:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[2012.10.04 23:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\DesktopIcons
[2012.10.04 23:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE MailCheck
[2012.10.04 23:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WEB.DE MailCheck
[2012.10.04 23:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WEB.DE MailCheck
[2012.10.04 23:26:33 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1 Mail & Media GmbH
[2012.10.04 23:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb
[2012.09.27 01:25:34 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Zwischenspeicher
[2012.09.22 04:27:27 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\FIFA 13
[2012.09.22 04:27:15 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\FIFA 13 Demo
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.17 14:19:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.10.17 13:55:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1942734557-2161052330-659072145-1000UA.job
[2012.10.17 12:46:45 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.17 12:46:45 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.17 08:46:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.16 20:55:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1942734557-2161052330-659072145-1000Core.job
[2012.10.14 23:26:16 | 000,538,941 | ---- | M] () -- C:\Users\****\Desktop\adwcleaner.exe
[2012.10.14 21:01:42 | 000,208,384 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.13 03:34:59 | 002,322,184 | ---- | M] (ESET) -- C:\Users\****\Desktop\esetsmartinstaller_enu.exe
[2012.10.09 03:50:56 | 001,662,588 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.09 03:50:56 | 000,709,954 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.09 03:50:56 | 000,664,076 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.09 03:50:56 | 000,161,282 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.09 03:50:56 | 000,131,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.09 00:04:20 | 000,310,709 | ---- | M] () -- C:\Users\****\Desktop\Datei nicht gelöscht.jpg
[2012.10.08 09:50:31 | 000,002,317 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012.09.28 22:34:11 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012.09.20 01:06:34 | 000,298,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.09.20 01:06:34 | 000,298,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.14 23:26:15 | 000,538,941 | ---- | C] () -- C:\Users\****\Desktop\adwcleaner.exe
[2012.10.09 00:04:20 | 000,310,709 | ---- | C] () -- C:\Users\****\Desktop\Datei nicht gelöscht.jpg
[2012.09.28 22:34:11 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Hi-Rez Diagnostics and Support.lnk
[2012.08.29 23:44:22 | 000,000,042 | ---- | C] () -- C:\Windows\wininit.ini
[2012.08.29 23:44:21 | 000,110,592 | ---- | C] () -- C:\Program Files\setup.exe
[2012.08.29 23:26:22 | 000,000,004 | ---- | C] () -- C:\Program Files\Future Beat 3Ddbcontrol.dbc
[2012.03.12 21:19:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.12 21:19:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.12 21:19:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.12 21:19:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.12 21:19:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.06 16:51:09 | 000,000,000 | ---- | C] () -- C:\Users\****\defogger_reenable
[2012.03.01 00:22:17 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012.02.25 16:24:07 | 000,072,723 | ---- | C] () -- C:\Users\****\AppData\Roaming\icarus-dxdiag.xml
[2012.01.15 18:35:38 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Animals
[2012.01.15 18:35:38 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Analog Sync
[2012.01.15 18:35:38 | 000,000,268 | RH-- | C] () -- C:\Users\****\AppData\Roaming\Analog Mono
[2012.01.15 18:35:38 | 000,000,268 | RH-- | C] () -- C:\Users\****\AppData\Roaming\Ambient
[2012.01.15 18:35:38 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012.01.15 18:35:38 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012.01.15 18:35:38 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Bass
[2012.01.15 18:35:38 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Basic Track
[2012.01.15 18:35:37 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Analog Swirl
[2012.01.15 18:35:37 | 000,000,268 | RH-- | C] () -- C:\Users\****\AppData\Roaming\Ambience
[2012.01.15 18:35:37 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012.01.15 18:35:37 | 000,000,012 | RH-- | C] () -- C:\ProgramData\BSD
[2011.12.21 14:37:20 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011.12.16 15:02:45 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.11.16 09:27:53 | 000,000,046 | ---- | C] () -- C:\Users\****\jagex_cl_runescape_LIVE2.dat
[2011.11.16 09:20:38 | 000,000,046 | ---- | C] () -- C:\Users\****\jagex_cl_runescape_LIVE1.dat
[2011.11.16 09:13:04 | 000,000,045 | ---- | C] () -- C:\Users\****\jagex_cl_runescape_LIVE.dat
[2011.11.16 09:13:04 | 000,000,024 | ---- | C] () -- C:\Users\****\random.dat
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.07.05 23:10:33 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI
[2011.07.05 22:51:49 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.04.19 07:49:41 | 000,000,680 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat
[2009.09.21 01:56:51 | 000,000,053 | ---- | C] () -- C:\Users\****\AppData\Roaming\sversion.ini
[2009.03.02 12:53:39 | 000,000,094 | ---- | C] () -- C:\Users\****\AppData\Local\fusioncache.dat
[2009.03.02 02:46:04 | 000,208,384 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.28 04:47:42 | 000,000,816 | ---- | C] () -- C:\Users\****\AppData\Local\RT2870_{348FDDCC-286F-4EE8-8D63-E52199428218}_sta
[2009.02.28 04:47:38 | 000,001,579 | ---- | C] () -- C:\Users\****\AppData\Local\RT2870_{348FDDCC-286F-4EE8-8D63-E52199428218}_prof
[2009.02.27 18:02:50 | 000,001,460 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps64.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 17:28:45 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 09:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 04:49:17 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2009.03.02 03:11:21 | 000,000,000 | ---D | M] -- C:\Users\hofmaier\AppData\Roaming\TerraTec
[2012.10.17 08:48:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\.oit
[2012.10.04 23:26:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\1&1 Mail & Media GmbH
[2011.11.26 21:45:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Atari
[2011.07.02 16:20:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Bioshock2
[2012.01.11 12:20:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\bkchem
[2011.08.24 01:30:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Black Sea Studios
[2012.08.22 02:34:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited
[2011.10.27 10:30:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canon
[2012.08.24 12:12:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Code Force Limited
[2011.07.07 20:12:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DeadMage
[2012.09.15 14:11:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Downloaded Installations
[2012.06.15 22:29:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Dropbox
[2012.09.07 23:35:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EoN
[2012.08.03 10:19:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Epson
[2012.09.05 22:09:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Fatshark
[2012.03.23 10:12:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2011.07.25 12:10:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FreeCommander
[2009.06.26 04:07:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FreeOrion
[2012.07.05 02:24:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FreePDF
[2012.07.09 12:38:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gnupg
[2011.07.19 11:07:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HD Tune Pro
[2011.02.04 13:03:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Hi-Rez Studios
[2012.07.05 01:29:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HTC
[2012.07.07 16:20:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HTC Sync
[2010.10.16 02:26:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Imperium Romanum
[2011.10.26 20:22:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Kalypso Media
[2011.03.23 09:54:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\kompozer.net
[2010.02.20 22:12:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech
[2012.01.23 23:31:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LibreOffice
[2011.10.11 20:04:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Lionhead Studios
[2009.03.02 12:30:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mount&Blade
[2012.07.17 02:50:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mount&Blade Warband
[2011.08.29 08:05:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mount&Blade With Fire and Sword
[2012.07.08 02:00:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MyPhoneExplorer
[2011.10.28 10:02:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\NationRed
[2012.09.01 01:16:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Need for Speed World
[2012.04.22 12:21:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\NetSpeedMonitor
[2012.07.18 09:45:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\NewSoft
[2012.01.15 18:47:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nikon
[2012.08.01 16:08:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nitro PDF
[2009.06.29 23:41:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia
[2009.03.02 10:47:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org
[2012.08.22 13:37:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Origin
[2009.03.02 06:01:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PC Suite
[2010.10.14 20:54:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Pollux Gamelabs
[2011.10.04 00:56:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Prism
[2011.08.24 14:09:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Quest3D
[2012.05.28 20:50:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Raptr
[2011.04.12 00:35:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\runic games
[2011.11.30 12:31:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Shareaza
[2011.08.26 16:13:05 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Sierra
[2012.03.16 11:08:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Star Ruler
[2009.07.01 02:04:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Stardock
[2011.07.26 01:11:29 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeraCopy
[2011.12.04 19:05:24 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TerraTec
[2011.03.17 17:19:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\The Creative Assembly
[2012.03.21 12:35:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\The First Templar
[2011.03.26 21:15:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird
[2011.08.18 18:28:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\UFOAI
[2012.07.26 23:00:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Zeal Game Studio
[2012.08.01 22:12:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.10.17 08:48:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\.oit
[2012.10.04 23:26:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\1&1 Mail & Media GmbH
[2012.08.01 22:08:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Adobe
[2012.07.05 01:28:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Apple Computer
[2012.01.15 18:39:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ArcSoft
[2011.11.26 21:45:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Atari
[2009.02.27 18:26:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ATI
[2011.10.15 18:17:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Avira
[2011.07.02 16:20:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Bioshock2
[2012.01.11 12:20:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\bkchem
[2011.08.24 01:30:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Black Sea Studios
[2012.08.22 02:34:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited
[2011.10.27 10:30:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canon
[2012.08.24 12:12:50 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Code Force Limited
[2011.08.23 12:01:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Creative
[2011.07.07 20:12:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DeadMage
[2012.09.15 14:11:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Downloaded Installations
[2012.06.15 22:29:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Dropbox
[2012.09.07 23:35:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\EoN
[2012.08.03 10:19:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Epson
[2012.09.05 22:09:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Fatshark
[2012.03.23 10:12:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2011.07.25 12:10:41 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FreeCommander
[2009.06.26 04:07:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FreeOrion
[2012.07.05 02:24:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FreePDF
[2012.07.09 12:38:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\gnupg
[2011.07.19 11:07:23 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HD Tune Pro
[2011.02.04 13:03:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Hi-Rez Studios
[2012.07.05 01:29:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HTC
[2012.07.07 16:20:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HTC Sync
[2009.02.27 18:02:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Identities
[2010.10.16 02:26:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Imperium Romanum
[2009.02.28 04:45:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InstallShield
[2012.08.31 23:26:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InstallShield Installation Information
[2011.10.26 20:22:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Kalypso Media
[2011.03.23 09:54:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\kompozer.net
[2010.02.20 22:12:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech
[2012.01.23 23:31:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\LibreOffice
[2011.10.11 20:04:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Lionhead Studios
[2009.03.02 03:29:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Macromedia
[2012.03.07 17:59:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2012.07.04 23:37:15 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft
[2012.04.22 13:44:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Microsoft Games
[2009.03.02 12:30:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mount&Blade
[2012.07.17 02:50:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mount&Blade Warband
[2011.08.29 08:05:09 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mount&Blade With Fire and Sword
[2012.07.16 00:27:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla
[2012.07.08 02:00:36 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MyPhoneExplorer
[2011.10.28 10:02:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\NationRed
[2012.09.01 01:16:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Need for Speed World
[2012.07.05 01:32:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nero
[2012.04.22 12:21:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\NetSpeedMonitor
[2012.07.18 09:45:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\NewSoft
[2012.01.15 18:47:59 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nikon
[2012.08.01 16:08:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nitro PDF
[2009.06.29 23:41:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nokia
[2009.03.02 10:47:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\OpenOffice.org
[2012.08.22 13:37:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Origin
[2009.03.02 06:01:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PC Suite
[2010.10.14 20:54:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Pollux Gamelabs
[2011.10.04 00:56:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Prism
[2011.08.24 14:09:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Quest3D
[2012.05.28 20:50:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Raptr
[2011.04.12 00:35:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\runic games
[2009.03.02 03:27:11 | 000,000,000 | RH-D | M] -- C:\Users\****\AppData\Roaming\SecuROM
[2011.11.30 12:31:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Shareaza
[2011.08.26 16:13:05 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Sierra
[2012.09.24 15:29:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Skype
[2012.03.16 11:08:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Star Ruler
[2009.07.01 02:04:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Stardock
[2012.03.14 01:25:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\SUPERAntiSpyware.com
[2009.03.02 04:14:39 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Talkback
[2011.07.26 01:11:29 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeraCopy
[2011.12.04 19:05:24 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TerraTec
[2011.03.17 17:19:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\The Creative Assembly
[2012.03.21 12:35:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\The First Templar
[2011.03.26 21:15:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Thunderbird
[2011.08.18 18:28:47 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\UFOAI
[2012.10.01 21:46:52 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\vlc
[2012.03.20 02:51:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Xfire
[2012.07.26 23:00:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Zeal Game Studio
[2012.08.01 22:12:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1
 
