Avira Antivir findet JAVA/Agent.LP und JAVA/Kalika.D

arnto · 28.11.2012, 18:56

Hallo,
gestern Abend hat Avira Antivir während eines Voll-Systemchecks 11 Funde gemeldet. Der Systemcheck lief über Nacht weiter, ich habe ihn aber heute morgen nach 13 Stunden Laufzeit und erst 20% Fortschritt abgebrochen und die bisherigen Funde, JAVA/Kalika.D und JAVA/Agent.LP, in Quarantäne verschoben.
Danach habe ich Malwarebytes Anti-Malware frisch runtergeladen und installiert und ebenfalls einen vollständigen Suchlauf gestartet, dieser fand keine infizierten Objekte.

Ich habe eigentlich keine Symptome gemerkt, nur dass mein PC in letzter Zeit etwas langsamer war, hab das aber auf sein Alter geschoben.

Avira-Log:

Code:

ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 27. November 2012  17:57


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows Vista (TM) Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : Tizian
Computername   : TIZIAN-PC

Versionsinformationen:
BUILD.DAT      : 13.0.0.2832    48424 Bytes  20.11.2012 13:46:00
AVSCAN.EXE     : 13.4.0.294    639264 Bytes  26.11.2012 15:00:17
AVSCANRC.DLL   : 13.4.0.219     64800 Bytes  09.10.2012 13:49:58
LUKE.DLL       : 13.4.0.267     67360 Bytes  26.11.2012 15:00:24
AVSCPLR.DLL    : 13.4.0.271     93984 Bytes  26.11.2012 15:00:25
AVREG.DLL      : 13.4.0.267    245536 Bytes  26.11.2012 15:00:24
avlode.dll     : 13.4.0.294    426784 Bytes  26.11.2012 15:00:25
avlode.rdf     : 13.0.0.24       7196 Bytes  27.09.2012 10:30:38
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 14:50:29
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 14:50:31
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 14:50:34
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 14:50:36
VBASE004.VDF   : 7.11.26.44   4329472 Bytes  28.03.2012 14:50:37
VBASE005.VDF   : 7.11.34.116  4034048 Bytes  29.06.2012 14:42:40
VBASE006.VDF   : 7.11.41.250  4902400 Bytes  06.09.2012 14:42:40
VBASE007.VDF   : 7.11.50.230  3904512 Bytes  22.11.2012 19:15:14
VBASE008.VDF   : 7.11.50.231     2048 Bytes  22.11.2012 19:15:16
VBASE009.VDF   : 7.11.50.232     2048 Bytes  22.11.2012 19:15:16
VBASE010.VDF   : 7.11.50.233     2048 Bytes  22.11.2012 19:15:16
VBASE011.VDF   : 7.11.50.234     2048 Bytes  22.11.2012 19:15:16
VBASE012.VDF   : 7.11.50.235     2048 Bytes  22.11.2012 19:15:16
VBASE013.VDF   : 7.11.50.236     2048 Bytes  22.11.2012 19:15:16
VBASE014.VDF   : 7.11.51.27    133632 Bytes  23.11.2012 22:22:50
VBASE015.VDF   : 7.11.51.95    140288 Bytes  26.11.2012 15:00:15
VBASE016.VDF   : 7.11.51.96      2048 Bytes  26.11.2012 15:00:15
VBASE017.VDF   : 7.11.51.97      2048 Bytes  26.11.2012 15:00:15
VBASE018.VDF   : 7.11.51.98      2048 Bytes  26.11.2012 15:00:15
VBASE019.VDF   : 7.11.51.99      2048 Bytes  26.11.2012 15:00:15
VBASE020.VDF   : 7.11.51.100     2048 Bytes  26.11.2012 15:00:15
VBASE021.VDF   : 7.11.51.101     2048 Bytes  26.11.2012 15:00:15
VBASE022.VDF   : 7.11.51.102     2048 Bytes  26.11.2012 15:00:15
VBASE023.VDF   : 7.11.51.103     2048 Bytes  26.11.2012 15:00:15
VBASE024.VDF   : 7.11.51.104     2048 Bytes  26.11.2012 15:00:15
VBASE025.VDF   : 7.11.51.105     2048 Bytes  26.11.2012 15:00:15
VBASE026.VDF   : 7.11.51.106     2048 Bytes  26.11.2012 15:00:15
VBASE027.VDF   : 7.11.51.107     2048 Bytes  26.11.2012 15:00:15
VBASE028.VDF   : 7.11.51.108     2048 Bytes  26.11.2012 15:00:15
VBASE029.VDF   : 7.11.51.109     2048 Bytes  26.11.2012 15:00:15
VBASE030.VDF   : 7.11.51.110     2048 Bytes  26.11.2012 15:00:15
VBASE031.VDF   : 7.11.51.156    83968 Bytes  27.11.2012 16:34:02
Engineversion  : 8.2.10.204
AEVDF.DLL      : 8.1.2.10      102772 Bytes  19.09.2012 14:42:55
AESCRIPT.DLL   : 8.1.4.68      467324 Bytes  22.11.2012 19:15:22
AESCN.DLL      : 8.1.9.4       131445 Bytes  15.11.2012 16:05:16
AESBX.DLL      : 8.2.5.12      606578 Bytes  28.08.2012 16:58:06
AERDL.DLL      : 8.2.0.74      643445 Bytes  07.11.2012 15:40:03
AEPACK.DLL     : 8.3.0.40      815479 Bytes  12.11.2012 16:51:21
AEOFFICE.DLL   : 8.1.2.50      201084 Bytes  05.11.2012 15:32:22
AEHEUR.DLL     : 8.1.4.142    5566841 Bytes  22.11.2012 19:15:22
AEHELP.DLL     : 8.1.25.2      258423 Bytes  12.10.2012 15:52:32
AEGEN.DLL      : 8.1.6.10      438646 Bytes  15.11.2012 16:05:11
AEEXP.DLL      : 8.2.0.12      119158 Bytes  22.11.2012 19:15:23
AEEMU.DLL      : 8.1.3.2       393587 Bytes  19.09.2012 14:42:55
AECORE.DLL     : 8.1.29.2      201079 Bytes  07.11.2012 15:39:58
AEBB.DLL       : 8.1.1.4        53619 Bytes  05.11.2012 15:32:18
AVWINLL.DLL    : 13.4.0.163     25888 Bytes  19.09.2012 18:09:30
AVPREF.DLL     : 13.4.0.163     50464 Bytes  19.09.2012 18:07:51
AVREP.DLL      : 13.4.0.244    177952 Bytes  12.11.2012 22:50:44
AVARKT.DLL     : 13.4.0.292    260384 Bytes  26.11.2012 15:00:16
AVEVTLOG.DLL   : 13.4.0.267    167200 Bytes  26.11.2012 15:00:17
SQLITE3.DLL    : 3.7.0.1       397088 Bytes  19.09.2012 18:17:40
AVSMTP.DLL     : 13.4.0.163     62240 Bytes  19.09.2012 18:08:54
NETNT.DLL      : 13.4.0.163     15648 Bytes  19.09.2012 18:16:26
RCIMAGE.DLL    : 13.4.0.163   4780832 Bytes  19.09.2012 18:21:16
RCTEXT.DLL     : 13.4.0.163     68384 Bytes  19.09.2012 18:21:16

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, F:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Abweichende Gefahrenkategorien........: +JOKE,+PCK,+SPR,

Beginn des Suchlaufs: Dienstag, 27. November 2012  17:57

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'E:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'F:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'taskeng.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_110.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_5_502_110.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '136' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'mobsync.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'distnoted.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'APSDaemon.exe' - '83' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceHelper.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunes.exe' - '174' Modul(e) wurden durchsucht
Durchsuche Prozess 'CmUCReye.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'brccMCtl.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'netsession_win.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsScrPro.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'P4P.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'DMedia.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD2.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControlUser.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'MSASCui.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'WDC.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'KBFiltr.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ATKOSD.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACEngSvr.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'aspg.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACMON.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'BatteryLife.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'wcourier.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'HControl.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'ALU.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'MsgTranAgt.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'sensorsrv.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '145' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'AsGHost.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'wtgservice.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'spmgr.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'agrsmsvc.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'NvXDSync.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'GFNEXSrv.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'ASLDRSrv.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '99' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '157' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvvsvc.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '73' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2808' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <VistaOS>
    [0] Archivtyp: RSRC
    --> C:\Program Files\Dropbox\DropboxProxy.exe
        [1] Archivtyp: RSRC
      --> C:\Users\Tizian\AppData\Local\Temp\jre-6u18-windows-i586-iftw-rv.exe
          [2] Archivtyp: Runtime Packed
        --> C:\Users\Tizian\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
            [3] Archivtyp: Runtime Packed
          --> C:\Users\Tizian\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
              [4] Archivtyp: Runtime Packed
            --> C:\Users\Tizian\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
                [5] Archivtyp: Runtime Packed
              --> C:\Users\Tizian\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
                  [6] Archivtyp: Runtime Packed
                --> C:\Users\Tizian\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
                    [7] Archivtyp: Runtime Packed
                  --> C:\Users\Tizian\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
                      [8] Archivtyp: Runtime Packed
                    --> C:\Users\Tizian\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
                        [9] Archivtyp: Runtime Packed
                      --> C:\Users\Tizian\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
                          [10] Archivtyp: Runtime Packed
                        --> C:\Users\Tizian\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
                            [11] Archivtyp: Runtime Packed
                          --> C:\Users\Tizian\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
                              [12] Archivtyp: Runtime Packed
                            --> C:\Users\Tizian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\3297880f-7069a179
                                [13] Archivtyp: ZIP
                              --> Akiuc.class
                                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Kalika.E
                                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
                              --> Bazanas.class
                                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Kalika.G
                                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
                              --> Chena.class
                                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Kalika.F
                                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
                              --> Hanuka.class
                                  [FUND]      Enthält Erkennungsmuster des Exploits EXP/0507.DA
                                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
                              --> Ini.class
                                  [FUND]      Enthält Erkennungsmuster des Exploits EXP/0507.CZ
                                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
                              --> Letstat.class
                                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Kalika.D
                                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Tizian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\3297880f-7069a179
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Kalika.D
                            --> C:\Users\Tizian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\27ef2d92-5cf2f82f
                                [13] Archivtyp: ZIP
                              --> hw.class
                                  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-4681.X
                                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
                              --> juqirvs.class
                                  [FUND]      Enthält Erkennungsmuster des Exploits EXP/2012-4681.Y
                                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
                              --> w.class
                                  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.LP
                                  [WARNUNG]   Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\Tizian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\27ef2d92-5cf2f82f
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.LP

Beginne mit der Desinfektion:
C:\Users\Tizian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\27ef2d92-5cf2f82f
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.LP
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56240f91.qua' verschoben!
C:\Users\Tizian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\3297880f-7069a179
  [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Kalika.D
  [HINWEIS]   Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4f472031.qua' verschoben!


Ende des Suchlaufs: Mittwoch, 28. November 2012  07:15
Benötigte Zeit: 13:17:33 Stunde(n)

Der Suchlauf wurde abgebrochen!