< %APPDATA%\*.exe /s >
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\****\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:22 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\****\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.08.31 22:30:16 | 000,121,072 | R--- | M] (Macrovision Corporation) -- C:\Users\****\AppData\Roaming\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe
[2005.04.07 01:39:06 | 000,121,064 | ---- | M] (Macrovision Corporation) -- C:\Users\****\AppData\Roaming\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe
[2012.08.01 22:08:19 | 015,201,112 | ---- | M] (Adobe Systems Inc.) -- C:\Users\****\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller3x0\airinstaller3x0.exe
[2011.03.21 23:01:48 | 000,010,134 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\Foren.exe
[2011.03.21 23:01:48 | 000,000,766 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{20B1B020-DEAE-48D1-9960-D4C3185D758B}\htmledit.exe
[2012.01.15 18:36:37 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
[2009.02.27 18:23:34 | 000,010,134 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{C3495A05-14AF-8FD1-FDA7-7554860BDC8B}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
[2010.09.16 01:41:21 | 001,375,018 | ---- | M] () -- C:\EasyBCD 2.0.2.exe
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:45:05 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 04:45:05 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 04:45:05 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2006.12.29 01:51:56 | 000,110,592 | ---- | M] (ATI Technologies Inc.) MD5=67740F91B47434CC6173A35667A4BA66 -- C:\ATI\SUPPORT\7-9_vista64_dd_ccc_wdm_enu_52447\Driver\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2008.04.18 20:33:46 | 000,175,632 | ---- | M] (AMD Technologies Inc.) MD5=844A6734E8BB3530FB1444ED698087BD -- C:\ATI\SUPPORT\8-7_vista32-64_sb_66001\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2007.04.17 00:16:34 | 000,119,296 | ---- | M] (ATI Technologies Inc.) MD5=A5AC7B705166BF7CD07BB054BEEA8D03 -- C:\ATI\SUPPORT\8-7_vista32-64_sb_66001\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 04:45:04 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:45:13 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 04:45:13 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 04:49:23 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache86\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\ERDNT\cache64\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 04:46:46 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 04:45:08 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 04:45:08 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:48:49 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 04:48:07 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\ERDNT\cache64\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:46:48 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 04:47:33 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\ERDNT\cache86\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 08:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\ERDNT\cache64\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 09:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:48:55 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008.01.21 04:48:55 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:48:55 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:48:04 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008.01.21 04:48:04 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:48:04 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:46:19 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache86\wininit.exe
[2008.01.21 04:46:19 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:46:19 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:48:42 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\ERDNT\cache64\wininit.exe
[2008.01.21 04:48:42 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:48:42 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:48:05 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:48:57 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:47:58 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 04:47:58 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Downloads:Shareaza.GUID

< End of report >

--- --- ---

Das hier dürfte eigentlich nicht mehr sein

@Alternate Data Stream - 16 bytes -> C:\Downloads:Shareaza.GUID

Shareaza war mir nicht geheuer, deswegen habe ich es eigentlich schon vor einiger Zeit versucht, es wieder los zu werden. Wohl wenig erfolgreich.

cosinus · 18.10.2012, 10:07

Code:

ATTFilter

64bit-Windows Vista Business Edition

Warum Business Edition?
Ist das ein Büro-/Firmen-PC?

DerPhish · 18.10.2012, 10:28

Ich wollte möglichst viel Freiheiten bei der Vergabe von Zugriffsrechten (ich will meine Daten da abspeichern, wo ich will, nicht, wo das Betriebssystem sie meint hinschieben zu sollen), daher habe ich damals die Business Edition genommen. Ich schreibe zwar hin und wieder auch einen Brief auf dem Rechner, aber 90% der knapp 2 Terabytes auf den Platten sind Games.

cosinus · 18.10.2012, 12:29

Und was hat das bitte mit der Edititon zu tun? Auch ein HomePremium läuft auf einem NTFS-Dateisystem und es gibt auch keine künstliche Speicherplatzbegrenzung von 2 TB oder so - wo hast du diese Falschinformationen aufgeschnappt?

DerPhish · 18.10.2012, 13:15

Darum ging es nicht. Ich hatte von vorne herein vor, den Rechner als Dual Boot aufzusetzen (Vista + XP), und dann alle meine Dateien nur auf einer der Platten zu speichern. Ich mag mich getäuscht haben, aber ich hatte damals den Eindruck, die Vista Home Edition legt einen ziemlich fest, welche Daten wo abgespeichert werden (Z.B. in "Eigene Dateien" auf der Bootpartition). Unter XP war man da ja noch recht frei, und diese Freiheit wollte ich auch weiterhin haben.

Ich stelle mir gerade wieder einen neuen Rechner zusammen, auch für den werde ich Win 7 Professional nehmen. In dem Fall geht es mir aber hauptsächlich um die Möglichkeit, alte Betriebssysteme zu emulieren.

cosinus · 18.10.2012, 14:23

Zitat:

auch für den werde ich Win 7 Professional nehmen. In dem Fall geht es mir aber hauptsächlich um die Möglichkeit, alte Betriebssysteme zu emulieren.

Welche alten Betriebssysteme? WinXP?

Man kann auch "kostenlos" emulieren indem man eine VM zB mit Oracle VirtualBox aufsetzt
Man sollte dann aber schon etwas mehr Arbeitsspeicher im Rechner haben

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-1942734557-2161052330-659072145-1000\..\SearchScopes\{C4315BBB-ECF6-4CDF-8826-C103F129EA89}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3241949
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
@Alternate Data Stream - 16 bytes -> C:\Downloads:Shareaza.GUID
:Files
C:\ProgramData\PKP_DLet.DAT

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

DerPhish · 18.10.2012, 16:57

XP und Win 98. Ich habe einige ältere Kamellen, die ich hin und wieder ganz gern nutze. Die Oracle VirtualBox kannte ich noch nicht, werde sie mir mal ansehen. Danke für den Tip.

Tatsächlich habe ich mir Win7 Pro schon zugelegt (OEM Version von e-bay, € 35)

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1942734557-2161052330-659072145-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C4315BBB-ECF6-4CDF-8826-C103F129EA89}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4315BBB-ECF6-4CDF-8826-C103F129EA89}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Unable to delete ADS C:\Downloads:Shareaza.GUID .
========== FILES ==========
C:\ProgramData\PKP_DLet.DAT moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\****\Desktop\cmd.bat deleted successfully.
C:\Users\****\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: hofmaier
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ****
->Temp folder emptied: 643371394 bytes
->Temporary Internet Files folder emptied: 46982583 bytes
->Java cache emptied: 605811 bytes
->FireFox cache emptied: 66671230 bytes
->Google Chrome cache emptied: 291579062 bytes
->Apple Safari cache emptied: 6478848 bytes
->Flash cache emptied: 15216461 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 512000 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 133904217 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 838736 bytes
 
Total Files Cleaned = 1.150,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10182012_153849

Files\Folders moved on Reboot...
C:\Users\****\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Shareaza ist offensichtlich eine zähes kleines Ding.

cosinus · 18.10.2012, 19:27

Zitat:

Die Oracle VirtualBox kannte ich noch nicht, werde sie mir mal ansehen. Danke für den Tip

Ich kenn sie seit etwa einem Jahr, hab davor immer mit VMWAre gearbeitet und gespielt, seit etwa zwei Wochen spiele ich mit OracleVirtualBox. Wirt ist ein 64-bittiges Xubuntu 12.04 und meine VMs zum Testen und Rumspielen sind mit NT4/2000/XP/Vista/Win7/Win8 (das ganze Spektrum ab NT4 alles 32-Bit

)

Zitat:

Tatsächlich habe ich mir Win7 Pro schon zugelegt (OEM Version von e-bay, € 35)

Bei dem Preis kann man echt nicht meckern!

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

DerPhish · 18.10.2012, 20:13

Irgendwelche Erfahrungen mit Win98-Programmen unter VirtualBox?

Code:

ATTFilter

21:03:10.0827 4752  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
21:03:11.0004 4752  ============================================================
21:03:11.0004 4752  Current date / time: 2012/10/18 21:03:11.0004
21:03:11.0004 4752  SystemInfo:
21:03:11.0004 4752  
21:03:11.0004 4752  OS Version: 6.0.6002 ServicePack: 2.0
21:03:11.0004 4752  Product type: Workstation
21:03:11.0005 4752  ComputerName: *****VISTA
21:03:11.0005 4752  UserName: ****
21:03:11.0005 4752  Windows directory: C:\Windows
21:03:11.0005 4752  System windows directory: C:\Windows
21:03:11.0005 4752  Running under WOW64
21:03:11.0005 4752  Processor architecture: Intel x64
21:03:11.0005 4752  Number of processors: 3
21:03:11.0005 4752  Page size: 0x1000
21:03:11.0005 4752  Boot type: Normal boot
21:03:11.0005 4752  ============================================================
21:03:12.0088 4752  Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:03:12.0089 4752  Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:03:12.0108 4752  Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:03:12.0115 4752  Drive \Device\Harddisk3\DR3 - Size: 0x3BD800000 (14.96 Gb), SectorSize: 0x200, Cylinders: 0x7A1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:03:12.0116 4752  Drive \Device\Harddisk4\DR4 - Size: 0x2BAA0F76000 (2794.52 Gb), SectorSize: 0x200, Cylinders: 0x59100, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:03:12.0137 4752  Drive \Device\Harddisk5\DR5 - Size: 0xEFF4FE00 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:03:12.0155 4752  ============================================================
21:03:12.0156 4752  \Device\Harddisk1\DR1:
21:03:12.0156 4752  MBR partitions:
21:03:12.0156 4752  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1869E559
21:03:12.0156 4752  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x1869E800, BlocksNum 0x321B9000
21:03:12.0156 4752  \Device\Harddisk2\DR2:
21:03:12.0156 4752  MBR partitions:
21:03:12.0156 4752  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
21:03:12.0156 4752  \Device\Harddisk0\DR0:
21:03:12.0166 4752  MBR partitions:
21:03:12.0166 4752  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
21:03:12.0166 4752  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC34F2CC, BlocksNum 0x16B9BA75
21:03:12.0166 4752  \Device\Harddisk3\DR3:
21:03:12.0166 4752  MBR partitions:
21:03:12.0166 4752  \Device\Harddisk3\DR3\Partition1: MBR, Type 0xC, StartLBA 0x80, BlocksNum 0x1DEBF80
21:03:12.0166 4752  \Device\Harddisk4\DR4:
21:03:12.0167 4752  GPT partitions:
21:03:12.0167 4752  \Device\Harddisk4\DR4\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {4DC22970-F385-4339-A650-38D61ECC0FB0}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000
21:03:12.0167 4752  \Device\Harddisk4\DR4\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {0207D095-BB98-4F0A-9AE8-50C8343746CA}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0x5D4C7000
21:03:12.0167 4752  MBR partitions:
21:03:12.0167 4752  \Device\Harddisk5\DR5:
21:03:12.0169 4752  MBR partitions:
21:03:12.0169 4752  \Device\Harddisk5\DR5\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x77FA40
21:03:12.0169 4752  ============================================================
21:03:12.0202 4752  C: <-> \Device\Harddisk1\DR1\Partition2
21:03:12.0226 4752  D: <-> \Device\Harddisk1\DR1\Partition1
21:03:12.0251 4752  F: <-> \Device\Harddisk0\DR0\Partition1
21:03:12.0292 4752  G: <-> \Device\Harddisk0\DR0\Partition2
21:03:12.0299 4752  H: <-> \Device\Harddisk2\DR2\Partition1
21:03:12.0345 4752  X: <-> \Device\Harddisk4\DR4\Partition2
21:03:12.0345 4752  ============================================================
21:03:12.0345 4752  Initialize success
21:03:12.0345 4752  ============================================================
21:04:33.0522 0600  ============================================================
21:04:33.0522 0600  Scan started
21:04:33.0522 0600  Mode: Manual; SigCheck; TDLFS; 
21:04:33.0522 0600  ============================================================
21:04:34.0358 0600  ================ Scan system memory ========================
21:04:34.0359 0600  System memory - ok
21:04:34.0360 0600  ================ Scan services =============================
21:04:34.0443 0600  !SASCORE - ok
21:04:34.0556 0600  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:04:34.0816 0600  ACDaemon - ok
21:04:34.0907 0600  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
21:04:34.0932 0600  ACPI - ok
21:04:34.0971 0600  [ F14215E37CF124104575073F782111D2 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
21:04:35.0008 0600  adp94xx - ok
21:04:35.0063 0600  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci         C:\Windows\system32\drivers\adpahci.sys
21:04:35.0088 0600  adpahci - ok
21:04:35.0112 0600  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
21:04:35.0145 0600  adpu160m - ok
21:04:35.0166 0600  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
21:04:35.0201 0600  adpu320 - ok
21:04:35.0229 0600  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:04:35.0317 0600  AeLookupSvc - ok
21:04:35.0357 0600  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD             C:\Windows\system32\drivers\afd.sys
21:04:35.0442 0600  AFD - ok
21:04:35.0461 0600  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
21:04:35.0491 0600  agp440 - ok
21:04:35.0510 0600  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
21:04:35.0550 0600  aic78xx - ok
21:04:35.0567 0600  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG             C:\Windows\System32\alg.exe
21:04:35.0675 0600  ALG - ok
21:04:35.0692 0600  [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:04:35.0718 0600  aliide - ok
21:04:35.0765 0600  [ 20C8A3E435A47F0408A1EA674AFA6194 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:04:35.0817 0600  AMD External Events Utility - ok
21:04:35.0865 0600  AMD FUEL Service - ok
21:04:35.0882 0600  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
21:04:35.0901 0600  amdide - ok
21:04:35.0913 0600  amdide64 - ok
21:04:35.0933 0600  [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64        C:\Windows\system32\DRIVERS\amdiox64.sys
21:04:35.0946 0600  amdiox64 - ok
21:04:35.0965 0600  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
21:04:36.0037 0600  AmdK8 - ok
21:04:36.0253 0600  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:04:36.0676 0600  amdkmdag - ok
21:04:36.0700 0600  [ 0E57258E5CC4CC7A9A9A877AFDF0CEC6 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
21:04:36.0754 0600  amdkmdap - ok
21:04:36.0793 0600  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
21:04:36.0822 0600  AntiVirSchedulerService - ok
21:04:36.0848 0600  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
21:04:36.0866 0600  AntiVirService - ok
21:04:36.0955 0600  [ F160ECCE1500A5A5877C123584E86B17 ] AODDriver       C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys
21:04:36.0969 0600  AODDriver - ok
21:04:37.0010 0600  [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.01   C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
21:04:37.0036 0600  AODDriver4.01 - ok
21:04:37.0067 0600  [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
21:04:37.0090 0600  AODDriver4.1 - ok
21:04:37.0212 0600  [ 22C0E98D5E4E46BF2C944E57E27519DA ] AODService      C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
21:04:37.0230 0600  AODService ( UnsignedFile.Multi.Generic ) - warning
21:04:37.0230 0600  AODService - detected UnsignedFile.Multi.Generic (1)
21:04:37.0265 0600  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo         C:\Windows\System32\appinfo.dll
21:04:37.0335 0600  Appinfo - ok
21:04:37.0387 0600  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:04:37.0425 0600  Apple Mobile Device - ok
21:04:37.0448 0600  [ 3DA98C07B18A676180FE7EED924D1673 ] AppMgmt         C:\Windows\System32\appmgmts.dll
21:04:37.0497 0600  AppMgmt - ok
21:04:37.0522 0600  [ BA8417D4765F3988FF921F30F630E303 ] arc             C:\Windows\system32\drivers\arc.sys
21:04:37.0557 0600  arc - ok
21:04:37.0574 0600  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
21:04:37.0606 0600  arcsas - ok
21:04:37.0667 0600  aspnet_state - ok
21:04:37.0682 0600  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:04:37.0778 0600  AsyncMac - ok
21:04:37.0796 0600  [ E68D9B3A3905619732F7FE039466A623 ] atapi           C:\Windows\system32\drivers\atapi.sys
21:04:37.0812 0600  atapi - ok
21:04:37.0866 0600  [ 917692CDF8E1CE00D9752FA40615338B ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys
21:04:37.0880 0600  AtiHDAudioService - ok
21:04:37.0928 0600  [ 6831C91C74AFC9F1D88E1CCCABADA12B ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
21:04:37.0944 0600  AtiHdmiService - ok
21:04:38.0203 0600  [ 0B45C18B0F3EE996D25BAA4E74884B83 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
21:04:38.0640 0600  atikmdag - ok
21:04:38.0671 0600  [ DB0D3DE15EDC96E7529FC0D3F7760894 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
21:04:38.0695 0600  AtiPcie - ok
21:04:38.0736 0600  [ FC0E8778C000291CAF60EB88C011E931 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
21:04:38.0781 0600  atksgt - ok
21:04:38.0818 0600  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:04:38.0950 0600  AudioEndpointBuilder - ok
21:04:38.0967 0600  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
21:04:39.0011 0600  AudioSrv - ok
21:04:39.0029 0600  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:04:39.0046 0600  avgntflt - ok
21:04:39.0071 0600  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:04:39.0095 0600  avipbb - ok
21:04:39.0122 0600  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:04:39.0135 0600  avkmgr - ok
21:04:39.0159 0600  Beep - ok
21:04:39.0190 0600  [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE             C:\Windows\System32\bfe.dll
21:04:39.0244 0600  BFE - ok
21:04:39.0280 0600  [ 6D316F4859634071CC25C4FD4589AD2C ] BITS            C:\Windows\system32\qmgr.dll
21:04:39.0366 0600  BITS - ok
21:04:39.0384 0600  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
21:04:39.0437 0600  blbdrive - ok
21:04:39.0467 0600  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:04:39.0497 0600  Bonjour Service - ok
21:04:39.0513 0600  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:04:39.0543 0600  bowser - ok
21:04:39.0564 0600  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
21:04:39.0619 0600  BrFiltLo - ok
21:04:39.0633 0600  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
21:04:39.0702 0600  BrFiltUp - ok
21:04:39.0728 0600  [ A1B39DE453433B115B4EA69EE0343816 ] Browser         C:\Windows\System32\browser.dll
21:04:39.0815 0600  Browser - ok
21:04:39.0843 0600  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid         C:\Windows\system32\drivers\brserid.sys
21:04:39.0985 0600  Brserid - ok
21:04:40.0003 0600  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
21:04:40.0118 0600  BrSerWdm - ok
21:04:40.0136 0600  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
21:04:40.0270 0600  BrUsbMdm - ok
21:04:40.0287 0600  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
21:04:40.0369 0600  BrUsbSer - ok
21:04:40.0382 0600  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
21:04:40.0456 0600  BTHMODEM - ok
21:04:40.0488 0600  catchme - ok
21:04:40.0505 0600  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:04:40.0557 0600  cdfs - ok
21:04:40.0583 0600  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:04:40.0626 0600  cdrom - ok
21:04:40.0656 0600  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc     C:\Windows\System32\certprop.dll
21:04:40.0690 0600  CertPropSvc - ok
21:04:40.0707 0600  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