  15654 Verzeichnisse wurden überprüft
 473417 Dateien wurden geprüft
     11 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      2 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 473406 Dateien ohne Befall
  10377 Archive wurden durchsucht
      9 Warnungen
      2 Hinweise
 819135 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden

Ich hoffe ich habe alles nötige angegeben.
Was muss ich jetzt tun?
Vielen Dank schon mal im vorraus!

cosinus · 30.11.2012, 12:30

Hallo und

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Mach bitte einen CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

msconfig
netsvcs
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMROOT%\system32\drivers\*.sys /lockedfiles
%SYSTEMROOT%\System32\config\*.sav
%SYSTEMROOT%\*. /mp /s
%SYSTEMROOT%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

arnto · 01.12.2012, 14:52

Danke dass du dich meinem Problem annimmst

Hier der OTL-Log

Code:

ATTFilter

OTL logfile created on: 01.12.2012 13:48:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tizian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 43,26% Memory free
6,19 Gb Paging File | 4,43 Gb Available in Paging File | 71,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 16,80 Gb Free Space | 11,27% Space Free | Partition Type: NTFS
Drive D: | 149,04 Gb Total Space | 7,82 Gb Free Space | 5,25% Space Free | Partition Type: NTFS
Drive E: | 139,28 Gb Total Space | 45,00 Gb Free Space | 32,31% Space Free | Partition Type: NTFS
Drive F: | 149,04 Gb Total Space | 122,28 Gb Free Space | 82,05% Space Free | Partition Type: NTFS
Drive G: | 3,69 Gb Total Space | 3,69 Gb Free Space | 100,00% Space Free | Partition Type: FAT32
 
Computer Name: TIZIAN-PC | User Name: Tizian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.01 13:46:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tizian\Desktop\OTL.exe
PRC - [2012.11.26 16:00:24 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.11.26 16:00:17 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.11.26 16:00:17 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.21 01:12:17 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.11.11 17:53:13 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Tizian\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.09.19 19:20:40 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.04.04 21:56:15 | 000,330,696 | ---- | M] () -- C:\Program Files\Verbindungsassistent\wtgservice.exe
PRC - [2010.12.21 00:07:48 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010.10.08 01:03:40 | 000,792,168 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010.10.08 00:03:46 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.01.02 22:09:41 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.15 11:29:00 | 007,651,328 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2008.07.15 11:22:46 | 000,217,088 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\HControl.exe
PRC - [2008.07.09 17:09:26 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008.06.24 19:01:08 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2008.06.23 20:16:24 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008.06.19 12:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
PRC - [2008.06.17 22:10:34 | 000,424,504 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\smartlogon.exe
PRC - [2008.06.17 22:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008.06.13 06:52:52 | 006,183,456 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.06.03 17:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2008.04.10 11:32:18 | 000,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.25 18:32:38 | 000,778,240 | ---- | M] () -- C:\Program Files\P4P\P4P.exe
PRC - [2008.01.23 10:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\WDC.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.11 22:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2007.11.30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.11.04 19:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
PRC - [2007.10.02 21:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.08.15 11:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2007.08.08 00:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007.08.03 12:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007.07.05 16:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007.02.06 18:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
PRC - [2006.12.19 11:04:30 | 000,241,664 | ---- | M] () -- C:\Windows\CmUCREye.exe
PRC - [2005.07.06 15:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.21 01:12:17 | 002,400,224 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.11.11 17:53:12 | 014,586,808 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2012.01.08 14:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.10.27 01:06:44 | 000,057,344 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_02.dll
MOD - [2008.04.10 11:25:54 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
MOD - [2008.01.25 18:32:38 | 000,778,240 | ---- | M] () -- C:\Program Files\P4P\P4P.exe
MOD - [2008.01.11 22:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
MOD - [2007.11.30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
MOD - [2007.11.12 15:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll
MOD - [2006.12.19 11:04:30 | 000,241,664 | ---- | M] () -- C:\Windows\CmUCREye.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.26 16:00:24 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.11.26 16:00:17 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.21 01:12:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.12 19:44:31 | 004,539,712 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012.11.11 17:53:13 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.30 15:34:54 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.04.04 21:56:15 | 000,330,696 | ---- | M] () [Auto | Running] -- C:\Program Files\Verbindungsassistent\wtgservice.exe -- (WTGService)
SRV - [2010.10.08 00:03:46 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007.10.02 21:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2007.08.08 00:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007.08.03 12:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007.02.06 18:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006.06.21 11:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll -- (ASChannel)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\udfpt.sys -- (udfpt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2012.11.13 18:05:22 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.11.13 18:05:20 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.11.13 18:05:12 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011.12.20 18:46:48 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2011.05.10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.03.18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2011.03.16 18:26:16 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.10.08 09:38:00 | 010,055,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.09.07 21:08:56 | 000,123,496 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.03.12 19:36:47 | 000,013,312 | ---- | M] (Topfield (visit www.topfield.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TfBulk.SYS -- (TfBulk)
DRV - [2009.05.28 22:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008.07.24 11:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.06.03 07:41:52 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008.05.29 10:21:02 | 000,015,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
DRV - [2008.05.02 06:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.03.21 05:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.15 17:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.02.05 08:52:24 | 000,206,464 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etFilter.sys -- (FiltUSBET)
DRV - [2008.01.31 12:18:58 | 000,006,528 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etScan.sys -- (ScanUSBET)
DRV - [2007.12.18 17:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.09.06 09:43:50 | 000,474,624 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etDevice.sys -- (DCamUSBET)
DRV - [2007.08.03 05:26:22 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 10:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.24 11:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007.06.16 21:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007.01.26 00:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2007.01.26 00:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2007.01.25 23:45:02 | 000,006,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\whfltr2k.sys -- (whfltr2k)
DRV - [2007.01.12 11:20:38 | 000,093,056 | ---- | M] (C-Media Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmiucr.SYS -- (CMISTOR)
DRV - [2006.12.14 08:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.02 08:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2005.02.23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3697480073-924179132-2046094984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKU\S-1-5-21-3697480073-924179132-2046094984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com
IE - HKU\S-1-5-21-3697480073-924179132-2046094984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3697480073-924179132-2046094984-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3697480073-924179132-2046094984-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-3697480073-924179132-2046094984-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3697480073-924179132-2046094984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3697480073-924179132-2046094984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.0.4
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: optout%40google.com:1.5
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.type: 2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Tizian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.23 01:15:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.21 01:12:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.21 01:12:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.09 20:14:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.09 20:14:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.21 01:12:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.21 01:12:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.09 20:14:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.09 20:14:35 | 000,000,000 | ---D | M]
 