21:04:40.0766 0600  circlass - ok
21:04:40.0786 0600  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
21:04:40.0825 0600  CLFS - ok
21:04:40.0849 0600  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:04:40.0864 0600  clr_optimization_v2.0.50727_32 - ok
21:04:40.0903 0600  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:04:40.0916 0600  clr_optimization_v2.0.50727_64 - ok
21:04:40.0965 0600  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:04:40.0984 0600  clr_optimization_v4.0.30319_32 - ok
21:04:41.0017 0600  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:04:41.0046 0600  clr_optimization_v4.0.30319_64 - ok
21:04:41.0060 0600  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:04:41.0074 0600  cmdide - ok
21:04:41.0091 0600  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
21:04:41.0106 0600  Compbatt - ok
21:04:41.0111 0600  COMSysApp - ok
21:04:41.0122 0600  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
21:04:41.0137 0600  crcdisk - ok
21:04:41.0176 0600  [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:04:41.0213 0600  CryptSvc - ok
21:04:41.0238 0600  [ F60F50C8ED3FCBE358430B95FE27D09C ] CSC             C:\Windows\system32\drivers\csc.sys
21:04:41.0291 0600  CSC - ok
21:04:41.0328 0600  [ 1B5F256D31836ED2BA60B3A6C800200C ] CscService      C:\Windows\System32\cscsvc.dll
21:04:41.0401 0600  CscService - ok
21:04:41.0455 0600  [ A5BEA0E5C297F5F3835638A87E512FBA ] CTDevice_Srv    C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
21:04:41.0482 0600  CTDevice_Srv ( UnsignedFile.Multi.Generic ) - warning
21:04:41.0482 0600  CTDevice_Srv - detected UnsignedFile.Multi.Generic (1)
21:04:41.0517 0600  [ 8E26D772F53B7883A651E0E4A9598F21 ] CTUPnPSv        C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe
21:04:41.0526 0600  CTUPnPSv ( UnsignedFile.Multi.Generic ) - warning
21:04:41.0526 0600  CTUPnPSv - detected UnsignedFile.Multi.Generic (1)
21:04:41.0563 0600  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:04:41.0681 0600  DcomLaunch - ok
21:04:41.0721 0600  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:04:41.0768 0600  DfsC - ok
21:04:41.0871 0600  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
21:04:42.0036 0600  DFSR - ok
21:04:42.0068 0600  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
21:04:42.0132 0600  Dhcp - ok
21:04:42.0157 0600  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
21:04:42.0173 0600  disk - ok
21:04:42.0202 0600  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:04:42.0252 0600  Dnscache - ok
21:04:42.0284 0600  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:04:42.0326 0600  dot3svc - ok
21:04:42.0352 0600  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS             C:\Windows\system32\dps.dll
21:04:42.0404 0600  DPS - ok
21:04:42.0426 0600  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:04:42.0455 0600  drmkaud - ok
21:04:42.0493 0600  [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:04:42.0547 0600  DXGKrnl - ok
21:04:42.0578 0600  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
21:04:42.0629 0600  E1G60 - ok
21:04:42.0645 0600  EagleX64 - ok
21:04:42.0661 0600  [ C2303883FD9BE49DC36A6400643002EA ] EapHost         C:\Windows\System32\eapsvc.dll
21:04:42.0704 0600  EapHost - ok
21:04:42.0722 0600  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
21:04:42.0740 0600  Ecache - ok
21:04:42.0760 0600  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
21:04:42.0793 0600  elxstor - ok
21:04:42.0826 0600  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
21:04:42.0852 0600  EMDMgmt - ok
21:04:42.0910 0600  [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
21:04:42.0924 0600  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning
21:04:42.0924 0600  EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)
21:04:42.0971 0600  [ 7DB097F4F6786307168C0DDDEC43A565 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
21:04:43.0013 0600  EPSON_EB_RPCV4_04 - ok
21:04:43.0032 0600  [ 258AA65A0862E19B7DE6981FDA3758AD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
21:04:43.0065 0600  EPSON_PM_RPCV4_04 - ok
21:04:43.0079 0600  [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:04:43.0157 0600  ErrDev - ok
21:04:43.0203 0600  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem     C:\Windows\system32\es.dll
21:04:43.0279 0600  EventSystem - ok
21:04:43.0302 0600  [ 486844F47B6636044A42454614ED4523 ] exfat           C:\Windows\system32\drivers\exfat.sys
21:04:43.0343 0600  exfat - ok
21:04:43.0370 0600  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:04:43.0407 0600  fastfat - ok
21:04:43.0438 0600  [ 989A776A2FF32A148FCF15C44058B129 ] Fax             C:\Windows\system32\fxssvc.exe
21:04:43.0507 0600  Fax - ok
21:04:43.0526 0600  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:04:43.0577 0600  fdc - ok
21:04:43.0587 0600  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost         C:\Windows\system32\fdPHost.dll
21:04:43.0629 0600  fdPHost - ok
21:04:43.0645 0600  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
21:04:43.0717 0600  FDResPub - ok
21:04:43.0762 0600  [ 575366CAF3300059E50E59A49B363DAC ] File Backup     C:\Program Files (x86)\Starfield\offSyncService.exe
21:04:43.0830 0600  File Backup - ok
21:04:43.0850 0600  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:04:43.0869 0600  FileInfo - ok
21:04:43.0885 0600  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:04:43.0943 0600  Filetrace - ok
21:04:43.0950 0600  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:04:43.0994 0600  flpydisk - ok
21:04:44.0018 0600  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:04:44.0050 0600  FltMgr - ok
21:04:44.0090 0600  [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache       C:\Windows\system32\FntCache.dll
21:04:44.0209 0600  FontCache - ok
21:04:44.0253 0600  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:04:44.0278 0600  FontCache3.0.0.0 - ok
21:04:44.0312 0600  [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
21:04:44.0338 0600  fssfltr - ok
21:04:44.0402 0600  [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
21:04:44.0525 0600  fsssvc - ok
21:04:44.0549 0600  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:04:44.0587 0600  Fs_Rec - ok
21:04:44.0618 0600  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
21:04:44.0648 0600  gagp30kx - ok
21:04:44.0684 0600  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:04:44.0708 0600  GEARAspiWDM - ok
21:04:44.0748 0600  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:04:44.0842 0600  gpsvc - ok
21:04:44.0883 0600  [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:04:44.0935 0600  HdAudAddService - ok
21:04:44.0977 0600  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
21:04:45.0110 0600  HDAudBus - ok
21:04:45.0132 0600  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
21:04:45.0272 0600  HidBth - ok
21:04:45.0288 0600  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr           C:\Windows\system32\drivers\hidir.sys
21:04:45.0423 0600  HidIr - ok
21:04:45.0449 0600  [ 59361D38A297755D46A540E450202B2A ] hidserv         C:\Windows\System32\hidserv.dll
21:04:45.0516 0600  hidserv - ok
21:04:45.0533 0600  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:04:45.0598 0600  HidUsb - ok
21:04:45.0643 0600  [ 82B2A78BCA8CA0B63BF09005783C6548 ] HiPatchService  X:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
21:04:45.0665 0600  HiPatchService ( UnsignedFile.Multi.Generic ) - warning
21:04:45.0665 0600  HiPatchService - detected UnsignedFile.Multi.Generic (1)
21:04:45.0694 0600  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:04:45.0744 0600  hkmsvc - ok
21:04:45.0769 0600  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
21:04:45.0784 0600  HpCISSs - ok
21:04:45.0827 0600  [ 894A75A3D6BFD97D73BF60D3022B567A ] HTCAND64        C:\Windows\system32\Drivers\ANDROIDUSB.sys
21:04:45.0867 0600  HTCAND64 - ok
21:04:45.0964 0600  [ 5C8BC8A28798FD010E7ABC4E0D588CAA ] HTCMonitorService C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
21:04:45.0988 0600  HTCMonitorService - ok
21:04:46.0017 0600  [ 4F6C3122817049997CD696D4A38BFACB ] htcnprot        C:\Windows\system32\DRIVERS\htcnprot.sys
21:04:46.0041 0600  htcnprot - ok
21:04:46.0083 0600  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:04:46.0159 0600  HTTP - ok
21:04:46.0184 0600  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
21:04:46.0217 0600  i2omp - ok
21:04:46.0248 0600  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
21:04:46.0313 0600  i8042prt - ok
21:04:46.0333 0600  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
21:04:46.0373 0600  iaStorV - ok
21:04:46.0410 0600  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:04:46.0424 0600  IDriverT ( UnsignedFile.Multi.Generic ) - warning
21:04:46.0424 0600  IDriverT - detected UnsignedFile.Multi.Generic (1)
21:04:46.0477 0600  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:04:46.0550 0600  idsvc - ok
21:04:46.0567 0600  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
21:04:46.0594 0600  iirsp - ok
21:04:46.0622 0600  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
21:04:46.0723 0600  IKEEXT - ok
21:04:46.0791 0600  [ E5C695ECC8D7B732B3D180C37DAC099A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:04:46.0891 0600  IntcAzAudAddService - ok
21:04:46.0910 0600  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
21:04:46.0926 0600  intelide - ok
21:04:46.0949 0600  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:04:47.0024 0600  intelppm - ok
21:04:47.0044 0600  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:04:47.0131 0600  IPBusEnum - ok
21:04:47.0167 0600  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:04:47.0227 0600  IpFilterDriver - ok
21:04:47.0254 0600  [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:04:47.0308 0600  iphlpsvc - ok
21:04:47.0313 0600  IpInIp - ok
21:04:47.0342 0600  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
21:04:47.0452 0600  IPMIDRV - ok
21:04:47.0471 0600  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
21:04:47.0527 0600  IPNAT - ok
21:04:47.0572 0600  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
21:04:47.0624 0600  iPod Service - ok
21:04:47.0652 0600  [ 86583188C7157FFDA249529423FC3E6F ] irda            C:\Windows\system32\DRIVERS\irda.sys
21:04:47.0718 0600  irda - ok
21:04:47.0728 0600  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:04:47.0774 0600  IRENUM - ok
21:04:47.0791 0600  [ B78AF3C5820C0AC3183549EF8C671E67 ] Irmon           C:\Windows\System32\irmon.dll
21:04:47.0884 0600  Irmon - ok
21:04:47.0909 0600  [ D2CA12736624BA636F8357DC3EF0757E ] irsir           C:\Windows\system32\DRIVERS\irsir.sys
21:04:47.0963 0600  irsir - ok
21:04:47.0980 0600  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:04:48.0003 0600  isapnp - ok
21:04:48.0032 0600  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
21:04:48.0053 0600  iScsiPrt - ok
21:04:48.0068 0600  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
21:04:48.0086 0600  iteatapi - ok
21:04:48.0105 0600  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
21:04:48.0119 0600  iteraid - ok
21:04:48.0132 0600  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:04:48.0153 0600  kbdclass - ok
21:04:48.0176 0600  [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:04:48.0213 0600  kbdhid - ok
21:04:48.0231 0600  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
21:04:48.0258 0600  KeyIso - ok
21:04:48.0290 0600  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:04:48.0335 0600  KSecDD - ok
21:04:48.0373 0600  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
21:04:48.0451 0600  ksthunk - ok