[2010.01.03 18:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tizian\AppData\Roaming\mozilla\Extensions
[2010.01.03 18:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tizian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.11.25 21:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tizian\AppData\Roaming\mozilla\Firefox\Profiles\t7cbvakk.default\extensions
[2012.11.25 11:27:03 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Tizian\AppData\Roaming\mozilla\Firefox\Profiles\t7cbvakk.default\extensions\foxyproxy@eric.h.jung
[2012.11.11 15:14:43 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Tizian\AppData\Roaming\mozilla\Firefox\Profiles\t7cbvakk.default\extensions\https-everywhere@eff.org
[2012.09.18 18:00:13 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Tizian\AppData\Roaming\mozilla\Firefox\Profiles\t7cbvakk.default\extensions\ich@maltegoetz.de
[2012.03.01 00:28:24 | 000,008,363 | ---- | M] () (No name found) -- C:\Users\Tizian\AppData\Roaming\mozilla\firefox\profiles\t7cbvakk.default\extensions\optout@google.com.xpi
[2012.06.14 23:34:01 | 000,150,579 | ---- | M] () (No name found) -- C:\Users\Tizian\AppData\Roaming\mozilla\firefox\profiles\t7cbvakk.default\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}.xpi
[2012.11.25 21:33:27 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Tizian\AppData\Roaming\mozilla\firefox\profiles\t7cbvakk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.23 20:21:37 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Tizian\AppData\Roaming\mozilla\firefox\profiles\t7cbvakk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.21 01:12:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.11.21 01:12:17 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.21 02:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 01:22:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 02:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 02:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 02:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 02:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-3697480073-924179132-2046094984-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cmiboot] C:\Windows\cmiboot.exe ()
O4 - HKLM..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule File not found
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe ()
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\P4P\P4P.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TQ566808] "G:\Setup.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3697480073-924179132-2046094984-1000..\Run: [Akamai NetSession Interface] C:\Users\Tizian\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3697480073-924179132-2046094984-1000..\Run: [Facebook Update] C:\Users\Tizian\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3697480073-924179132-2046094984-1000..\Run: [feedreader.exe] "C:\Program Files\FeedReader30\feedreader.exe" File not found
O4 - HKU\S-1-5-21-3697480073-924179132-2046094984-1000..\Run: [ICQ] "C:\Program Files\ICQ7.6\ICQ.exe" silent loginmode=4 File not found
O4 - HKU\S-1-5-21-3697480073-924179132-2046094984-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - Startup: C:\Users\Tizian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Tizian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DC10D93-B091-4C2A-8B80-D634544A7DD7}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BA5FB99-DEAB-4543-B78A-668B9B339DBE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74149986-C08B-4789-B578-84A12145872F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDF75958-2D79-46EC-8D26-2CE73B04AF0B}: DhcpNameServer = 10.129.32.1 10.111.81.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tizian\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Tizian\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2683b630-a0a2-11df-8f27-002354a12743}\Shell - "" = AutoRun
O33 - MountPoints2\{2683b630-a0a2-11df-8f27-002354a12743}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{2683b632-a0a2-11df-8f27-002354a12743}\Shell - "" = AutoRun
O33 - MountPoints2\{2683b632-a0a2-11df-8f27-002354a12743}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{675dbc40-31e5-11df-8f98-002354a12743}\Shell\Auto\command - "" = Windows.scr
O33 - MountPoints2\{675dbc40-31e5-11df-8f98-002354a12743}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr
O33 - MountPoints2\{83a32a8a-0db8-11df-87de-002354a12743}\Shell - "" = AutoRun
O33 - MountPoints2\{83a32a8a-0db8-11df-87de-002354a12743}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{83a32a9b-0db8-11df-87de-002354a12743}\Shell - "" = AutoRun
O33 - MountPoints2\{83a32a9b-0db8-11df-87de-002354a12743}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{902ac641-d2c0-11df-a16f-002354a12743}\Shell - "" = AutoRun
O33 - MountPoints2\{902ac641-d2c0-11df-a16f-002354a12743}\Shell\AutoRun\command - "" = H:\pushinst.exe
O33 - MountPoints2\{92e7736c-f81c-11de-9974-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{92e7736c-f81c-11de-9974-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{a62b3a26-0d0b-11df-8930-002354a12743}\Shell - "" = AutoRun
O33 - MountPoints2\{a62b3a26-0d0b-11df-8930-002354a12743}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{d027c166-a62d-11e0-9c3a-002354a12743}\Shell - "" = AutoRun
O33 - MountPoints2\{d027c166-a62d-11e0-9c3a-002354a12743}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{ed4bed55-28f3-11df-9a5c-002354a12743}\Shell\AutoRun\command - "" = H:\StartPortableApps.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
MsConfig - StartUpFolder: C:^Users^Tizian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Tizian\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpFolder: C:^Users^Tizian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -  - File not found
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: AVMWlanClient - hkey= - key= - C:\Program Files\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: rfxsrvtray - hkey= - key= -  File not found
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: WheelMouse - hkey= - key= - C:\Advanced Wheel Mouse\wh_exec.exe ()
MsConfig - State: "startup" - 2
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (Open Source)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIV3 - C:\Windows\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.DIV4 - C:\Windows\System32\DivXc32f.dll (Hacked with Joy !)
Drivers32: vidc.DIVF - C:\Windows\System32\DivX412.dll (DivXNetworks, Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.HFYU - C:\Windows\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: VIDC.VIFP - C:\Windows\System32\VFCodec.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvid.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: wave2 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.01 13:46:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tizian\Desktop\OTL.exe
[2012.11.29 22:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.11.29 22:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.11.29 22:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.11.29 22:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.11.28 07:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.28 07:40:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.28 07:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.21 01:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.11.17 01:42:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.09 20:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.11.09 20:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012.11.05 19:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.11.05 19:23:11 | 000,000,000 | ---D | C] -- C:\Users\Tizian\AppData\Roaming\pdfforge
[2012.11.05 19:23:08 | 000,086,528 | ---- | C] (pdfforge GbR) -- C:\Windows\System32\pdfcmon.dll
[2012.11.05 19:23:06 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2012.11.04 12:57:51 | 000,000,000 | ---D | C] -- C:\Users\Tizian\Documents\rndm
[2012.11.03 14:47:37 | 000,000,000 | ---D | C] -- C:\Users\Tizian\AppData\Roaming\Avira
[2012.11.03 14:42:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.11.03 14:42:02 | 000,133,824 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.11.03 14:42:02 | 000,083,432 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.11.03 14:42:02 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.11.03 14:42:02 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.11.03 14:41:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.11.03 14:41:55 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.01 13:46:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tizian\Desktop\OTL.exe
[2012.12.01 13:34:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.01 13:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.01 13:05:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.01 12:51:03 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.12.01 12:50:57 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.01 12:47:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.01 12:47:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.01 12:47:18 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.30 21:09:03 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3697480073-924179132-2046094984-1000UA.job
[2012.11.30 01:57:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.11.29 23:29:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3697480073-924179132-2046094984-1000Core.job
[2012.11.29 22:51:18 | 000,001,671 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.28 07:40:37 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.25 21:38:35 | 000,250,339 | ---- | M] () -- C:\Users\Tizian\Desktop\IMG_0821.JPG
[2012.11.25 21:38:13 | 000,224,987 | ---- | M] () -- C:\Users\Tizian\Desktop\IMG_0820.JPG
[2012.11.25 21:21:00 | 000,007,916 | ---- | M] () -- C:\Users\Tizian\AppData\Local\d3d9caps.dat
[2012.11.25 21:11:23 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.11.25 21:11:23 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.25 21:11:23 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.11.25 21:11:23 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.17 18:31:18 | 000,336,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.13 18:05:22 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.11.13 18:05:20 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.11.13 18:05:12 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.11.10 13:57:10 | 000,108,065 | ---- | M] () -- C:\Users\Tizian\Desktop\congstar.JPG
[2012.11.06 00:17:33 | 000,008,334 | ---- | M] () -- C:\Users\Tizian\.recently-used.xbel
[2012.11.05 20:46:32 | 000,085,504 | ---- | M] () -- C:\Users\Tizian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.05 19:26:29 | 000,329,538 | ---- | M] () -- C:\Users\Tizian\Documents\Immatrikulation_Tizian_Dekorsy.pdf
[2012.11.05 19:23:13 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.11.05 19:23:12 | 000,000,835 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.11.03 14:42:10 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.29 22:51:18 | 000,001,671 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.28 07:40:02 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.25 21:41:16 | 000,224,987 | ---- | C] () -- C:\Users\Tizian\Desktop\IMG_0820.JPG
[2012.11.25 21:41:15 | 000,250,339 | ---- | C] () -- C:\Users\Tizian\Desktop\IMG_0821.JPG
[2012.11.10 13:57:08 | 000,108,065 | ---- | C] () -- C:\Users\Tizian\Desktop\congstar.JPG
[2012.11.06 00:17:33 | 000,008,334 | ---- | C] () -- C:\Users\Tizian\.recently-used.xbel
[2012.11.05 19:26:28 | 000,329,538 | ---- | C] () -- C:\Users\Tizian\Documents\Immatrikulation_Tizian_Dekorsy.pdf
[2012.11.05 19:23:13 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\PDFArchitect.lnk
[2012.11.05 19:23:12 | 000,000,835 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.11.03 14:42:10 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.29 09:58:41 | 000,060,304 | ---- | C] () -- C:\Users\Tizian\g2mdlhlpx.exe
[2011.06.22 21:02:56 | 000,001,434 | ---- | C] () -- C:\Users\Tizian\AppData\Local\RecConfig.xml
[2011.03.16 21:15:05 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2011.02.06 20:39:29 | 000,019,456 | ---- | C] () -- C:\Users\Tizian\AppData\Local\WebpageIcons.db
[2010.12.27 20:30:41 | 000,000,078 | ---- | C] () -- C:\Windows\Altair_1.250.INI
[2010.12.04 16:18:04 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.12.04 16:15:24 | 000,000,225 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.12.04 16:15:24 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.12.04 16:15:24 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd8460n.dat
[2010.12.04 16:11:14 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2010.12.04 16:11:14 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2010.12.04 16:11:13 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2010.12.04 16:11:12 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2010.12.04 16:11:12 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2010.01.08 16:13:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.04 19:14:46 | 000,177,150 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.01.04 19:13:33 | 000,177,150 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.01.03 18:13:41 | 000,085,504 | ---- | C] () -- C:\Users\Tizian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.02 21:25:14 | 000,007,916 | ---- | C] () -- C:\Users\Tizian\AppData\Local\d3d9caps.dat
[2008.07.01 19:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 09:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 22:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.07.08 08:35:02 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\.minecraft
[2010.05.15 14:18:07 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Thunderbird
[2012.03.14 18:59:20 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\.minecraft
[2012.08.29 23:37:54 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\.purple
[2011.06.22 23:05:58 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Cool Record Edit Pro
[2012.08.06 22:42:36 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Dropbox
[2012.11.23 17:41:09 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\DVDVideoSoft
[2012.07.17 21:05:44 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.11 07:21:39 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Feedreader
[2012.05.26 21:38:32 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\FileZilla
[2011.03.08 21:09:20 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\flightgear.org
[2011.06.22 23:04:27 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Free Sound Recorder
[2012.11.06 00:17:33 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\gtk-2.0
[2012.11.25 01:59:27 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\ICQ
[2011.10.07 22:52:25 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\iTSfv
[2011.09.09 20:42:58 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\mp3DirectCut
[2010.11.13 21:54:05 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Notepad++
[2010.01.08 23:04:06 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\OpenOffice.org
[2012.11.05 19:25:23 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\pdfforge
[2011.08.17 17:50:28 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\phonostar GmbH
[2010.10.18 19:50:38 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\PhotoScape
[2011.09.18 18:21:26 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\StreamTorrent
[2010.12.04 15:59:28 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\TeamViewer
[2010.01.03 18:43:59 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Thunderbird
[2012.08.20 12:34:17 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\TIPP10
[2012.02.19 03:33:35 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Tobit
[2011.03.16 18:34:31 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\TrueCrypt
[2011.08.17 20:09:34 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\TS3Client
[2011.04.04 21:56:14 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Verbindungsassistent
[2010.09.09 12:41:31 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.06.28 16:59:00 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.01.16 18:45:47 | 000,000,000 | ---D | M] -- C:\Advanced Wheel Mouse
[2010.01.02 22:19:21 | 000,000,000 | -H-D | M] -- C:\ASUS.SYS
[2010.08.12 17:21:14 | 000,000,000 | -HSD | M] -- C:\Boot
[2010.12.04 16:11:13 | 000,000,000 | ---D | M] -- C:\Brother
[2012.11.29 22:54:22 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.01.02 21:30:01 | 000,000,000 | ---D | M] -- C:\Intel
[2010.06.10 15:28:16 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.07.20 01:08:19 | 000,000,000 | ---D | M] -- C:\Nexon
[2010.10.19 23:06:33 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.11.29 22:50:31 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.11.29 22:50:20 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.12.01 13:51:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.05.15 14:14:15 | 000,000,000 | R--D | M] -- C:\Users
[2012.11.29 22:55:43 | 000,000,000 | ---D | M] -- C:\Windows
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.14 18:59:20 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\.minecraft
[2012.08.29 23:37:54 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\.purple
[2011.01.11 21:29:10 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Adobe
[2012.10.14 22:06:58 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Apple Computer
[2010.05.22 12:31:03 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\ArcSoft
[2012.11.03 14:47:37 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Avira
[2010.12.04 16:31:35 | 000,000,000 | R--D | M] -- C:\Users\Tizian\AppData\Roaming\Brother
[2011.06.22 23:05:58 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Cool Record Edit Pro
[2010.05.20 14:44:56 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\DivX
[2010.01.05 17:54:36 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Download Manager
[2012.08.06 22:42:36 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Dropbox
[2012.05.28 01:13:08 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\dvdcss
[2012.11.23 17:41:09 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\DVDVideoSoft
[2012.07.17 21:05:44 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.03.11 07:21:39 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Feedreader
[2012.05.26 21:38:32 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\FileZilla
[2011.03.08 21:09:20 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\flightgear.org
[2011.06.22 23:04:27 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Free Sound Recorder
[2012.11.06 00:17:33 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\gtk-2.0
[2012.11.25 01:59:27 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\ICQ
[2010.01.02 21:26:56 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Identities
[2010.01.02 21:38:32 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\InstallShield
[2011.10.07 22:52:25 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\iTSfv
[2010.01.02 22:09:44 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Macromedia
[2011.02.03 18:10:22 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Media Center Programs
[2011.06.22 22:20:59 | 000,000,000 | --SD | M] -- C:\Users\Tizian\AppData\Roaming\Microsoft
[2010.01.03 18:23:23 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Mozilla
[2011.09.09 20:42:58 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\mp3DirectCut
[2010.07.13 14:31:00 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\NCH Software
[2010.11.13 21:54:05 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Notepad++
[2010.01.08 23:04:06 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\OpenOffice.org
[2012.11.05 19:25:23 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\pdfforge
[2011.08.17 17:50:28 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\phonostar GmbH
[2010.10.18 19:50:38 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\PhotoScape
[2012.01.03 15:02:27 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Roxio
[2012.11.25 01:59:36 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Skype
[2011.06.20 18:36:59 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\skypePM
[2011.09.18 18:21:26 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\StreamTorrent
[2010.01.02 22:16:13 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Symantec
[2010.12.04 15:59:28 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\TeamViewer
[2010.01.03 18:43:59 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Thunderbird
[2012.08.20 12:34:17 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\TIPP10
[2012.02.19 03:33:35 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Tobit
[2011.03.16 18:34:31 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\TrueCrypt
[2011.08.17 20:09:34 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\TS3Client
[2011.04.04 21:56:14 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\Verbindungsassistent
[2012.11.16 23:35:38 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\vlc
[2010.09.09 12:41:31 | 000,000,000 | ---D | M] -- C:\Users\Tizian\AppData\Roaming\XMedia Recode
 
< %APPDATA%\*.exe /s >
[2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Tizian\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 19:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Tizian\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 19:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Tizian\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2007.11.27 07:41:32 | 000,405,504 | ---- | M] () -- C:\Users\Tizian\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe
[2009.01.14 11:09:12 | 000,120,264 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Tizian\AppData\Roaming\Verbindungsassistent\BackUp\Del_CD_ROM.exe
[2009.03.03 12:44:48 | 000,030,160 | ---- | M] () -- C:\Users\Tizian\AppData\Roaming\Verbindungsassistent\BackUp\InstallWTGService.exe
[2009.03.03 12:44:55 | 000,251,344 | ---- | M] () -- C:\Users\Tizian\AppData\Roaming\Verbindungsassistent\BackUp\OSU.exe
[2009.03.03 12:45:08 | 000,693,712 | ---- | M] () -- C:\Users\Tizian\AppData\Roaming\Verbindungsassistent\BackUp\Setup.exe
[2009.03.03 12:45:05 | 001,091,024 | ---- | M] () -- C:\Users\Tizian\AppData\Roaming\Verbindungsassistent\BackUp\Uninstaller.exe
[2009.03.03 12:44:52 | 007,009,744 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Users\Tizian\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent.exe
[2009.03.04 08:34:41 | 000,468,432 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Users\Tizian\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent_SMSMMS.exe
[2009.03.03 12:45:11 | 000,296,400 | ---- | M] () -- C:\Users\Tizian\AppData\Roaming\Verbindungsassistent\BackUp\WTGService.exe
[2009.03.03 12:45:15 | 000,243,152 | ---- | M] () -- C:\Users\Tizian\AppData\Roaming\Verbindungsassistent\BackUp\WTGVistaUtil.exe
 
< %SYSTEMROOT%\system32\drivers\*.sys /lockedfiles >
 
< %SYSTEMROOT%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %SYSTEMROOT%\*. /mp /s >
 
< %SYSTEMROOT%\system32\*.dll /lockedfiles >

< End of report >

arnto · 01.12.2012, 14:53

---

cosinus · 03.12.2012, 11:35

Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

arnto · 03.12.2012, 23:26

GMER hat wie erwartet mehrmals nicht funktioniert. Nachdem aswMBR auch abgestürzt ist, habe ich es ohne AV-Scan durchführen müssen:

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-03 23:21:19
-----------------------------
23:21:19.748    OS Version: Windows 6.0.6002 Service Pack 2
23:21:19.748    Number of processors: 2 586 0x1706
23:21:19.748    ComputerName: TIZIAN-PC  UserName: Tizian
23:21:20.856    Initialize success
23:21:26.596    AVAST engine defs: 12120300
23:21:38.016    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:21:38.016    Disk 0 Vendor: ST932032 0303 Size: 305245MB BusType: 3
23:21:38.016    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
23:21:38.016    Disk 1 Vendor: ST932032 0303 Size: 305245MB BusType: 3
23:21:38.047    Disk 0 MBR read successfully
23:21:38.047    Disk 0 MBR scan
23:21:38.047    Disk 0 unknown MBR code
23:21:38.062    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    10001 MB offset 63
23:21:38.078    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       152617 MB offset 20482875
23:21:38.078    Disk 0 Partition - 00     0F Extended LBA            142623 MB offset 333043515
23:21:38.125    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       142623 MB offset 333043578
23:21:38.140    Disk 0 scanning sectors +625137345
23:21:38.250    Disk 0 scanning C:\Windows\system32\drivers
23:21:53.772    Service scanning
23:22:20.869    Modules scanning
23:22:27.748    Disk 0 trace - called modules:
23:22:27.764    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 
23:22:27.764    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87a55ac8]
23:22:27.764    3 CLASSPNP.SYS[8b9a58b3] -> nt!IofCallDriver -> [0x8693eee0]
23:22:27.764    5 acpi.sys[806896bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86904028]
23:22:27.780    Scan finished successfully
23:22:50.727    Disk 0 MBR has been saved successfully to "C:\Users\Tizian\Desktop\MBR.dat"
23:22:50.743    The log file has been saved successfully to "C:\Users\Tizian\Desktop\aswMBR.txt"

cosinus · 04.12.2012, 12:27

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

arnto · 05.12.2012, 17:33

Hat alles geklappt, hier der Log:

Code:

ATTFilter

17:30:07.0627 5892  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:30:07.0861 5892  ============================================================
17:30:07.0861 5892  Current date / time: 2012/12/05 17:30:07.0861
17:30:07.0861 5892  SystemInfo:
17:30:07.0861 5892  
17:30:07.0861 5892  OS Version: 6.0.6002 ServicePack: 2.0
17:30:07.0861 5892  Product type: Workstation
17:30:07.0861 5892  ComputerName: TIZIAN-PC
17:30:07.0861 5892  UserName: Tizian
17:30:07.0861 5892  Windows directory: C:\Windows
17:30:07.0861 5892  System windows directory: C:\Windows
17:30:07.0861 5892  Processor architecture: Intel x86
17:30:07.0861 5892  Number of processors: 2
17:30:07.0861 5892  Page size: 0x1000
17:30:07.0861 5892  Boot type: Normal boot
17:30:07.0861 5892  ============================================================
17:30:08.0375 5892  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:30:08.0672 5892  Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x97695, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000050
17:30:08.0672 5892  ============================================================
17:30:08.0672 5892  \Device\Harddisk0\DR0:
17:30:08.0719 5892  MBR partitions:
17:30:08.0719 5892  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1388B3B, BlocksNum 0x12A14C00
17:30:08.0781 5892  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13D9D77A, BlocksNum 0x1168FF47
17:30:08.0781 5892  \Device\Harddisk1\DR1:
17:30:08.0781 5892  MBR partitions:
17:30:08.0781 5892  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A17000
17:30:08.0781 5892  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x12A17800, BlocksNum 0x12A17000
17:30:08.0781 5892  ============================================================
17:30:08.0843 5892  C: <-> \Device\Harddisk0\DR0\Partition1
17:30:08.0859 5892  D: <-> \Device\Harddisk1\DR1\Partition1
17:30:08.0937 5892  E: <-> \Device\Harddisk0\DR0\Partition2
17:30:09.0015 5892  F: <-> \Device\Harddisk1\DR1\Partition2
17:30:09.0015 5892  ============================================================
17:30:09.0015 5892  Initialize success
17:30:09.0015 5892  ============================================================
17:30:21.0620 3944  ============================================================
17:30:21.0620 3944  Scan started
17:30:21.0620 3944  Mode: Manual; SigCheck; TDLFS; 
17:30:21.0620 3944  ============================================================
17:30:23.0086 3944  ================ Scan system memory ========================
17:30:23.0086 3944  System memory - ok
17:30:23.0086 3944  ================ Scan services =============================
17:30:24.0038 3944  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
17:30:24.0194 3944  ACPI - ok
17:30:24.0365 3944  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:30:24.0381 3944  AdobeARMservice - ok
17:30:24.0443 3944  [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:30:24.0459 3944  AdobeFlashPlayerUpdateSvc - ok
17:30:24.0537 3944  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
17:30:24.0568 3944  adp94xx - ok
17:30:24.0615 3944  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
17:30:24.0631 3944  adpahci - ok
17:30:24.0662 3944  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
17:30:24.0677 3944  adpu160m - ok
17:30:24.0709 3944  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
17:30:24.0724 3944  adpu320 - ok
17:30:24.0755 3944  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:30:24.0880 3944  AeLookupSvc - ok
17:30:24.0943 3944  [ A7B8A3A79D35215D798A300DF49ED23F ] Afc             C:\Windows\system32\drivers\Afc.sys
17:30:24.0974 3944  Afc ( UnsignedFile.Multi.Generic ) - warning
17:30:24.0974 3944  Afc - detected UnsignedFile.Multi.Generic (1)
17:30:25.0099 3944  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
17:30:25.0161 3944  AFD - ok
17:30:25.0208 3944  [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
17:30:25.0255 3944  AgereModemAudio - ok
17:30:25.0317 3944  [ 1CFEBA39FC613E45B49D3EDDFBCDA289 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
17:30:25.0411 3944  AgereSoftModem - ok
17:30:25.0473 3944  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
17:30:25.0489 3944  agp440 - ok
17:30:25.0520 3944  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
17:30:25.0535 3944  aic78xx - ok
17:30:25.0957 3944  [ B9B98E08EC127900025F42462D3D0A66 ] Akamai          c:\program files\common files\akamai/netsession_win_ce5ba24.dll
17:30:25.0957 3944  Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
17:30:25.0972 3944  Akamai ( HiddenFile.Multi.Generic ) - warning
17:30:25.0972 3944  Akamai - detected HiddenFile.Multi.Generic (1)
17:30:26.0003 3944  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
17:30:26.0144 3944  ALG - ok
17:30:26.0191 3944  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
17:30:26.0206 3944  aliide - ok
17:30:26.0237 3944  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
17:30:26.0253 3944  amdagp - ok
17:30:26.0284 3944  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
17:30:26.0378 3944  amdide - ok
17:30:26.0409 3944  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
17:30:26.0456 3944  AmdK7 - ok
17:30:26.0471 3944  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
17:30:26.0518 3944  AmdK8 - ok
17:30:26.0612 3944  [ 07194A09DC27C99A2474251DE27F6E17 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:30:26.0627 3944  AntiVirSchedulerService - ok
17:30:26.0705 3944  [ F0964ECD283591E7686AF912298B9F39 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:30:26.0705 3944  AntiVirService - ok
17:30:26.0737 3944  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
17:30:26.0783 3944  Appinfo - ok
17:30:26.0877 3944  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:30:26.0877 3944  Apple Mobile Device - ok
17:30:26.0924 3944  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
17:30:26.0939 3944  arc - ok
17:30:26.0971 3944  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
17:30:26.0986 3944  arcsas - ok
17:30:27.0064 3944  [ 2EEDA27C19259C2340324EF7180D086B ] ASBroker        C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
17:30:27.0080 3944  ASBroker ( UnsignedFile.Multi.Generic ) - warning
17:30:27.0080 3944  ASBroker - detected UnsignedFile.Multi.Generic (1)
17:30:27.0111 3944  [ BB3C0521ECCA4BB17AC55EB640DF0FA5 ] ASChannel       C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll
17:30:27.0142 3944  ASChannel ( UnsignedFile.Multi.Generic ) - warning
17:30:27.0142 3944  ASChannel - detected UnsignedFile.Multi.Generic (1)
17:30:27.0173 3944  [ 5A055A4777CBBC8845DD598CB2EEBF69 ] ASLDRService    C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
17:30:27.0205 3944  ASLDRService ( UnsignedFile.Multi.Generic ) - warning
17:30:27.0205 3944  ASLDRService - detected UnsignedFile.Multi.Generic (1)
17:30:27.0205 3944  [ 7B4D08D2017AC06689D422E06C43F0AA ] ASMMAP          C:\Program Files\ATKGFNEX\ASMMAP.sys
17:30:27.0236 3944  ASMMAP - ok
17:30:27.0267 3944  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:30:27.0314 3944  AsyncMac - ok
17:30:27.0345 3944  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
17:30:27.0361 3944  atapi - ok
17:30:27.0376 3944  [ 7C157574A181B19B9DCF5F339E25337E ] ATKGFNEXSrv     C:\Program Files\ATKGFNEX\GFNEXSrv.exe
17:30:27.0392 3944  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - warning
17:30:27.0392 3944  ATKGFNEXSrv - detected UnsignedFile.Multi.Generic (1)
17:30:27.0454 3944  [ F70D2392158CB68E775F8C4CD3D12FBB ] ATSWPDRV        C:\Windows\system32\DRIVERS\ATSwpDrv.sys
17:30:27.0470 3944  ATSWPDRV - ok
17:30:27.0517 3944  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:30:27.0563 3944  AudioEndpointBuilder - ok
17:30:27.0579 3944  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
17:30:27.0610 3944  Audiosrv - ok
17:30:27.0626 3944  [ 680B3A1BE559B5D5AAC04C7949469DD6 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:30:27.0626 3944  avgntflt - ok
17:30:27.0673 3944  [ 6B289080B9752DAD39C1C2B98B479DCE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:30:27.0688 3944  avipbb - ok
17:30:27.0719 3944  [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:30:27.0735 3944  avkmgr - ok
17:30:27.0797 3944  [ 263CF9D248FD5E020A1333ED4F7EAA88 ] avmeject        C:\Windows\system32\drivers\avmeject.sys
17:30:27.0844 3944  avmeject ( UnsignedFile.Multi.Generic ) - warning
17:30:27.0844 3944  avmeject - detected UnsignedFile.Multi.Generic (1)
17:30:27.0875 3944  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:30:27.0907 3944  Beep - ok
17:30:27.0953 3944  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
17:30:28.0000 3944  BFE - ok
17:30:28.0125 3944  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
17:30:28.0234 3944  BITS - ok
17:30:28.0265 3944  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
17:30:28.0312 3944  blbdrive - ok
17:30:28.0375 3944  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:30:28.0421 3944  Bonjour Service - ok
17:30:28.0484 3944  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:30:28.0546 3944  bowser - ok
17:30:28.0593 3944  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
17:30:28.0640 3944  BrFiltLo - ok
17:30:28.0671 3944  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
17:30:28.0718 3944  BrFiltUp - ok
17:30:28.0733 3944  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
17:30:28.0780 3944  Browser - ok
17:30:28.0796 3944  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
17:30:28.0952 3944  Brserid - ok
17:30:28.0967 3944  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
17:30:29.0045 3944  BrSerWdm - ok
17:30:29.0061 3944  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
17:30:29.0139 3944  BrUsbMdm - ok
17:30:29.0170 3944  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
17:30:29.0248 3944  BrUsbSer - ok
17:30:29.0279 3944  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
17:30:29.0326 3944  BthEnum - ok
17:30:29.0373 3944  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
17:30:29.0451 3944  BTHMODEM - ok
17:30:29.0498 3944  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
17:30:29.0545 3944  BthPan - ok
17:30:29.0607 3944  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
17:30:29.0654 3944  BTHPORT - ok
17:30:29.0701 3944  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ         C:\Windows\System32\bthserv.dll
17:30:29.0732 3944  BthServ - ok
17:30:29.0763 3944  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
17:30:29.0810 3944  BTHUSB - ok
17:30:29.0857 3944  [ F2F7342742180D5060285499DEE50F99 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
17:30:29.0872 3944  btwaudio - ok
17:30:29.0888 3944  [ 32F59F26A30CFC508DA11DB3EA0F8B77 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
17:30:29.0903 3944  btwavdt - ok
17:30:29.0950 3944  [ 09CB316DB9D61ED9FC9A7B07A1A301F6 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
17:30:29.0981 3944  btwdins - ok
17:30:30.0013 3944  [ ECB98391C756A7B9CFBAE89D9D1235E1 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
17:30:30.0028 3944  btwl2cap - ok
17:30:30.0059 3944  [ 03658734EF7D0F3B3F4636D3E8A38964 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
17:30:30.0075 3944  btwrchid - ok
17:30:30.0106 3944  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:30:30.0200 3944  cdfs - ok
17:30:30.0231 3944  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:30:30.0278 3944  cdrom - ok
17:30:30.0325 3944  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
17:30:30.0340 3944  CertPropSvc - ok
17:30:30.0371 3944  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:30:30.0418 3944  circlass - ok
17:30:30.0481 3944  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
17:30:30.0496 3944  CLFS - ok
17:30:30.0637 3944  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:30:30.0668 3944  clr_optimization_v2.0.50727_32 - ok
17:30:30.0746 3944  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:30:30.0761 3944  clr_optimization_v4.0.30319_32 - ok
17:30:30.0808 3944  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:30:30.0855 3944  CmBatt - ok
17:30:30.0871 3944  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
17:30:30.0886 3944  cmdide - ok
17:30:30.0949 3944  [ 6D3E4427EF1FC562C4A1E0266843E470 ] CMISTOR         C:\Windows\system32\DRIVERS\cmiucr.SYS
17:30:30.0964 3944  CMISTOR - ok
17:30:30.0980 3944  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:30:30.0995 3944  Compbatt - ok
17:30:31.0011 3944  COMSysApp - ok
17:30:31.0011 3944  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
17:30:31.0027 3944  crcdisk - ok
17:30:31.0042 3944  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
17:30:31.0105 3944  Crusoe - ok
17:30:31.0183 3944  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:30:31.0245 3944  CryptSvc - ok
17:30:31.0307 3944  [ 699CE24FE6B5120AF709A0B91582A02D ] DCamUSBET       C:\Windows\system32\DRIVERS\etDevice.sys
17:30:31.0385 3944  DCamUSBET - ok
17:30:31.0463 3944  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:30:31.0526 3944  DcomLaunch - ok
17:30:31.0588 3944  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:30:31.0651 3944  DfsC - ok
17:30:31.0744 3944  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
17:30:31.0916 3944  DFSR - ok
17:30:31.0963 3944  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
17:30:31.0994 3944  Dhcp - ok
17:30:32.0072 3944  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
17:30:32.0087 3944  disk - ok
17:30:32.0150 3944  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:30:32.0197 3944  Dnscache - ok
17:30:32.0228 3944  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
17:30:32.0259 3944  dot3svc - ok
17:30:32.0290 3944  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
17:30:32.0337 3944  DPS - ok
17:30:32.0384 3944  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:30:32.0431 3944  drmkaud - ok
17:30:32.0571 3944  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:30:32.0633 3944  DXGKrnl - ok
17:30:32.0665 3944  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
17:30:32.0711 3944  E1G60 - ok
17:30:32.0727 3944  EagleNT - ok
17:30:32.0758 3944  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
17:30:32.0789 3944  EapHost - ok
17:30:32.0836 3944  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
17:30:32.0852 3944  Ecache - ok
17:30:32.0977 3944  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:30:33.0023 3944  ehRecvr - ok
17:30:33.0039 3944  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
17:30:33.0101 3944  ehSched - ok
17:30:33.0101 3944  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
17:30:33.0133 3944  ehstart - ok
17:30:33.0179 3944  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
17:30:33.0242 3944  elxstor - ok
17:30:33.0289 3944  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
17:30:33.0382 3944  EMDMgmt - ok
17:30:33.0413 3944  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
17:30:33.0460 3944  ErrDev - ok
17:30:33.0523 3944  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
17:30:33.0554 3944  EventSystem - ok
17:30:33.0601 3944  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
17:30:33.0663 3944  exfat - ok
17:30:33.0694 3944  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:30:33.0741 3944  fastfat - ok
17:30:33.0772 3944  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:30:33.0819 3944  fdc - ok
17:30:33.0835 3944  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:30:33.0866 3944  fdPHost - ok
17:30:33.0881 3944  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:30:33.0959 3944  FDResPub - ok
17:30:33.0975 3944  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:30:33.0991 3944  FileInfo - ok
17:30:34.0006 3944  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:30:34.0053 3944  Filetrace - ok
17:30:34.0069 3944  [ FD7CB14845A7F91BE11F80635B2CD8A6 ] FiltUSBET       C:\Windows\system32\DRIVERS\etFilter.sys
17:30:34.0100 3944  FiltUSBET - ok
17:30:34.0131 3944  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:30:34.0162 3944  flpydisk - ok
17:30:34.0209 3944  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:30:34.0225 3944  FltMgr - ok
17:30:34.0318 3944  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
17:30:34.0381 3944  FontCache - ok
17:30:34.0443 3944  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:30:34.0459 3944  FontCache3.0.0.0 - ok
17:30:34.0490 3944  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:30:34.0537 3944  Fs_Rec - ok
17:30:34.0599 3944  [ FF12FA487265DA2AC7DE4BE53F72FF1A ] FWLANUSB        C:\Windows\system32\DRIVERS\fwlanusb.sys
17:30:34.0630 3944  FWLANUSB - ok
17:30:34.0646 3944  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
17:30:34.0661 3944  gagp30kx - ok
17:30:34.0739 3944  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:30:34.0755 3944  GEARAspiWDM - ok
17:30:34.0817 3944  [ 31B40F40E09513ADDC460F6A297AD474 ] ghaio           C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
17:30:34.0833 3944  ghaio - ok
17:30:34.0864 3944  [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio          C:\Windows\system32\giveio.sys
17:30:34.0880 3944  giveio ( UnsignedFile.Multi.Generic ) - warning
17:30:34.0880 3944  giveio - detected UnsignedFile.Multi.Generic (1)
17:30:34.0927 3944  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
17:30:34.0973 3944  gpsvc - ok
17:30:35.0067 3944  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
17:30:35.0083 3944  gupdate - ok
17:30:35.0129 3944  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
17:30:35.0145 3944  gupdatem - ok
17:30:35.0207 3944  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:30:35.0270 3944  HdAudAddService - ok
17:30:35.0301 3944  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:30:35.0363 3944  HDAudBus - ok