21:04:48.0477 0600  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:04:48.0523 0600  KtmRm - ok
21:04:48.0571 0600  [ CE4347E2D90DB2E5517B6F2BC720A862 ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
21:04:48.0589 0600  LADF_CaptureOnly - ok
21:04:48.0613 0600  [ 86DCBF8A41C78561A1DA07AB5E7B1CCC ] LADF_DHP2       C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys
21:04:48.0620 0600  LADF_DHP2 - ok
21:04:48.0648 0600  [ 85A9D21D3AE2EA963E111CB150895877 ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
21:04:48.0662 0600  LADF_RenderOnly - ok
21:04:48.0683 0600  [ 175C04C7813CE64616B5CB046E5E1383 ] LADF_SBVM       C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys
21:04:48.0695 0600  LADF_SBVM - ok
21:04:48.0738 0600  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\System32\srvsvc.dll
21:04:48.0760 0600  LanmanServer - ok
21:04:48.0785 0600  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:04:48.0813 0600  LanmanWorkstation - ok
21:04:48.0828 0600  [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum       C:\Windows\system32\drivers\LGBusEnum.sys
21:04:48.0838 0600  LGBusEnum - ok
21:04:48.0860 0600  [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid        C:\Windows\system32\drivers\LGVirHid.sys
21:04:48.0869 0600  LGVirHid - ok
21:04:48.0919 0600  [ 83BA097ACAAD0B00505634A62D90F93A ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
21:04:48.0946 0600  lirsgt - ok
21:04:48.0954 0600  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:04:48.0995 0600  lltdio - ok
21:04:49.0022 0600  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:04:49.0067 0600  lltdsvc - ok
21:04:49.0083 0600  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:04:49.0148 0600  lmhosts - ok
21:04:49.0179 0600  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
21:04:49.0210 0600  LSI_FC - ok
21:04:49.0223 0600  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
21:04:49.0240 0600  LSI_SAS - ok
21:04:49.0267 0600  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
21:04:49.0284 0600  LSI_SCSI - ok
21:04:49.0305 0600  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv           C:\Windows\system32\drivers\luafv.sys
21:04:49.0348 0600  luafv - ok
21:04:49.0368 0600  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas         C:\Windows\system32\drivers\megasas.sys
21:04:49.0384 0600  megasas - ok
21:04:49.0414 0600  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
21:04:49.0441 0600  MegaSR - ok
21:04:49.0493 0600  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS           C:\Windows\system32\mmcss.dll
21:04:49.0543 0600  MMCSS - ok
21:04:49.0560 0600  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem           C:\Windows\system32\drivers\modem.sys
21:04:49.0609 0600  Modem - ok
21:04:49.0620 0600  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:04:49.0666 0600  monitor - ok
21:04:49.0678 0600  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:04:49.0693 0600  mouclass - ok
21:04:49.0707 0600  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:04:49.0755 0600  mouhid - ok
21:04:49.0773 0600  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
21:04:49.0789 0600  MountMgr - ok
21:04:49.0850 0600  [ 4D7F2682D29B92A6251B17957AA0B985 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:04:49.0865 0600  MozillaMaintenance - ok
21:04:49.0889 0600  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:04:49.0922 0600  mpio - ok
21:04:49.0935 0600  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:04:49.0993 0600  mpsdrv - ok
21:04:50.0032 0600  [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:04:50.0140 0600  MpsSvc - ok
21:04:50.0162 0600  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
21:04:50.0188 0600  Mraid35x - ok
21:04:50.0209 0600  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:04:50.0236 0600  MRxDAV - ok
21:04:50.0260 0600  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:04:50.0280 0600  mrxsmb - ok
21:04:50.0305 0600  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:04:50.0328 0600  mrxsmb10 - ok
21:04:50.0337 0600  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:04:50.0381 0600  mrxsmb20 - ok
21:04:50.0397 0600  [ 1AC860612B85D8E85EE257D372E39F4D ] msahci          C:\Windows\system32\drivers\msahci.sys
21:04:50.0414 0600  msahci - ok
21:04:50.0429 0600  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:04:50.0447 0600  msdsm - ok
21:04:50.0466 0600  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC           C:\Windows\System32\msdtc.exe
21:04:50.0531 0600  MSDTC - ok
21:04:50.0557 0600  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:04:50.0607 0600  Msfs - ok
21:04:50.0651 0600  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:04:50.0666 0600  msisadrv - ok
21:04:50.0691 0600  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:04:50.0737 0600  MSiSCSI - ok
21:04:50.0743 0600  msiserver - ok
21:04:50.0763 0600  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:04:50.0811 0600  MSKSSRV - ok
21:04:50.0824 0600  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:04:50.0867 0600  MSPCLOCK - ok
21:04:50.0885 0600  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:04:50.0932 0600  MSPQM - ok
21:04:50.0949 0600  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:04:50.0970 0600  MsRPC - ok
21:04:50.0990 0600  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
21:04:51.0005 0600  mssmbios - ok
21:04:51.0018 0600  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:04:51.0079 0600  MSTEE - ok
21:04:51.0087 0600  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:04:51.0103 0600  Mup - ok
21:04:51.0131 0600  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
21:04:51.0229 0600  napagent - ok
21:04:51.0260 0600  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:04:51.0305 0600  NativeWifiP - ok
21:04:51.0350 0600  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:04:51.0424 0600  NDIS - ok
21:04:51.0448 0600  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:04:51.0500 0600  NdisTapi - ok
21:04:51.0516 0600  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:04:51.0606 0600  Ndisuio - ok
21:04:51.0625 0600  [ F8158771905260982CE724076419EF19 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:04:51.0671 0600  NdisWan - ok
21:04:51.0693 0600  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:04:51.0728 0600  NDProxy - ok
21:04:51.0747 0600  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:04:51.0799 0600  NetBIOS - ok
21:04:51.0824 0600  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
21:04:51.0868 0600  netbt - ok
21:04:51.0880 0600  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
21:04:51.0895 0600  Netlogon - ok
21:04:51.0917 0600  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
21:04:51.0977 0600  Netman - ok
21:04:51.0993 0600  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
21:04:52.0042 0600  netprofm - ok
21:04:52.0078 0600  [ C553716F6F7BCA3444CEE52DFB7C9016 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
21:04:52.0143 0600  netr28ux - ok
21:04:52.0168 0600  [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:04:52.0188 0600  NetTcpPortSharing - ok
21:04:52.0207 0600  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
21:04:52.0234 0600  nfrd960 - ok
21:04:52.0290 0600  [ 3FF685CB7185D613D8317A7F17C97BA8 ] NitroReaderDriverReadSpool2 C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
21:04:52.0330 0600  NitroReaderDriverReadSpool2 - ok
21:04:52.0350 0600  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:04:52.0430 0600  NlaSvc - ok
21:04:52.0539 0600  [ F554C5FD7BD1EFA4DA5CFE2EED86391F ] nm3             C:\Windows\system32\DRIVERS\nm3.sys
21:04:52.0556 0600  nm3 - ok
21:04:52.0606 0600  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:04:52.0658 0600  Npfs - ok
21:04:52.0765 0600  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi             C:\Windows\system32\nsisvc.dll
21:04:52.0873 0600  nsi - ok
21:04:52.0891 0600  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:04:52.0944 0600  nsiproxy - ok
21:04:52.0990 0600  [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:04:53.0071 0600  Ntfs - ok
21:04:53.0091 0600  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
21:04:53.0145 0600  Null - ok
21:04:53.0173 0600  [ 285ACEC1B13A15BA520AAE06BACB9CFF ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
21:04:53.0188 0600  nusb3hub - ok
21:04:53.0213 0600  [ F6D625FF7B56BB6EA063F0D3A5BBC996 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:04:53.0228 0600  nusb3xhc - ok
21:04:53.0245 0600  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:04:53.0263 0600  nvraid - ok
21:04:53.0279 0600  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:04:53.0295 0600  nvstor - ok
21:04:53.0313 0600  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:04:53.0330 0600  nv_agp - ok
21:04:53.0337 0600  NwlnkFlt - ok
21:04:53.0347 0600  NwlnkFwd - ok
21:04:53.0370 0600  [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:04:53.0449 0600  ohci1394 - ok
21:04:53.0476 0600  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
21:04:53.0556 0600  p2pimsvc - ok
21:04:53.0581 0600  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
21:04:53.0621 0600  p2psvc - ok
21:04:53.0644 0600  [ AECD57F94C887F58919F307C35498EA0 ] Parport         C:\Windows\system32\drivers\parport.sys
21:04:53.0725 0600  Parport - ok
21:04:53.0746 0600  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:04:53.0763 0600  partmgr - ok
21:04:53.0795 0600  [ 9987ABA0E5DD0D46C95076B157B38C06 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
21:04:53.0811 0600  PassThru Service ( UnsignedFile.Multi.Generic ) - warning
21:04:53.0811 0600  PassThru Service - detected UnsignedFile.Multi.Generic (1)
21:04:53.0834 0600  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:04:53.0869 0600  PcaSvc - ok
21:04:53.0893 0600  [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
21:04:53.0921 0600  pccsmcfd - ok
21:04:53.0949 0600  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci             C:\Windows\system32\drivers\pci.sys
21:04:53.0968 0600  pci - ok
21:04:53.0990 0600  [ 2657F6C0B78C36D95034BE109336E382 ] pciide          C:\Windows\system32\drivers\pciide.sys
21:04:54.0005 0600  pciide - ok
21:04:54.0023 0600  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
21:04:54.0040 0600  pcmcia - ok
21:04:54.0064 0600  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:04:54.0180 0600  PEAUTH - ok
21:04:54.0242 0600  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
21:04:54.0327 0600  PerfHost - ok
21:04:54.0387 0600  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla             C:\Windows\system32\pla.dll
21:04:54.0489 0600  pla - ok
21:04:54.0514 0600  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:04:54.0550 0600  PlugPlay - ok
21:04:54.0556 0600  PnkBstrA - ok
21:04:54.0586 0600  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
21:04:54.0631 0600  PNRPAutoReg - ok
21:04:54.0659 0600  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc         C:\Windows\system32\p2psvc.dll
21:04:54.0694 0600  PNRPsvc - ok
21:04:54.0728 0600  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:04:54.0816 0600  PolicyAgent - ok
21:04:54.0849 0600  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:04:54.0900 0600  PptpMiniport - ok
21:04:54.0913 0600  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:04:54.0954 0600  Processor - ok
21:04:54.0975 0600  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc         C:\Windows\system32\profsvc.dll
21:04:55.0013 0600  ProfSvc - ok
21:04:55.0028 0600  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
21:04:55.0044 0600  ProtectedStorage - ok