17:30:35.0395 3944  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
17:30:35.0473 3944  HidBth - ok
17:30:35.0504 3944  [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:30:35.0519 3944  HidIr - ok
17:30:35.0566 3944  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
17:30:35.0597 3944  hidserv - ok
17:30:35.0597 3944  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:30:35.0644 3944  HidUsb - ok
17:30:35.0660 3944  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:30:35.0707 3944  hkmsvc - ok
17:30:35.0738 3944  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
17:30:35.0753 3944  HpCISSs - ok
17:30:35.0800 3944  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:30:35.0878 3944  HTTP - ok
17:30:35.0956 3944  [ 1720966D9C7EA5E2D78B6DB92D2F9171 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
17:30:35.0987 3944  hwdatacard - ok
17:30:36.0019 3944  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
17:30:36.0034 3944  i2omp - ok
17:30:36.0081 3944  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:30:36.0112 3944  i8042prt - ok
17:30:36.0159 3944  [ 80C633722DA72E97F3F5B3B11325696D ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
17:30:36.0175 3944  iaStor - ok
17:30:36.0206 3944  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
17:30:36.0221 3944  iaStorV - ok
17:30:36.0331 3944  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:30:36.0393 3944  idsvc - ok
17:30:36.0424 3944  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
17:30:36.0440 3944  iirsp - ok
17:30:36.0487 3944  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
17:30:36.0533 3944  IKEEXT - ok
17:30:36.0767 3944  [ 58072F5FD95ECE78F9FA7BDA1210A9E7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:30:36.0877 3944  IntcAzAudAddService - ok
17:30:36.0955 3944  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
17:30:36.0986 3944  intelide - ok
17:30:37.0017 3944  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:30:37.0064 3944  intelppm - ok
17:30:37.0079 3944  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:30:37.0126 3944  IPBusEnum - ok
17:30:37.0157 3944  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:30:37.0189 3944  IpFilterDriver - ok
17:30:37.0220 3944  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:30:37.0313 3944  iphlpsvc - ok
17:30:37.0313 3944  IpInIp - ok
17:30:37.0345 3944  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
17:30:37.0376 3944  IPMIDRV - ok
17:30:37.0391 3944  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
17:30:37.0423 3944  IPNAT - ok
17:30:37.0485 3944  [ EF1C51222117B37AFBFF8F4642EA8C62 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
17:30:37.0501 3944  iPod Service - ok
17:30:37.0516 3944  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:30:37.0563 3944  IRENUM - ok
17:30:37.0579 3944  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
17:30:37.0610 3944  isapnp - ok
17:30:37.0641 3944  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:30:37.0657 3944  iScsiPrt - ok
17:30:37.0688 3944  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
17:30:37.0703 3944  iteatapi - ok
17:30:37.0735 3944  [ 8BCD857C7932AD005D5F9C89329DA2E1 ] itecir          C:\Windows\system32\DRIVERS\itecir.sys
17:30:37.0797 3944  itecir - ok
17:30:37.0813 3944  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
17:30:37.0828 3944  iteraid - ok
17:30:37.0844 3944  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:30:37.0859 3944  kbdclass - ok
17:30:37.0906 3944  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:30:37.0937 3944  kbdhid - ok
17:30:37.0969 3944  [ 27BD4AC228EF6C0D490617C32E86A672 ] kbfiltr         C:\Windows\system32\DRIVERS\kbfiltr.sys
17:30:37.0969 3944  kbfiltr - ok
17:30:38.0015 3944  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
17:30:38.0078 3944  KeyIso - ok
17:30:38.0125 3944  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:30:38.0171 3944  KSecDD - ok
17:30:38.0234 3944  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:30:38.0265 3944  KtmRm - ok
17:30:38.0296 3944  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:30:38.0390 3944  LanmanServer - ok
17:30:38.0421 3944  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:30:38.0468 3944  LanmanWorkstation - ok
17:30:38.0499 3944  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:30:38.0593 3944  lltdio - ok
17:30:38.0624 3944  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:30:38.0686 3944  lltdsvc - ok
17:30:38.0702 3944  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:30:38.0749 3944  lmhosts - ok
17:30:38.0764 3944  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
17:30:38.0780 3944  LSI_FC - ok
17:30:38.0811 3944  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
17:30:38.0827 3944  LSI_SAS - ok
17:30:38.0842 3944  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
17:30:38.0858 3944  LSI_SCSI - ok
17:30:38.0873 3944  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
17:30:38.0936 3944  luafv - ok
17:30:38.0983 3944  [ 8039F480C192DD99FED4EBC71FFBF795 ] lullaby         C:\Windows\system32\DRIVERS\lullaby.sys
17:30:38.0998 3944  lullaby - ok
17:30:39.0029 3944  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:30:39.0061 3944  Mcx2Svc - ok
17:30:39.0107 3944  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
17:30:39.0123 3944  megasas - ok
17:30:39.0154 3944  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
17:30:39.0185 3944  MegaSR - ok
17:30:39.0248 3944  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
17:30:39.0326 3944  MMCSS - ok
17:30:39.0341 3944  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
17:30:39.0388 3944  Modem - ok
17:30:39.0435 3944  [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA        C:\Windows\system32\drivers\MODEMCSA.sys
17:30:39.0497 3944  MODEMCSA - ok
17:30:39.0529 3944  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:30:39.0575 3944  monitor - ok
17:30:39.0607 3944  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:30:39.0622 3944  mouclass - ok
17:30:39.0638 3944  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:30:39.0685 3944  mouhid - ok
17:30:39.0716 3944  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
17:30:39.0731 3944  MountMgr - ok
17:30:39.0794 3944  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:30:39.0809 3944  MozillaMaintenance - ok
17:30:39.0872 3944  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
17:30:39.0887 3944  mpio - ok
17:30:39.0903 3944  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:30:39.0934 3944  mpsdrv - ok
17:30:39.0997 3944  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:30:40.0059 3944  MpsSvc - ok
17:30:40.0075 3944  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
17:30:40.0090 3944  Mraid35x - ok
17:30:40.0121 3944  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:30:40.0153 3944  MRxDAV - ok
17:30:40.0231 3944  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:30:40.0277 3944  mrxsmb - ok
17:30:40.0309 3944  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:30:40.0355 3944  mrxsmb10 - ok
17:30:40.0355 3944  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:30:40.0387 3944  mrxsmb20 - ok
17:30:40.0418 3944  [ DE77526BDE93142BDC90CFA9F5CEAD36 ] msahci          C:\Windows\system32\drivers\msahci.sys
17:30:40.0433 3944  msahci - ok
17:30:40.0480 3944  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
17:30:40.0496 3944  msdsm - ok
17:30:40.0527 3944  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
17:30:40.0574 3944  MSDTC - ok
17:30:40.0574 3944  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:30:40.0652 3944  Msfs - ok
17:30:40.0667 3944  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
17:30:40.0683 3944  msisadrv - ok
17:30:40.0699 3944  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:30:40.0730 3944  MSiSCSI - ok
17:30:40.0745 3944  msiserver - ok
17:30:40.0777 3944  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:30:40.0808 3944  MSKSSRV - ok
17:30:40.0839 3944  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:30:40.0870 3944  MSPCLOCK - ok
17:30:40.0886 3944  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:30:40.0917 3944  MSPQM - ok
17:30:40.0948 3944  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:30:40.0964 3944  MsRPC - ok
17:30:40.0979 3944  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:30:40.0995 3944  mssmbios - ok
17:30:41.0011 3944  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:30:41.0073 3944  MSTEE - ok
17:30:41.0089 3944  [ 97AFFA9D95FFE20EEE6229BC6BE166CF ] MTsensor        C:\Windows\system32\DRIVERS\ATKACPI.sys
17:30:41.0120 3944  MTsensor - ok
17:30:41.0135 3944  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
17:30:41.0151 3944  Mup - ok
17:30:41.0182 3944  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
17:30:41.0229 3944  napagent - ok
17:30:41.0291 3944  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:30:41.0307 3944  NativeWifiP - ok
17:30:41.0354 3944  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:30:41.0385 3944  NDIS - ok
17:30:41.0432 3944  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:30:41.0463 3944  NdisTapi - ok
17:30:41.0463 3944  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:30:41.0510 3944  Ndisuio - ok
17:30:41.0557 3944  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:30:41.0588 3944  NdisWan - ok
17:30:41.0619 3944  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:30:41.0650 3944  NDProxy - ok
17:30:41.0713 3944  [ 1352E1648213551923A0A822E441553C ] Netaapl         C:\Windows\system32\DRIVERS\netaapl.sys
17:30:41.0744 3944  Netaapl - ok
17:30:41.0759 3944  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:30:41.0791 3944  NetBIOS - ok
17:30:41.0822 3944  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
17:30:41.0853 3944  netbt - ok
17:30:41.0869 3944  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
17:30:41.0884 3944  Netlogon - ok
17:30:41.0947 3944  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
17:30:42.0009 3944  Netman - ok
17:30:42.0040 3944  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
17:30:42.0087 3944  netprofm - ok
17:30:42.0118 3944  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:30:42.0134 3944  NetTcpPortSharing - ok
17:30:42.0259 3944  [ F0C42E0CDCE558D658FA53A222B4CCB1 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
17:30:42.0446 3944  NETw5v32 - ok
17:30:42.0477 3944  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
17:30:42.0493 3944  nfrd960 - ok
17:30:42.0539 3944  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:30:42.0571 3944  NlaSvc - ok
17:30:42.0602 3944  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:30:42.0680 3944  Npfs - ok
17:30:42.0695 3944  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
17:30:42.0742 3944  nsi - ok
17:30:42.0758 3944  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:30:42.0805 3944  nsiproxy - ok
17:30:42.0883 3944  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:30:42.0929 3944  Ntfs - ok
17:30:42.0992 3944  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
17:30:43.0070 3944  ntrigdigi - ok
17:30:43.0070 3944  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
17:30:43.0117 3944  Null - ok
17:30:43.0163 3944  [ 0E40EF12BC029FF8B13043F157452C47 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
17:30:43.0179 3944  NVHDA - ok
17:30:43.0429 3944  [ 583E0BE0C10D0A74FD0E7E33C75F49BB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:30:43.0819 3944  nvlddmkm - ok
17:30:43.0850 3944  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:30:43.0865 3944  nvraid - ok
17:30:43.0881 3944  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:30:43.0912 3944  nvstor - ok
17:30:43.0943 3944  [ CF16BD466B297A665C6E1B2538AFAF71 ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:30:43.0975 3944  nvsvc - ok
17:30:44.0006 3944  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
17:30:44.0037 3944  nv_agp - ok
17:30:44.0037 3944  NwlnkFlt - ok
17:30:44.0037 3944  NwlnkFwd - ok
17:30:44.0084 3944  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
17:30:44.0115 3944  ohci1394 - ok
17:30:44.0162 3944  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:30:44.0177 3944  ose - ok
17:30:44.0489 3944  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:30:44.0708 3944  osppsvc - ok
17:30:44.0801 3944  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
17:30:44.0879 3944  p2pimsvc - ok
17:30:44.0926 3944  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:30:44.0957 3944  p2psvc - ok
17:30:44.0989 3944  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
17:30:45.0067 3944  Parport - ok
17:30:45.0098 3944  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:30:45.0113 3944  partmgr - ok
17:30:45.0129 3944  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
17:30:45.0207 3944  Parvdm - ok
17:30:45.0238 3944  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:30:45.0254 3944  PcaSvc - ok
17:30:45.0285 3944  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
17:30:45.0316 3944  pci - ok
17:30:45.0347 3944  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
17:30:45.0363 3944  pciide - ok
17:30:45.0394 3944  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
17:30:45.0410 3944  pcmcia - ok
17:30:45.0441 3944  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:30:45.0550 3944  PEAUTH - ok
17:30:45.0613 3944  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
17:30:45.0737 3944  pla - ok
17:30:45.0784 3944  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:30:45.0815 3944  PlugPlay - ok
17:30:45.0862 3944  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
17:30:45.0878 3944  PNRPAutoReg - ok
17:30:45.0956 3944  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
17:30:45.0987 3944  PNRPsvc - ok
17:30:46.0049 3944  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:30:46.0081 3944  PolicyAgent - ok
17:30:46.0112 3944  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:30:46.0143 3944  PptpMiniport - ok
17:30:46.0174 3944  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
17:30:46.0221 3944  Processor - ok
17:30:46.0252 3944  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
17:30:46.0283 3944  ProfSvc - ok
17:30:46.0299 3944  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:30:46.0315 3944  ProtectedStorage - ok
17:30:46.0346 3944  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
17:30:46.0393 3944  PSched - ok
17:30:46.0439 3944  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
17:30:46.0517 3944  ql2300 - ok
17:30:46.0533 3944  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
17:30:46.0564 3944  ql40xx - ok
17:30:46.0595 3944  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
17:30:46.0627 3944  QWAVE - ok
17:30:46.0642 3944  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:30:46.0720 3944  QWAVEdrv - ok
17:30:46.0736 3944  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:30:46.0767 3944  RasAcd - ok
17:30:46.0798 3944  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
17:30:46.0845 3944  RasAuto - ok
17:30:46.0861 3944  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:30:46.0892 3944  Rasl2tp - ok
17:30:46.0923 3944  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
17:30:46.0954 3944  RasMan - ok
17:30:46.0985 3944  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:30:47.0017 3944  RasPppoe - ok
17:30:47.0032 3944  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:30:47.0048 3944  RasSstp - ok
17:30:47.0063 3944  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:30:47.0110 3944  rdbss - ok
17:30:47.0126 3944  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:30:47.0157 3944  RDPCDD - ok
17:30:47.0188 3944  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
17:30:47.0219 3944  rdpdr - ok
17:30:47.0219 3944  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:30:47.0266 3944  RDPENCDD - ok
17:30:47.0329 3944  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:30:47.0360 3944  RDPWD - ok
17:30:47.0407 3944  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:30:47.0438 3944  RemoteAccess - ok
17:30:47.0469 3944  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:30:47.0500 3944  RemoteRegistry - ok
17:30:47.0531 3944  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
17:30:47.0578 3944  RFCOMM - ok
17:30:47.0625 3944  [ A5B12A4B3B774432DB9B9FA221190E59 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
17:30:47.0656 3944  rimmptsk - ok
17:30:47.0672 3944  [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
17:30:47.0719 3944  rimsptsk - ok
17:30:47.0734 3944  [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
17:30:47.0765 3944  rismxdp - ok
17:30:47.0781 3944  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
17:30:47.0828 3944  RpcLocator - ok
17:30:47.0843 3944  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
17:30:47.0890 3944  RpcSs - ok
17:30:47.0906 3944  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:30:47.0953 3944  rspndr - ok
17:30:48.0046 3944  [ 2FC33077F85D7DC0D03678C06D43898C ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
17:30:48.0109 3944  RTL8169 - ok
17:30:48.0124 3944  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
17:30:48.0140 3944  SamSs - ok
17:30:48.0155 3944  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
17:30:48.0171 3944  sbp2port - ok
17:30:48.0187 3944  [ 2393ED056AE02F5DBB3A7D6E40A5FDC2 ] ScanUSBET       C:\Windows\system32\DRIVERS\etScan.sys
17:30:48.0187 3944  ScanUSBET - ok
17:30:48.0233 3944  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:30:48.0249 3944  SCardSvr - ok
17:30:48.0296 3944  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
17:30:48.0389 3944  Schedule - ok
17:30:48.0421 3944  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:30:48.0452 3944  SCPolicySvc - ok
17:30:48.0467 3944  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
17:30:48.0514 3944  sdbus - ok
17:30:48.0545 3944  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:30:48.0592 3944  SDRSVC - ok
17:30:48.0623 3944  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:30:48.0686 3944  secdrv - ok
17:30:48.0701 3944  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
17:30:48.0779 3944  seclogon - ok
17:30:48.0795 3944  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
17:30:48.0842 3944  SENS - ok
17:30:48.0873 3944  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
17:30:48.0935 3944  Serenum - ok
17:30:48.0967 3944  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
17:30:49.0029 3944  Serial - ok
17:30:49.0060 3944  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
17:30:49.0091 3944  sermouse - ok
17:30:49.0123 3944  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
17:30:49.0169 3944  SessionEnv - ok
17:30:49.0185 3944  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
17:30:49.0216 3944  sffdisk - ok
17:30:49.0232 3944  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
17:30:49.0294 3944  sffp_mmc - ok
17:30:49.0310 3944  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
17:30:49.0341 3944  sffp_sd - ok
17:30:49.0372 3944  [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:30:49.0419 3944  sfloppy - ok
17:30:49.0450 3944  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:30:49.0497 3944  SharedAccess - ok
17:30:49.0544 3944  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:30:49.0591 3944  ShellHWDetection - ok
17:30:49.0606 3944  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
17:30:49.0622 3944  sisagp - ok
17:30:49.0669 3944  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
17:30:49.0684 3944  SiSRaid2 - ok
17:30:49.0700 3944  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
17:30:49.0715 3944  SiSRaid4 - ok
17:30:49.0825 3944  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
17:30:49.0825 3944  SkypeUpdate - ok
17:30:49.0934 3944  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
17:30:50.0121 3944  slsvc - ok
17:30:50.0137 3944  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
17:30:50.0183 3944  SLUINotify - ok
17:30:50.0199 3944  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:30:50.0215 3944  Smb - ok
17:30:50.0293 3944  [ C8A58FC905C9184FA70E37F71060C64D ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
17:30:50.0417 3944  smserial - ok
17:30:50.0464 3944  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:30:50.0495 3944  SNMPTRAP - ok
17:30:50.0511 3944  [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan        C:\Windows\system32\speedfan.sys
17:30:50.0542 3944  speedfan - ok
17:30:50.0542 3944  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
17:30:50.0558 3944  spldr - ok
17:30:50.0589 3944  [ 739DB668DBD812285ECC553E64A5E212 ] spmgr           C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
17:30:50.0605 3944  spmgr - ok
17:30:50.0620 3944  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
17:30:50.0667 3944  Spooler - ok
17:30:50.0761 3944  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:30:50.0823 3944  srv - ok
17:30:50.0870 3944  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:30:50.0917 3944  srv2 - ok
17:30:50.0948 3944  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:30:50.0979 3944  srvnet - ok
17:30:50.0995 3944  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:30:51.0041 3944  SSDPSRV - ok
17:30:51.0088 3944  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
17:30:51.0104 3944  ssmdrv - ok
17:30:51.0119 3944  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:30:51.0135 3944  SstpSvc - ok
17:30:51.0166 3944  Steam Client Service - ok
17:30:51.0260 3944  [ 24341E7270C2FDD7557FD34B5A058A6B ] Stereo Service  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:30:51.0275 3944  Stereo Service - ok
17:30:51.0369 3944  [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
17:30:51.0416 3944  StillCam - ok
17:30:51.0447 3944  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
17:30:51.0478 3944  stisvc - ok
17:30:51.0494 3944  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:30:51.0509 3944  swenum - ok
17:30:51.0541 3944  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
17:30:51.0587 3944  swprv - ok
17:30:51.0603 3944  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
17:30:51.0619 3944  Symc8xx - ok
17:30:51.0634 3944  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
17:30:51.0650 3944  Sym_hi - ok
17:30:51.0681 3944  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
17:30:51.0697 3944  Sym_u3 - ok
17:30:51.0728 3944  [ BE78198C69135EF1FA157E08FD5C90FF ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
17:30:51.0743 3944  SynTP - ok
17:30:51.0790 3944  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
17:30:51.0884 3944  SysMain - ok
17:30:51.0915 3944  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:30:51.0946 3944  TabletInputService - ok
17:30:51.0977 3944  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:30:52.0024 3944  TapiSrv - ok
17:30:52.0071 3944  [ D7F411C5AF992BB44E86083A6AA7B045 ] tbhsd           C:\Windows\system32\drivers\tbhsd.sys
17:30:52.0087 3944  tbhsd - ok
17:30:52.0102 3944  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
17:30:52.0133 3944  TBS - ok
17:30:52.0180 3944  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:30:52.0243 3944  Tcpip - ok
17:30:52.0289 3944  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
17:30:52.0321 3944  Tcpip6 - ok
17:30:52.0367 3944  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:30:52.0399 3944  tcpipreg - ok
17:30:52.0430 3944  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:30:52.0492 3944  TDPIPE - ok
17:30:52.0508 3944  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:30:52.0570 3944  TDTCP - ok
17:30:52.0601 3944  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:30:52.0633 3944  tdx - ok
17:30:52.0664 3944  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:30:52.0679 3944  TermDD - ok
17:30:52.0695 3944  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
17:30:52.0742 3944  TermService - ok
17:30:52.0804 3944  [ 7DF8712159FD1B4812D730519808F282 ] TfBulk          C:\Windows\system32\DRIVERS\TfBulk.sys
17:30:52.0820 3944  TfBulk ( UnsignedFile.Multi.Generic ) - warning
17:30:52.0820 3944  TfBulk - detected UnsignedFile.Multi.Generic (1)
17:30:52.0851 3944  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
17:30:52.0867 3944  Themes - ok
17:30:52.0882 3944  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
17:30:52.0913 3944  THREADORDER - ok
17:30:52.0929 3944  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
17:30:52.0976 3944  TrkWks - ok
17:30:53.0023 3944  [ BE45DAD1C73A3216EDC8C485916F6594 ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
17:30:53.0054 3944  truecrypt - ok
17:30:53.0101 3944  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:30:53.0132 3944  TrustedInstaller - ok
17:30:53.0163 3944  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:30:53.0210 3944  tssecsrv - ok
17:30:53.0225 3944  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
17:30:53.0257 3944  tunmp - ok
17:30:53.0288 3944  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:30:53.0319 3944  tunnel - ok
17:30:53.0335 3944  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
17:30:53.0350 3944  uagp35 - ok
17:30:53.0350 3944  udfpt - ok
17:30:53.0381 3944  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:30:53.0413 3944  udfs - ok
17:30:53.0444 3944  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:30:53.0475 3944  UI0Detect - ok
17:30:53.0491 3944  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
17:30:53.0506 3944  uliagpkx - ok
17:30:53.0522 3944  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
17:30:53.0553 3944  uliahci - ok
17:30:53.0584 3944  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
17:30:53.0615 3944  UlSata - ok
17:30:53.0631 3944  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
17:30:53.0647 3944  ulsata2 - ok
17:30:53.0662 3944  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:30:53.0693 3944  umbus - ok
17:30:53.0725 3944  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
17:30:53.0771 3944  upnphost - ok
17:30:53.0803 3944  [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
17:30:53.0834 3944  USBAAPL ( UnsignedFile.Multi.Generic ) - warning
17:30:53.0834 3944  USBAAPL - detected UnsignedFile.Multi.Generic (1)
17:30:53.0896 3944  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
17:30:53.0927 3944  usbaudio - ok
17:30:53.0974 3944  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:30:54.0021 3944  usbccgp - ok
17:30:54.0037 3944  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
17:30:54.0083 3944  usbcir - ok
17:30:54.0115 3944  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:30:54.0146 3944  usbehci - ok
17:30:54.0161 3944  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:30:54.0193 3944  usbhub - ok
17:30:54.0224 3944  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:30:54.0271 3944  usbohci - ok
17:30:54.0302 3944  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:30:54.0364 3944  usbprint - ok
17:30:54.0427 3944  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:30:54.0458 3944  USBSTOR - ok
17:30:54.0473 3944  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:30:54.0505 3944  usbuhci - ok
17:30:54.0551 3944  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
17:30:54.0598 3944  usbvideo - ok
17:30:54.0629 3944  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
17:30:54.0676 3944  UxSms - ok
17:30:54.0692 3944  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
17:30:54.0739 3944  vds - ok
17:30:54.0785 3944  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:30:54.0848 3944  vga - ok
17:30:54.0863 3944  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:30:54.0895 3944  VgaSave - ok
17:30:54.0926 3944  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
17:30:54.0941 3944  viaagp - ok
17:30:54.0957 3944  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
17:30:54.0988 3944  ViaC7 - ok
17:30:55.0004 3944  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
17:30:55.0035 3944  viaide - ok
17:30:55.0051 3944  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
17:30:55.0066 3944  volmgr - ok
17:30:55.0097 3944  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:30:55.0129 3944  volmgrx - ok
17:30:55.0191 3944  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
17:30:55.0222 3944  volsnap - ok
17:30:55.0238 3944  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
17:30:55.0253 3944  vsmraid - ok
17:30:55.0285 3944  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
17:30:55.0363 3944  VSS - ok
17:30:55.0409 3944  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
17:30:55.0441 3944  W32Time - ok
17:30:55.0456 3944  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
17:30:55.0534 3944  WacomPen - ok
17:30:55.0550 3944  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
17:30:55.0597 3944  Wanarp - ok
17:30:55.0597 3944  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:30:55.0628 3944  Wanarpv6 - ok
17:30:55.0643 3944  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:30:55.0675 3944  wcncsvc - ok
17:30:55.0737 3944  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:30:55.0784 3944  WcsPlugInService - ok
17:30:55.0831 3944  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
17:30:55.0846 3944  Wd - ok
17:30:55.0909 3944  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:30:55.0924 3944  Wdf01000 - ok
17:30:55.0955 3944  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:30:56.0018 3944  WdiServiceHost - ok
17:30:56.0018 3944  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:30:56.0049 3944  WdiSystemHost - ok
17:30:56.0080 3944  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
17:30:56.0111 3944  WebClient - ok
17:30:56.0143 3944  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:30:56.0205 3944  Wecsvc - ok
17:30:56.0252 3944  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:30:56.0283 3944  wercplsupport - ok
17:30:56.0314 3944  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:30:56.0345 3944  WerSvc - ok
17:30:56.0423 3944  [ 97D0D27A87622154BC90B92D84FD91B5 ] whfltr2k        C:\Windows\system32\DRIVERS\whfltr2k.sys
17:30:56.0470 3944  whfltr2k - ok
17:30:56.0517 3944  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
17:30:56.0533 3944  WinDefend - ok
17:30:56.0533 3944  WinHttpAutoProxySvc - ok
17:30:56.0595 3944  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:30:56.0611 3944  Winmgmt - ok
17:30:56.0673 3944  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:30:56.0751 3944  WinRM - ok
17:30:56.0829 3944  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:30:56.0891 3944  Wlansvc - ok
17:30:56.0938 3944  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
17:30:56.0969 3944  WmiAcpi - ok
17:30:57.0001 3944  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:30:57.0032 3944  wmiApSrv - ok
17:30:57.0125 3944  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
17:30:57.0188 3944  WMPNetworkSvc - ok
17:30:57.0219 3944  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:30:57.0266 3944  WPCSvc - ok
17:30:57.0313 3944  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:30:57.0344 3944  WPDBusEnum - ok
17:30:57.0375 3944  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
17:30:57.0391 3944  WpdUsb - ok
17:30:57.0500 3944  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:30:57.0531 3944  WPFFontCache_v0400 - ok
17:30:57.0578 3944  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:30:57.0625 3944  ws2ifsl - ok
17:30:57.0656 3944  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
17:30:57.0671 3944  wscsvc - ok
17:30:57.0687 3944  WSearch - ok
17:30:57.0749 3944  [ A583F4BF607EBC5709578433207A76A8 ] WTGService      C:\Program Files\Verbindungsassistent\wtgservice.exe
17:30:57.0796 3944  WTGService - ok
17:30:57.0859 3944  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
17:30:58.0015 3944  wuauserv - ok
17:30:58.0077 3944  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:30:58.0108 3944  WUDFRd - ok
17:30:58.0139 3944  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:30:58.0186 3944  wudfsvc - ok
17:30:58.0217 3944  [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
17:30:58.0280 3944  yukonwlh - ok
17:30:58.0295 3944  ================ Scan global ===============================
17:30:58.0327 3944  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
17:30:58.0405 3944  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:30:58.0420 3944  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:30:58.0451 3944  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
17:30:58.0467 3944  [Global] - ok
17:30:58.0467 3944  ================ Scan MBR ==================================
17:30:58.0483 3944  [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk0\DR0
17:30:59.0138 3944  \Device\Harddisk0\DR0 - ok
17:30:59.0450 3944  [ 64B1E91C5C6C2157642651010728F90F ] \Device\Harddisk1\DR1
17:30:59.0575 3944  \Device\Harddisk1\DR1 - ok
17:30:59.0575 3944  ================ Scan VBR ==================================
17:30:59.0590 3944  [ CB808E962FB9EA699B1A50E08397BE9A ] \Device\Harddisk0\DR0\Partition1
17:30:59.0590 3944  \Device\Harddisk0\DR0\Partition1 - ok
17:30:59.0590 3944  [ 0A79847EFE138ACD95F4C97090BC7DB4 ] \Device\Harddisk0\DR0\Partition2
17:30:59.0590 3944  \Device\Harddisk0\DR0\Partition2 - ok
17:30:59.0637 3944  [ 6599E8079B52BFC8A1BED094B1D60C87 ] \Device\Harddisk1\DR1\Partition1
17:30:59.0653 3944  \Device\Harddisk1\DR1\Partition1 - ok
17:30:59.0684 3944  [ 67175C26A39AEE28EDEBB2BAFA46F08E ] \Device\Harddisk1\DR1\Partition2
17:30:59.0684 3944  \Device\Harddisk1\DR1\Partition2 - ok
17:30:59.0684 3944  ============================================================
17:30:59.0684 3944  Scan finished
17:30:59.0684 3944  ============================================================
17:30:59.0684 0816  Detected object count: 10
17:30:59.0684 0816  Actual detected object count: 10
17:31:41.0539 0816  Afc ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:41.0539 0816  Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:31:41.0539 0816  Akamai ( HiddenFile.Multi.Generic ) - skipped by user
17:31:41.0539 0816  Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
17:31:41.0539 0816  ASBroker ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:41.0539 0816  ASBroker ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:31:41.0539 0816  ASChannel ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:41.0539 0816  ASChannel ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:31:41.0554 0816  ASLDRService ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:41.0554 0816  ASLDRService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:31:41.0554 0816  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:41.0554 0816  ATKGFNEXSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:31:41.0554 0816  avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:41.0554 0816  avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:31:41.0554 0816  giveio ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:41.0554 0816  giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:31:41.0554 0816  TfBulk ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:41.0554 0816  TfBulk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:31:41.0554 0816  USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
17:31:41.0554 0816  USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:32:03.0923 5624  Deinitialize success