21:04:55.0069 0600  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
21:04:55.0122 0600  PSched - ok
21:04:55.0159 0600  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
21:04:55.0260 0600  ql2300 - ok
21:04:55.0280 0600  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
21:04:55.0310 0600  ql40xx - ok
21:04:55.0333 0600  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE           C:\Windows\system32\qwave.dll
21:04:55.0394 0600  QWAVE - ok
21:04:55.0408 0600  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:04:55.0439 0600  QWAVEdrv - ok
21:04:55.0451 0600  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:04:55.0535 0600  RasAcd - ok
21:04:55.0548 0600  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto         C:\Windows\System32\rasauto.dll
21:04:55.0632 0600  RasAuto - ok
21:04:55.0651 0600  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:04:55.0704 0600  Rasl2tp - ok
21:04:55.0721 0600  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
21:04:55.0794 0600  RasMan - ok
21:04:55.0812 0600  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:04:55.0856 0600  RasPppoe - ok
21:04:55.0883 0600  [ C6A593B51F34C33E5474539544072527 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:04:55.0901 0600  RasSstp - ok
21:04:55.0918 0600  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:04:55.0961 0600  rdbss - ok
21:04:55.0973 0600  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:04:56.0014 0600  RDPCDD - ok
21:04:56.0037 0600  [ AE23E79B13FEB62939E2CA1189E71735 ] rdpdr           C:\Windows\system32\DRIVERS\rdpdr.sys
21:04:56.0086 0600  rdpdr - ok
21:04:56.0093 0600  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:04:56.0150 0600  RDPENCDD - ok
21:04:56.0185 0600  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:04:56.0218 0600  RDPWD - ok
21:04:56.0241 0600  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:04:56.0309 0600  RemoteAccess - ok
21:04:56.0337 0600  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:04:56.0380 0600  RemoteRegistry - ok
21:04:56.0407 0600  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
21:04:56.0436 0600  RpcLocator - ok
21:04:56.0478 0600  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs           C:\Windows\system32\rpcss.dll
21:04:56.0551 0600  RpcSs - ok
21:04:56.0573 0600  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:04:56.0659 0600  rspndr - ok
21:04:56.0683 0600  [ 0EECD4B43EB917BD08BBE1738D7ECB11 ] s1018bus        C:\Windows\system32\DRIVERS\s1018bus.sys
21:04:56.0700 0600  s1018bus - ok
21:04:56.0718 0600  [ 6F892723F1F694430F86E5FA01763C8A ] s1018mdfl       C:\Windows\system32\DRIVERS\s1018mdfl.sys
21:04:56.0729 0600  s1018mdfl - ok
21:04:56.0747 0600  [ F7CFC8AC6F7F5F34721E6D10098C7AA3 ] s1018mdm        C:\Windows\system32\DRIVERS\s1018mdm.sys
21:04:56.0761 0600  s1018mdm - ok
21:04:56.0781 0600  [ 455F361D8D605F059C83AB1016AD0E00 ] s1018mgmt       C:\Windows\system32\DRIVERS\s1018mgmt.sys
21:04:56.0795 0600  s1018mgmt - ok
21:04:56.0815 0600  [ 3F69CA63B7157885ABBE8F4D559AEC8A ] s1018nd5        C:\Windows\system32\DRIVERS\s1018nd5.sys
21:04:56.0827 0600  s1018nd5 - ok
21:04:56.0842 0600  [ FD370AF1C196E2B339EA32819BEC1B9A ] s1018obex       C:\Windows\system32\DRIVERS\s1018obex.sys
21:04:56.0869 0600  s1018obex - ok
21:04:56.0883 0600  [ 0A46DA0B8B162AF0EFB33BEA11A6EF3A ] s1018unic       C:\Windows\system32\DRIVERS\s1018unic.sys
21:04:56.0901 0600  s1018unic - ok
21:04:56.0911 0600  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs           C:\Windows\system32\lsass.exe
21:04:56.0928 0600  SamSs - ok
21:04:57.0000 0600  SASDIFSV - ok
21:04:57.0006 0600  SASKUTIL - ok
21:04:57.0030 0600  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:04:57.0045 0600  sbp2port - ok
21:04:57.0065 0600  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:04:57.0102 0600  SCardSvr - ok
21:04:57.0139 0600  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
21:04:57.0229 0600  Schedule - ok
21:04:57.0250 0600  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:04:57.0307 0600  SCPolicySvc - ok
21:04:57.0338 0600  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:04:57.0388 0600  SDRSVC - ok
21:04:57.0401 0600  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:04:57.0524 0600  secdrv - ok
21:04:57.0535 0600  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
21:04:57.0617 0600  seclogon - ok
21:04:57.0640 0600  [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri         C:\Windows\system32\DRIVERS\seehcri.sys
21:04:57.0675 0600  seehcri - ok
21:04:57.0689 0600  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\system32\sens.dll
21:04:57.0772 0600  SENS - ok
21:04:57.0797 0600  [ 2449316316411D65BD2C761A6FFB2CE2 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:04:57.0924 0600  Serenum - ok
21:04:57.0955 0600  [ 4B438170BE2FC8E0BD35EE87A960F84F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:04:58.0024 0600  Serial - ok
21:04:58.0041 0600  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
21:04:58.0088 0600  sermouse - ok
21:04:58.0117 0600  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:04:58.0170 0600  SessionEnv - ok
21:04:58.0202 0600  [ 4FCACE92BB0345D58BB96ADBD69F5237 ] sfdrv01         C:\Windows\system32\drivers\sfdrv01.sys
21:04:58.0215 0600  sfdrv01 - ok
21:04:58.0239 0600  [ 14D4B4465193A87C127933978E8C4106 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:04:58.0308 0600  sffdisk - ok
21:04:58.0315 0600  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:04:58.0356 0600  sffp_mmc - ok
21:04:58.0369 0600  [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:04:58.0446 0600  sffp_sd - ok
21:04:58.0465 0600  [ 17F6BD95BF04B924F4C05CE78BEF8AE6 ] sfhlp02         C:\Windows\system32\drivers\sfhlp02.sys
21:04:58.0478 0600  sfhlp02 - ok
21:04:58.0497 0600  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
21:04:58.0608 0600  sfloppy - ok
21:04:58.0622 0600  [ 758D7842A48FE194BE08BAAF095285BE ] sfsync04        C:\Windows\system32\drivers\sfsync04.sys
21:04:58.0643 0600  sfsync04 - ok
21:04:58.0672 0600  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:04:58.0733 0600  SharedAccess - ok
21:04:58.0764 0600  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:04:58.0788 0600  ShellHWDetection - ok
21:04:58.0797 0600  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
21:04:58.0812 0600  SiSRaid2 - ok
21:04:58.0829 0600  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
21:04:58.0845 0600  SiSRaid4 - ok
21:04:58.0884 0600  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
21:04:58.0900 0600  SkypeUpdate - ok
21:04:58.0961 0600  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc           C:\Windows\system32\SLsvc.exe
21:04:59.0099 0600  slsvc - ok
21:04:59.0116 0600  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
21:04:59.0170 0600  SLUINotify - ok
21:04:59.0185 0600  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:04:59.0219 0600  Smb - ok
21:04:59.0242 0600  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:04:59.0271 0600  SNMPTRAP - ok
21:04:59.0289 0600  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr           C:\Windows\system32\drivers\spldr.sys
21:04:59.0305 0600  spldr - ok
21:04:59.0329 0600  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler         C:\Windows\System32\spoolsv.exe
21:04:59.0362 0600  Spooler - ok
21:04:59.0393 0600  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:04:59.0443 0600  srv - ok
21:04:59.0456 0600  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:04:59.0480 0600  srv2 - ok
21:04:59.0500 0600  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:04:59.0521 0600  srvnet - ok
21:04:59.0540 0600  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:04:59.0592 0600  SSDPSRV - ok
21:04:59.0627 0600  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:04:59.0660 0600  SstpSvc - ok
21:04:59.0678 0600  Steam Client Service - ok
21:04:59.0703 0600  [ 14B4DB4381E4A55F570D8BB699B791D6 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
21:04:59.0739 0600  StillCam - ok
21:04:59.0770 0600  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
21:04:59.0836 0600  stisvc - ok
21:04:59.0849 0600  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
21:04:59.0863 0600  swenum - ok
21:04:59.0887 0600  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv           C:\Windows\System32\swprv.dll
21:04:59.0963 0600  swprv - ok
21:04:59.0979 0600  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
21:04:59.0993 0600  Symc8xx - ok
21:05:00.0010 0600  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
21:05:00.0024 0600  Sym_hi - ok
21:05:00.0042 0600  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
21:05:00.0056 0600  Sym_u3 - ok
21:05:00.0090 0600  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain         C:\Windows\system32\sysmain.dll
21:05:00.0147 0600  SysMain - ok
21:05:00.0174 0600  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:05:00.0193 0600  TabletInputService - ok
21:05:00.0217 0600  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:05:00.0259 0600  TapiSrv - ok
21:05:00.0272 0600  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS             C:\Windows\System32\tbssvc.dll
21:05:00.0326 0600  TBS - ok
21:05:00.0376 0600  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:05:00.0439 0600  Tcpip - ok
21:05:00.0480 0600  [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
21:05:00.0539 0600  Tcpip6 - ok
21:05:00.0566 0600  [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:05:00.0599 0600  tcpipreg - ok
21:05:00.0612 0600  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:05:00.0662 0600  TDPIPE - ok
21:05:00.0676 0600  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:05:00.0740 0600  TDTCP - ok
21:05:00.0765 0600  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:05:00.0795 0600  tdx - ok
21:05:00.0811 0600  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
21:05:00.0827 0600  TermDD - ok
21:05:00.0858 0600  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService     C:\Windows\System32\termsrv.dll
21:05:00.0927 0600  TermService - ok
21:05:00.0956 0600  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
21:05:00.0975 0600  Themes - ok
21:05:00.0989 0600  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER     C:\Windows\system32\mmcss.dll
21:05:01.0032 0600  THREADORDER - ok
21:05:01.0049 0600  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
21:05:01.0097 0600  TrkWks - ok
21:05:01.0136 0600  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:05:01.0190 0600  TrustedInstaller - ok
21:05:01.0213 0600  [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:05:01.0299 0600  tssecsrv - ok
21:05:01.0313 0600  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
21:05:01.0350 0600  tunmp - ok
21:05:01.0361 0600  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:05:01.0397 0600  tunnel - ok
21:05:01.0416 0600  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
21:05:01.0447 0600  uagp35 - ok
21:05:01.0480 0600  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:05:01.0549 0600  udfs - ok
21:05:01.0582 0600  [ 47ECBDCDE24A557D5E1BCF8E33A9EE4A ] UDST7000BDA     C:\Windows\system32\DRIVERS\UDST7000BDA.sys
21:05:01.0632 0600  UDST7000BDA - ok
21:05:01.0658 0600  [ 060507C4113391394478F6953A79EEDC ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:05:01.0779 0600  UI0Detect - ok
21:05:01.0800 0600  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:05:01.0823 0600  uliagpkx - ok
21:05:01.0840 0600  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
21:05:01.0862 0600  uliahci - ok
21:05:01.0879 0600  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
21:05:01.0904 0600  UlSata - ok