cosinus · 05.12.2012, 22:14

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

arnto · 07.12.2012, 00:45

Hier ist der Log

Code:

ATTFilter

# AdwCleaner v2.011 - Datei am 07/12/2012 um 00:43:48 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Tizian - TIZIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tizian\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Windows\Uninstall.exe
Ordner Gefunden : C:\Program Files\vShare
Ordner Gefunden : C:\Users\Tizian\AppData\Local\Temp\vshare@toolbar
Ordner Gefunden : C:\Users\Tizian\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Tizian\AppData\LocalLow\vShare
Ordner Gefunden : C:\Users\Tizian\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\vShare
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.PugiObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Schlüssel Gefunden : HKU\S-1-5-21-3697480073-924179132-2046094984-1000\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default 
Datei : C:\Users\Tizian\AppData\Roaming\Mozilla\Firefox\Profiles\t7cbvakk.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hv6jhrs9.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Chromium v      negative_upload_rate: 1.0

Datei : C:\Users\Tizian\AppData\Local\Chromium\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Gast\AppData\Local\Chromium\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4045 octets] - [07/12/2012 00:43:48]

########## EOF - C:\AdwCleaner[R1].txt - [4105 octets] ##########

cosinus · 07.12.2012, 10:25

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

arnto · 09.12.2012, 14:26

Hier der adw-Log:

Code:

ATTFilter

# AdwCleaner v2.011 - Datei am 09/12/2012 um 13:47:40 erstellt
# Aktualisiert am 02/12/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Tizian - TIZIAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Tizian\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Windows\Uninstall.exe
Ordner Gelöscht : C:\Program Files\vShare
Ordner Gelöscht : C:\Users\Tizian\AppData\Local\Temp\vshare@toolbar
Ordner Gelöscht : C:\Users\Tizian\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Tizian\AppData\LocalLow\vShare
Ordner Gelöscht : C:\Users\Tizian\AppData\Roaming\pdfforge

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\vShare
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\vShare
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16455

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Profilname : default 
Datei : C:\Users\Tizian\AppData\Roaming\Mozilla\Firefox\Profiles\t7cbvakk.default\prefs.js

[OK] Die Datei ist sauber.

Profilname : default 
Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\hv6jhrs9.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Chromium v      negative_upload_rate: 1.0

Datei : C:\Users\Tizian\AppData\Local\Chromium\User Data\Default\Preferences

[OK] Die Datei ist sauber.