21:05:01.0923 0600  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
21:05:01.0939 0600  ulsata2 - ok
21:05:01.0957 0600  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
21:05:01.0999 0600  umbus - ok
21:05:02.0026 0600  [ DC5E34F189B827199B9CC8481C648269 ] UmRdpService    C:\Windows\System32\umrdp.dll
21:05:02.0055 0600  UmRdpService - ok
21:05:02.0075 0600  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
21:05:02.0175 0600  upnphost - ok
21:05:02.0200 0600  upperdev - ok
21:05:02.0239 0600  [ B824A44348246645088229BE382997F8 ] USB28xxBGA      C:\Windows\system32\DRIVERS\emBDA64.sys
21:05:02.0294 0600  USB28xxBGA - ok
21:05:02.0344 0600  [ 239CC16B3ABA8063087DF80E85F148B3 ] USB28xxOEM      C:\Windows\system32\DRIVERS\emOEM64.sys
21:05:02.0392 0600  USB28xxOEM - ok
21:05:02.0421 0600  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
21:05:02.0435 0600  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
21:05:02.0435 0600  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
21:05:02.0466 0600  [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
21:05:02.0525 0600  usbaudio - ok
21:05:02.0554 0600  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:05:02.0619 0600  usbccgp - ok
21:05:02.0641 0600  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:05:02.0753 0600  usbcir - ok
21:05:02.0765 0600  [ 827E44DE934A736EA31E91D353EB126F ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:05:02.0799 0600  usbehci - ok
21:05:02.0821 0600  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:05:02.0882 0600  usbhub - ok
21:05:03.0019 0600  [ B76E9292A3D1F6C15FD1AA9C640D348D ] USBMULCD        C:\Windows\system32\drivers\CM10664.sys
21:05:03.0093 0600  USBMULCD - ok
21:05:03.0105 0600  [ E406B003A354776D317762694956B0FC ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
21:05:03.0137 0600  usbohci - ok
21:05:03.0156 0600  [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:05:03.0199 0600  usbprint - ok
21:05:03.0218 0600  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:05:03.0248 0600  USBSTOR - ok
21:05:03.0263 0600  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:05:03.0303 0600  usbuhci - ok
21:05:03.0319 0600  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms           C:\Windows\System32\uxsms.dll
21:05:03.0358 0600  UxSms - ok
21:05:03.0383 0600  [ 294945381DFA7CE58CECF0A9896AF327 ] vds             C:\Windows\System32\vds.exe
21:05:03.0452 0600  vds - ok
21:05:03.0492 0600  [ 236A812DEB27E7CBDBA5FF5D2E246608 ] VF0400Afx       C:\Windows\system32\Drivers\V0400Afx.sys
21:05:03.0520 0600  VF0400Afx - ok
21:05:03.0536 0600  [ 766F689564BC30E5A91F8621CE65AD68 ] VF0400Vfx       C:\Windows\system32\DRIVERS\V0400VFx.sys
21:05:03.0561 0600  VF0400Vfx - ok
21:05:03.0580 0600  [ 2BF7AFBC5C995B5DDA7DA57BFDA481AE ] VF0400Vid       C:\Windows\system32\DRIVERS\V0400Vid.sys
21:05:03.0618 0600  VF0400Vid - ok
21:05:03.0635 0600  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:05:03.0705 0600  vga - ok
21:05:03.0714 0600  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:05:03.0765 0600  VgaSave - ok
21:05:03.0786 0600  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
21:05:03.0799 0600  viaide - ok
21:05:03.0823 0600  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:05:03.0839 0600  volmgr - ok
21:05:03.0862 0600  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:05:03.0888 0600  volmgrx - ok
21:05:03.0917 0600  [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:05:03.0937 0600  volsnap - ok
21:05:03.0959 0600  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
21:05:03.0977 0600  vsmraid - ok
21:05:04.0028 0600  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS             C:\Windows\system32\vssvc.exe
21:05:04.0134 0600  VSS - ok
21:05:04.0167 0600  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time         C:\Windows\system32\w32time.dll
21:05:04.0216 0600  W32Time - ok
21:05:04.0231 0600  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
21:05:04.0324 0600  WacomPen - ok
21:05:04.0351 0600  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
21:05:04.0404 0600  Wanarp - ok
21:05:04.0409 0600  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:05:04.0443 0600  Wanarpv6 - ok
21:05:04.0479 0600  [ 48EEE289DF9E4989128B2283F3EEACC6 ] wbengine        C:\Windows\system32\wbengine.exe
21:05:04.0558 0600  wbengine - ok
21:05:04.0585 0600  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:05:04.0671 0600  wcncsvc - ok
21:05:04.0687 0600  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:05:04.0751 0600  WcsPlugInService - ok
21:05:04.0764 0600  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
21:05:04.0779 0600  Wd - ok
21:05:04.0803 0600  [ D02E7E4567DA1E7582FBF6A91144B0DF ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:05:04.0849 0600  Wdf01000 - ok
21:05:04.0866 0600  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:05:04.0956 0600  WdiServiceHost - ok
21:05:04.0961 0600  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:05:05.0017 0600  WdiSystemHost - ok
21:05:05.0039 0600  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient       C:\Windows\System32\webclnt.dll
21:05:05.0088 0600  WebClient - ok
21:05:05.0120 0600  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:05:05.0185 0600  Wecsvc - ok
21:05:05.0199 0600  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:05:05.0245 0600  wercplsupport - ok
21:05:05.0260 0600  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
21:05:05.0302 0600  WerSvc - ok
21:05:05.0315 0600  WinDefend - ok
21:05:05.0325 0600  WinHttpAutoProxySvc - ok
21:05:05.0370 0600  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:05:05.0430 0600  Winmgmt - ok
21:05:05.0496 0600  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM           C:\Windows\system32\WsmSvc.dll
21:05:05.0640 0600  WinRM - ok
21:05:05.0685 0600  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:05:05.0778 0600  Wlansvc - ok
21:05:05.0827 0600  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:05:05.0854 0600  wlcrasvc - ok
21:05:05.0937 0600  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:05:06.0111 0600  wlidsvc - ok
21:05:06.0136 0600  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
21:05:06.0192 0600  WmiAcpi - ok
21:05:06.0227 0600  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:05:06.0287 0600  wmiApSrv - ok
21:05:06.0312 0600  WMPNetworkSvc - ok
21:05:06.0336 0600  [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:05:06.0364 0600  WPDBusEnum - ok
21:05:06.0376 0600  [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
21:05:06.0407 0600  WpdUsb - ok
21:05:06.0502 0600  [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:05:06.0544 0600  WPFFontCache_v0400 - ok
21:05:06.0564 0600  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:05:06.0648 0600  ws2ifsl - ok
21:05:06.0664 0600  [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc          C:\Windows\system32\wscsvc.dll
21:05:06.0729 0600  wscsvc - ok
21:05:06.0734 0600  WSearch - ok
21:05:06.0817 0600  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
21:05:06.0979 0600  wuauserv - ok
21:05:07.0000 0600  [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:05:07.0082 0600  WUDFRd - ok
21:05:07.0098 0600  [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:05:07.0156 0600  wudfsvc - ok
21:05:07.0241 0600  X6va009 - ok
21:05:07.0256 0600  X6va010 - ok
21:05:07.0297 0600  [ 2AE06B41B36549FABF0886B2AF89A599 ] yukonx64        C:\Windows\system32\DRIVERS\yk60x64.sys
21:05:07.0358 0600  yukonx64 - ok
21:05:07.0369 0600  ================ Scan global ===============================
21:05:07.0390 0600  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
21:05:07.0422 0600  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
21:05:07.0454 0600  [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
21:05:07.0489 0600  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
21:05:07.0497 0600  [Global] - ok
21:05:07.0498 0600  ================ Scan MBR ==================================
21:05:07.0517 0600  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
21:05:08.0626 0600  \Device\Harddisk1\DR1 - ok
21:05:08.0632 0600  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
21:05:09.0558 0600  \Device\Harddisk2\DR2 - ok
21:05:09.0583 0600  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
21:05:10.0016 0600  \Device\Harddisk0\DR0 - ok
21:05:10.0022 0600  [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk3\DR3
21:05:11.0912 0600  \Device\Harddisk3\DR3 - ok
21:05:11.0918 0600  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4
21:05:11.0989 0600  \Device\Harddisk4\DR4 - ok
21:05:11.0997 0600  [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk5\DR5
21:05:12.0144 0600  \Device\Harddisk5\DR5 - ok
21:05:12.0145 0600  ================ Scan VBR ==================================
21:05:12.0159 0600  [ 3C5F0BEC79DAAA250AAD89ABDFA35FEE ] \Device\Harddisk1\DR1\Partition1
21:05:12.0161 0600  \Device\Harddisk1\DR1\Partition1 - ok
21:05:12.0178 0600  [ 6D5A50EE44E40486098AE30A8F4B8434 ] \Device\Harddisk1\DR1\Partition2
21:05:12.0180 0600  \Device\Harddisk1\DR1\Partition2 - ok
21:05:12.0184 0600  [ B820C8EECB48174B355A0EBD59D30FD3 ] \Device\Harddisk2\DR2\Partition1
21:05:12.0188 0600  \Device\Harddisk2\DR2\Partition1 - ok
21:05:12.0194 0600  [ F22A7576C70EA913A89AE7455E98FFFF ] \Device\Harddisk0\DR0\Partition1
21:05:12.0196 0600  \Device\Harddisk0\DR0\Partition1 - ok
21:05:12.0219 0600  [ D70CB064FD1E21C7F8D8B09D0FDA25BA ] \Device\Harddisk0\DR0\Partition2
21:05:12.0221 0600  \Device\Harddisk0\DR0\Partition2 - ok
21:05:12.0227 0600  [ 5EAE5EFA61127A804209F102F686B402 ] \Device\Harddisk3\DR3\Partition1
21:05:12.0229 0600  \Device\Harddisk3\DR3\Partition1 - ok
21:05:12.0237 0600  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk4\DR4\Partition1
21:05:12.0237 0600  \Device\Harddisk4\DR4\Partition1 - ok
21:05:12.0246 0600  [ 90C20013E9CD4AA704DC449C8B9DF7FF ] \Device\Harddisk4\DR4\Partition2
21:05:12.0249 0600  \Device\Harddisk4\DR4\Partition2 - ok
21:05:12.0256 0600  [ BF35985939DF9B8D98FD4BA62E4EC442 ] \Device\Harddisk5\DR5\Partition1
21:05:12.0259 0600  \Device\Harddisk5\DR5\Partition1 - ok
21:05:12.0260 0600  ============================================================
21:05:12.0260 0600  Scan finished
21:05:12.0260 0600  ============================================================
21:05:12.0280 3812  Detected object count: 8
21:05:12.0280 3812  Actual detected object count: 8
21:06:01.0433 3812  AODService ( UnsignedFile.Multi.Generic ) - skipped by user
21:06:01.0433 3812  AODService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:06:01.0436 3812  CTDevice_Srv ( UnsignedFile.Multi.Generic ) - skipped by user
21:06:01.0436 3812  CTDevice_Srv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:06:01.0439 3812  CTUPnPSv ( UnsignedFile.Multi.Generic ) - skipped by user
21:06:01.0440 3812  CTUPnPSv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:06:01.0443 3812  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user
21:06:01.0443 3812  EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:06:01.0446 3812  HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
21:06:01.0446 3812  HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:06:01.0449 3812  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
21:06:01.0449 3812  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:06:01.0452 3812  PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:06:01.0452 3812  PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:06:01.0455 3812  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
21:06:01.0455 3812  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 18.10.2012, 20:56

Zitat:

Irgendwelche Erfahrungen mit Win98-Programmen unter VirtualBox?

Nein, aber bisher lief jedes Windows super in VirtualBox

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

DerPhish · 18.10.2012, 22:29

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-10-18.03 - **** 18.10.2012  22:45:41.2.3 - x64
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.49.1031.18.4095.2301 [GMT 2:00]
ausgeführt von:: c:\users\****\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-18 bis 2012-10-18  ))))))))))))))))))))))))))))))
.
.
2012-10-18 20:58 . 2012-10-18 20:58	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-10-18 20:58 . 2012-10-18 20:58	--------	d-----w-	c:\users\******\AppData\Local\temp
2012-10-18 20:58 . 2012-10-18 20:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-18 20:42 . 2012-10-18 20:43	--------	d-----w-	C:\32788R22FWJFW
2012-10-18 16:35 . 2012-10-18 16:35	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FFB154DB-EFF8-479C-9930-81DEED34638D}\offreg.dll
2012-10-18 16:12 . 2012-10-12 07:19	9291768	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{FFB154DB-EFF8-479C-9930-81DEED34638D}\mpengine.dll
2012-10-18 16:06 . 2012-10-18 16:06	--------	d-----w-	c:\program files\HashTab Shell Extension
2012-10-18 06:56 . 2012-10-18 06:55	150392	----a-w-	c:\windows\junction.exe
2012-10-10 06:49 . 2012-09-13 13:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-10 06:49 . 2012-09-13 13:28	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-10-10 06:48 . 2012-06-02 00:20	1268736	----a-w-	c:\windows\system32\crypt32.dll
2012-10-10 06:48 . 2012-06-02 00:20	174592	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-10 06:48 . 2012-06-02 00:20	132096	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-10 06:48 . 2012-06-02 00:02	985088	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-10-10 06:48 . 2012-06-02 00:02	98304	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-10-10 06:48 . 2012-06-02 00:02	133120	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-10-10 06:48 . 2012-08-24 16:07	218624	----a-w-	c:\windows\system32\wintrust.dll
2012-10-10 06:48 . 2012-08-24 15:53	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-10-10 06:47 . 2012-08-29 11:40	4699520	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-10-04 21:40 . 2012-10-04 21:40	--------	d-----w-	c:\programdata\DesktopIcons
2012-10-04 21:26 . 2012-10-04 21:26	--------	d-----w-	c:\program files\WEB.DE MailCheck
2012-10-04 21:26 . 2012-10-04 21:40	--------	d-----w-	c:\program files (x86)\WEB.DE MailCheck
2012-10-04 21:26 . 2012-10-04 21:26	--------	d-----w-	c:\programdata\1&1 Mail & Media GmbH
2012-10-04 21:26 . 2012-10-04 21:26	--------	d-----w-	c:\programdata\UUdb
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 06:49 . 2006-11-02 12:35	65309168	----a-w-	c:\windows\system32\mrt.exe
2012-09-19 23:06 . 2009-07-26 12:20	298280	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-09-19 23:06 . 2009-03-02 10:44	298280	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-09-16 21:11 . 2009-03-02 10:44	298280	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-09-12 23:44 . 2012-09-15 14:04	17936	----a-w-	c:\windows\system32\nitrolocalui2.dll
2012-09-12 23:44 . 2012-09-15 14:04	29712	----a-w-	c:\windows\system32\nitrolocalmon2.dll
2012-09-07 15:04 . 2012-03-07 15:59	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-29 21:44 . 2012-08-29 21:44	110592	----a-w-	c:\program files\setup.exe
2012-08-28 18:24 . 2012-06-23 08:43	477168	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-08-28 18:24 . 2010-07-26 22:44	473072	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-08-22 21:51 . 2009-03-02 10:44	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-08-21 11:01 . 2012-09-14 00:21	33240	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 11:01 . 2011-08-23 09:12	125872	----a-w-	c:\windows\system32\GEARAspi64.dll
2012-08-21 11:01 . 2011-08-23 09:12	106928	----a-w-	c:\windows\SysWow64\GEARAspi.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}]
2012-10-04 12:03	1661576	----a-w-	c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{C424171E-592A-415a-9EB1-DFD6D95D3530}"= "c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll" [2012-10-04 1661576]
.
[HKEY_CLASSES_ROOT\clsid\{c424171e-592a-415a-9eb1-dfd6d95d3530}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\****\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\****\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	94208	----a-w-	c:\users\****\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoftAuto.exe"="c:\program files (x86)\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Remote Control Editor"="c:\program files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" [2010-06-09 1689088]
"WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"V0400Mon.exe"="c:\windows\V0400Mon.exe" [2007-08-22 28672]
"NUSB3MON"="c:\program files (x86)\CalDigit\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-11-19 128352]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-19 348664]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"PMSpeed"="c:\program files (x86)\Presto_PageManager_9\PMSpeed.EXE" [2009-12-04 112464]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"MailCheck IE Broker"="c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe" [2012-10-04 1459848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 !SASCORE;SAS Core Service;c:\users\****\Desktop\Virenscan\SASCORE64.EXE [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 05670689
*NewlyCreated* - AODDRIVER
*Deregistered* - 05670689
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}]
2012-10-04 11:59	2122888	----a-w-	c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{C424171E-592A-415a-9EB1-DFD6D95D3530}"= "c:\program files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll" [2012-10-04 2122888]
.
[HKEY_CLASSES_ROOT\CLSID\{C424171E-592A-415a-9EB1-DFD6D95D3530}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58	97792	----a-w-	c:\users\****\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"RtHDVCpl"="RAVCpl64.exe" [2008-05-13 6293504]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-09-29 110360]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2008-05-24 26448]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = 
uInternet Settings,ProxyOverride = *.local
Trusted Zone: heise.de\www
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{348FDDCC-286F-4EE8-8D63-E52199428218}: NameServer = 192.168.2.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\****\AppData\Roaming\Mozilla\Firefox\Profiles\sd6qyevz.default\
FF - prefs.js: browser.search.selectedEngine - WEB.DE Suche
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
AddRemove-End of Nations Beta - x:\hd system tray\Individuals\End_of_Nations\End of Nations Beta\eon-uninstall.exe
AddRemove-MINERVA: Metastasis - c:\progra~2\Steam\STEAMA~1\SOURCE~1\METAST~1\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va010]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va010"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:6c,3e,7c,c1,66,1e,cd,01
.
[HKEY_USERS\S-1-5-21-1942734557-2161052330-659072145-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:c5,c2,fe,4a,5f,ca,ae,a2,22,dd,ab,40,f0,f2,02,27,43,a5,d9,4e,c5,e2,cc,
   af,c5,70,2f,b7,ec,2a,fe,e7,a3,72,81,80,1a,88,f2,c5,04,6e,ff,a9,f3,5b,ed,d3,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-1942734557-2161052330-659072145-1000\Software\SecuROM\License information*]
"datasecu"=hex:5c,6c,c5,1a,18,8d,99,eb,3d,9c,b7,b1,c0,eb,15,a0,d3,f2,ab,75,e5,
   f9,3e,38,18,4b,00,7d,c0,36,53,84,e8,ce,8c,7c,bf,d9,1e,15,60,52,7f,63,2a,23,\
"rkeysecu"=hex:cd,a9,dc,1f,32,13,15,4b,64,9a,69,d6,74,9b,11,1f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2012-10-18  23:01:40
ComboFix-quarantined-files.txt  2012-10-18 21:01
ComboFix2.txt  2012-03-12 19:48
.
Vor Suchlauf: 16 Verzeichnis(se), 191.470.346.240 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 191.412.453.376 Bytes frei
.
- - End Of File - - B1311D855850CDBE0E9B02317426B785

--- --- ---

cosinus · 19.10.2012, 10:01

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

DerPhish · 19.10.2012, 23:06

Oh Mann, ich stelle mich vielleicht dämlich an. Ich habe GMER runtergeladen, alle Programme gestoppt, den Virenscanner augeschaltet, LAN abgezogen, GMER gestartet. Dann war da noch die Frage: welche Laufwerke sollen gescannt werden. Dachte mir, schad nix, lass ich alle scannen. Denken soll man halt bleiben lassen, wenn man von der Sache nix versteht. Jedenfalls blieb GMER bei der Log Erstellung hängen. Dabei war das Log voll mit Einträgen von einer der sekundären Platten (H:/ oder X:/, ich kann's nicht mehr sagen).

Also GMER gekillt, nochmal gestartet. Diesmal nur C:/ und D:/ angehakt (die beiden Bootpartitionen). Ergebnis: GMER berichtete, dass keine veränderten Dateien gefunden wurden. Das Log war komplett leer. An der Stelle fiel mir ein, dass man ja nach jedem Scan einen Neustart machen soll.

Also Neustart, noch einmal C:/ und D:/ gescannt. Wieder fand GMER keine veränderten Einträge. Noch ein Scan, diesmal über die übrigen Platten. Gleiches Ergebnis, nichts gefunden. An der Stelle fiel mir ein, dass ich diesmal vergessen hatte, den Virenscanner auszuschalten. Autsch.

Jetzt mache ich erstmal mit OSAM weiter.

----- (Später) -----------

Tja, das war jetzt auch nicht der ganz große Erfolg. Ich habe alles so nachvollzogen, wie unter http://www.trojaner-board.de/84180-a...n-manager.html beschrieben. Jedoch kam nach dem letzten "Next" eine Nachricht, nciht alle Dateien seien schon im Labor überprüft worden, ob ich die noch nicht geprüften einsenden will. Habe ich natürlich auf ja geklickt. Danach ging das Fenster zu. Wenn ich dann aber auf "SaveLog" Klicke, passiert rein gar nichts. Jedenfalls kann ich kein SaveLog finden. Ich habe den Vorgang wiederholt, gleicher Verlauf.

Weiter mit aswMBR

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-20 00:41:51
-----------------------------
00:41:51.492    OS Version: Windows x64 6.0.6002 Service Pack 2
00:41:51.492    Number of processors: 3 586 0x402
00:41:51.492    ComputerName: *****VISTA  UserName: ****
00:41:53.606    Initialize success
00:42:50.947    AVAST engine defs: 12101901
00:42:57.461    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-6
00:42:57.464    Disk 0 Vendor:   Size: 0MB BusType: 0
00:42:57.467    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
00:42:57.470    Disk 1 Vendor:   Size: 0MB BusType: 0
00:42:57.473    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-2
00:42:57.476    Disk 2 Vendor:   Size: 0MB BusType: 0
00:42:57.480    Disk 3  \Device\Harddisk3\DR3 -> \Device\00000080
00:42:57.483    Disk 3 Vendor:   Size: 0MB BusType: 0
00:42:57.487    Disk 4  \Device\Harddisk4\DR4 -> \Device\00000081
00:42:57.491    Disk 4 Vendor:   Size: 0MB BusType: 0
00:42:57.496    Disk 5  \Device\Harddisk5\DR5 -> \Device\00000084
00:42:57.500    Disk 5 Vendor:   Size: 0MB BusType: 0
00:42:57.505    Disk 6  \Device\Harddisk6\DR6 -> \Device\0000008e
00:42:57.510    Disk 6 Vendor:   Size: 0MB BusType: 0
00:42:57.517    Disk 7  \Device\Harddisk7\DR7 -> \Device\000000a7
00:42:57.525    Disk 7 Vendor:   Size: 0MB BusType: 0
00:42:57.542    Disk 1 MBR read successfully
00:42:57.549    Disk 1 MBR scan
00:42:57.559    Disk 1 Windows VISTA default MBR code
00:42:57.566    Disk 1 MBR hidden
00:42:57.574    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS       199996 MB offset 63
00:42:57.595    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS       410482 MB offset 409593856
00:42:57.625    Disk 1 scanning C:\Windows\system32\drivers
00:43:06.774    Service scanning
00:43:27.563    Modules scanning
00:43:27.574    Disk 1 trace - called modules:
00:43:27.590    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa8004a76ab0]<<sfsync04.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
00:43:27.598    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004a735d0]
00:43:27.604    3 CLASSPNP.SYS[fffffa6000dcbc33] -> nt!IofCallDriver -> [0xfffffa8004a7e780]
00:43:27.611    5 acpi.sys[fffffa60008f6fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004a62940]
00:43:27.617    \Driver\atapi[0xfffffa8003de2700] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004a76ab0
00:43:30.608    AVAST engine scan C:\Windows
00:43:35.774    AVAST engine scan C:\Windows\system32
00:47:12.069    AVAST engine scan C:\Windows\system32\drivers
00:47:28.214    AVAST engine scan C:\Users\****
00:59:58.384    AVAST engine scan C:\ProgramData
01:03:16.109    Scan finished successfully
01:24:12.269    Disk 1 MBR has been saved successfully to "C:\Users\****\Desktop\MBR.dat"
01:24:12.277    The log file has been saved successfully to "C:\Users\****\Desktop\aswMBR.txt"

Beobachtungen: Beim Starten heute morgen wollte Windows Update einen Definition Update for Windows Defender machen (Definition Update for Windows Defender - KB915597, Definition 1.139.124.0; Größe ist etwas ungewöhnlich, ca. 10 MB angezeigt). Der Update schlug fehl, Fehlercode 80070670 Unbekannter Fehler bei Windows Update. Das habe ich noch nie erlebt. Eine Opttion, die Installation erneut zu versuchen, gibt es nicht.

Rufe ich dann "Hilfe zu diesem Fehler" auf wird u.a. auch ein Link zum Windows Security Center angezeigt (Computer and Internet Security | Microsoft Safety & Security Center). Klicke ich darauf, öffnet sich IE9, aber die Adressleiste bleibt leer, der Zugriff erfolgt nicht. Ich muss die Adresse manuell einkopieren, dann lande ich aber auf der Haupseite des Windows Security Centers.

Wie gesagt, eine Beobachtung. Keine Ahnung ob signifikant, aber für alle Fälle

Wieso landet alles was ich jetzt schreibe eigentlich dauernd in meinem letzten Post?

Besonders übersichtlich ist das nicht

----------- 20.10.2012, 21:33

Ich nehme alles zurück, das passt schon so.

Ich habe gerade GMER nochmal nach allen Regeln der Kunst nur das C:/-Laufwerk scannen lassen, Ergebnis: Keine Modifikationen gefunden

18.10.2012, 10:07	#19
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Firefox zögert, Web.de Phishing Filter schlägt an Code: ATTFilter 64bit-Windows Vista Business Edition Warum Business Edition? Ist das ein Büro-/Firmen-PC? __________________ Logfiles bitte immer in CODE-Tags posten

18.10.2012, 12:29	#21
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Firefox zögert, Web.de Phishing Filter schlägt an Und was hat das bitte mit der Edititon zu tun? Auch ein HomePremium läuft auf einem NTFS-Dateisystem und es gibt auch keine künstliche Speicherplatzbegrenzung von 2 TB oder so - wo hast du diese Falschinformationen aufgeschnappt? __________________ --> Firefox zögert, Web.de Phishing Filter schlägt an

Firefox zögert, Web.de Phishing Filter schlägt an

Log-Analyse und Auswertung: Firefox zögert, Web.de Phishing Filter schlägt an