Datei : C:\Users\Gast\AppData\Local\Chromium\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [4174 octets] - [07/12/2012 00:43:48]
AdwCleaner[S1].txt - [3946 octets] - [09/12/2012 13:47:40]

########## EOF - C:\AdwCleaner[S1].txt - [4006 octets] ##########

Die OTL.txt

Code:

ATTFilter

OTL logfile created on: 09.12.2012 13:55:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tizian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,51% Memory free
6,19 Gb Paging File | 4,85 Gb Available in Paging File | 78,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 19,40 Gb Free Space | 13,02% Space Free | Partition Type: NTFS
Drive D: | 149,04 Gb Total Space | 7,82 Gb Free Space | 5,25% Space Free | Partition Type: NTFS
Drive E: | 139,28 Gb Total Space | 45,00 Gb Free Space | 32,31% Space Free | Partition Type: NTFS
Drive F: | 149,04 Gb Total Space | 122,19 Gb Free Space | 81,98% Space Free | Partition Type: NTFS
 
Computer Name: TIZIAN-PC | User Name: Tizian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Tizian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Users\Tizian\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Verbindungsassistent\wtgservice.exe ()
PRC - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe (ASUS)
PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\P4P\P4P.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\WDC.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe ()
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe (Cognizance Corporation)
PRC - C:\Windows\CmUCREye.exe ()
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Notepad++\NppShell_02.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll ()
MOD - C:\Program Files\P4P\P4P.exe ()
MOD - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe ()
MOD - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\Program Files\ASUS\ATK Hotkey\MsgTran.dll ()
MOD - C:\Windows\CmUCREye.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ce5ba24.dll ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (WTGService) -- C:\Program Files\Verbindungsassistent\wtgservice.exe ()
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe ()
SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (ASBroker) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll (Cognizance Corporation)
SRV - (ASChannel) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsChnl.dll (Cognizance Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (udfpt) -- system32\drivers\udfpt.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (TfBulk) -- C:\Windows\System32\drivers\TfBulk.SYS (Topfield (visit www.topfield.co.kr))
DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (lullaby) -- C:\Windows\System32\drivers\lullaby.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (FiltUSBET) -- C:\Windows\System32\drivers\etFilter.sys (eMPIA Technology Inc.)
DRV - (ScanUSBET) -- C:\Windows\System32\drivers\etScan.sys (eMPIA Technology, Inc.)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (ITE Tech. Inc. )
DRV - (DCamUSBET) -- C:\Windows\System32\drivers\etDevice.sys (eMPIA Technology, Inc.)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()
DRV - (ATSWPDRV) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (whfltr2k) -- C:\Windows\System32\drivers\whfltr2k.sys ()
DRV - (CMISTOR) -- C:\Windows\System32\drivers\cmiucr.SYS (C-Media Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3697480073-924179132-2046094984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
IE - HKU\S-1-5-21-3697480073-924179132-2046094984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.asus.com
IE - HKU\S-1-5-21-3697480073-924179132-2046094984-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3697480073-924179132-2046094984-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3697480073-924179132-2046094984-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3697480073-924179132-2046094984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3697480073-924179132-2046094984-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.0.4
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: optout%40google.com:1.5
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Tizian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.23 01:15:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.03 23:31:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.01 19:31:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.01 19:31:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.09 20:14:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.09 20:14:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.01 19:31:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.01 19:31:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.11.09 20:14:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.11.09 20:14:35 | 000,000,000 | ---D | M]
 
[2010.01.03 18:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tizian\AppData\Roaming\mozilla\Extensions
[2010.01.03 18:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tizian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.12.08 12:02:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tizian\AppData\Roaming\mozilla\Firefox\Profiles\t7cbvakk.default\extensions
[2012.11.25 11:27:03 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Tizian\AppData\Roaming\mozilla\Firefox\Profiles\t7cbvakk.default\extensions\foxyproxy@eric.h.jung
[2012.11.11 15:14:43 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Tizian\AppData\Roaming\mozilla\Firefox\Profiles\t7cbvakk.default\extensions\https-everywhere@eff.org
[2012.09.18 18:00:13 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Tizian\AppData\Roaming\mozilla\Firefox\Profiles\t7cbvakk.default\extensions\ich@maltegoetz.de
[2012.03.01 00:28:24 | 000,008,363 | ---- | M] () (No name found) -- C:\Users\Tizian\AppData\Roaming\mozilla\firefox\profiles\t7cbvakk.default\extensions\optout@google.com.xpi
[2012.06.14 23:34:01 | 000,150,579 | ---- | M] () (No name found) -- C:\Users\Tizian\AppData\Roaming\mozilla\firefox\profiles\t7cbvakk.default\extensions\{1f91cde0-c040-11da-a94d-0800200c9a66}.xpi
[2012.12.08 12:02:55 | 000,035,624 | ---- | M] () (No name found) -- C:\Users\Tizian\AppData\Roaming\mozilla\firefox\profiles\t7cbvakk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.23 20:21:37 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Tizian\AppData\Roaming\mozilla\firefox\profiles\t7cbvakk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.01 19:31:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.12.01 19:31:55 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.21 02:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.29 01:22:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 02:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 02:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 02:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 02:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cmiboot] C:\Windows\cmiboot.exe ()
O4 - HKLM..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule File not found
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe ()
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found
O4 - HKLM..\Run: [PowerForPhone] C:\Program Files\P4P\P4P.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TQ566808] "G:\Setup.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3697480073-924179132-2046094984-1000..\Run: [Akamai NetSession Interface] C:\Users\Tizian\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-3697480073-924179132-2046094984-1000..\Run: [Facebook Update] C:\Users\Tizian\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3697480073-924179132-2046094984-1000..\Run: [feedreader.exe] "C:\Program Files\FeedReader30\feedreader.exe" File not found
O4 - HKU\S-1-5-21-3697480073-924179132-2046094984-1000..\Run: [ICQ] "C:\Program Files\ICQ7.6\ICQ.exe" silent loginmode=4 File not found
O4 - HKU\S-1-5-21-3697480073-924179132-2046094984-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - Startup: C:\Users\Tizian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Tizian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DC10D93-B091-4C2A-8B80-D634544A7DD7}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BA5FB99-DEAB-4543-B78A-668B9B339DBE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74149986-C08B-4789-B578-84A12145872F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDF75958-2D79-46EC-8D26-2CE73B04AF0B}: DhcpNameServer = 10.129.32.1 10.111.81.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Tizian\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O24 - Desktop BackupWallPaper: C:\Users\Tizian\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2683b630-a0a2-11df-8f27-002354a12743}\Shell - "" = AutoRun
O33 - MountPoints2\{2683b630-a0a2-11df-8f27-002354a12743}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{2683b632-a0a2-11df-8f27-002354a12743}\Shell - "" = AutoRun
O33 - MountPoints2\{2683b632-a0a2-11df-8f27-002354a12743}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{675dbc40-31e5-11df-8f98-002354a12743}\Shell\Auto\command - "" = Windows.scr
O33 - MountPoints2\{675dbc40-31e5-11df-8f98-002354a12743}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Windows.scr
O33 - MountPoints2\{83a32a8a-0db8-11df-87de-002354a12743}\Shell - "" = AutoRun
O33 - MountPoints2\{83a32a8a-0db8-11df-87de-002354a12743}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{83a32a9b-0db8-11df-87de-002354a12743}\Shell - "" = AutoRun
O33 - MountPoints2\{83a32a9b-0db8-11df-87de-002354a12743}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{902ac641-d2c0-11df-a16f-002354a12743}\Shell - "" = AutoRun
O33 - MountPoints2\{902ac641-d2c0-11df-a16f-002354a12743}\Shell\AutoRun\command - "" = H:\pushinst.exe
O33 - MountPoints2\{92e7736c-f81c-11de-9974-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{92e7736c-f81c-11de-9974-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{a62b3a26-0d0b-11df-8930-002354a12743}\Shell - "" = AutoRun
O33 - MountPoints2\{a62b3a26-0d0b-11df-8930-002354a12743}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{d027c166-a62d-11e0-9c3a-002354a12743}\Shell - "" = AutoRun
O33 - MountPoints2\{d027c166-a62d-11e0-9c3a-002354a12743}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{ed4bed55-28f3-11df-9a5c-002354a12743}\Shell\AutoRun\command - "" = H:\StartPortableApps.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.09 13:53:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tizian\Desktop\OTL.exe
[2012.12.06 18:02:54 | 000,000,000 | ---D | C] -- C:\Users\Tizian\Desktop\VWL
[2012.12.05 17:28:38 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tizian\Desktop\tdsskiller.exe
[2012.12.03 23:09:49 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Tizian\Desktop\aswMBR.exe
[2012.12.01 19:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.11.29 22:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.11.29 22:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.11.29 22:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.11.29 22:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.11.28 07:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.28 07:40:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.28 07:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.17 01:42:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.11.17 01:37:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.11.17 01:37:41 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.11.17 01:37:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.11.17 01:37:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.11.17 01:37:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.11.17 01:37:40 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.11.17 01:37:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.11.17 01:37:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.11.16 19:16:56 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll
[2012.11.16 19:16:35 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.11.09 20:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012.11.09 20:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.09 13:53:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tizian\Desktop\OTL.exe
[2012.12.09 13:50:10 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.09 13:50:07 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2012.12.09 13:49:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.09 13:49:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.09 13:49:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.09 13:49:12 | 3220,295,680 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.09 13:48:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.12.09 04:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.12.09 04:05:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.09 03:39:45 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3697480073-924179132-2046094984-1000Core.job
[2012.12.09 03:25:50 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3697480073-924179132-2046094984-1000UA.job
[2012.12.07 00:43:38 | 000,540,743 | ---- | M] () -- C:\Users\Tizian\Desktop\adwcleaner.exe
[2012.12.06 17:39:47 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.06 17:39:47 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.06 17:39:47 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.06 17:39:47 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.05 17:28:43 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tizian\Desktop\tdsskiller.exe
[2012.12.03 23:22:50 | 000,000,512 | ---- | M] () -- C:\Users\Tizian\Desktop\MBR.dat
[2012.12.03 23:11:20 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Tizian\Desktop\aswMBR.exe
[2012.12.01 21:35:12 | 000,008,956 | ---- | M] () -- C:\Users\Tizian\.recently-used.xbel
[2012.11.29 22:51:18 | 000,001,671 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.28 07:40:37 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.25 21:38:35 | 000,250,339 | ---- | M] () -- C:\Users\Tizian\Desktop\IMG_0821.JPG
[2012.11.25 21:38:13 | 000,224,987 | ---- | M] () -- C:\Users\Tizian\Desktop\IMG_0820.JPG
[2012.11.25 21:21:00 | 000,007,916 | ---- | M] () -- C:\Users\Tizian\AppData\Local\d3d9caps.dat
[2012.11.17 18:31:18 | 000,336,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.11.13 18:05:22 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.11.13 18:05:20 | 000,133,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.11.13 18:05:12 | 000,083,432 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.11.11 17:53:13 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.11.11 17:53:12 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.11.10 13:57:10 | 000,108,065 | ---- | M] () -- C:\Users\Tizian\Desktop\congstar.JPG
 
========== Files Created - No Company Name ==========
 
[2012.12.07 00:43:31 | 000,540,743 | ---- | C] () -- C:\Users\Tizian\Desktop\adwcleaner.exe
[2012.12.03 23:22:50 | 000,000,512 | ---- | C] () -- C:\Users\Tizian\Desktop\MBR.dat
[2012.12.01 21:35:12 | 000,008,956 | ---- | C] () -- C:\Users\Tizian\.recently-used.xbel
[2012.11.29 22:51:18 | 000,001,671 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.11.28 07:40:02 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.25 21:41:16 | 000,224,987 | ---- | C] () -- C:\Users\Tizian\Desktop\IMG_0820.JPG
[2012.11.25 21:41:15 | 000,250,339 | ---- | C] () -- C:\Users\Tizian\Desktop\IMG_0821.JPG
[2012.11.10 13:57:08 | 000,108,065 | ---- | C] () -- C:\Users\Tizian\Desktop\congstar.JPG
[2012.06.29 09:58:41 | 000,060,304 | ---- | C] () -- C:\Users\Tizian\g2mdlhlpx.exe
[2011.06.22 21:02:56 | 000,001,434 | ---- | C] () -- C:\Users\Tizian\AppData\Local\RecConfig.xml
[2011.03.16 21:15:05 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2011.02.06 20:39:29 | 000,019,456 | ---- | C] () -- C:\Users\Tizian\AppData\Local\WebpageIcons.db
[2010.12.27 20:30:41 | 000,000,078 | ---- | C] () -- C:\Windows\Altair_1.250.INI
[2010.01.08 16:13:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.04 19:14:46 | 000,177,150 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.01.04 19:13:33 | 000,177,150 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.01.03 18:13:41 | 000,085,504 | ---- | C] () -- C:\Users\Tizian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.02 21:25:14 | 000,007,916 | ---- | C] () -- C:\Users\Tizian\AppData\Local\d3d9caps.dat
[2008.07.01 19:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008.05.22 09:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 22:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 22:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

Die Extras.txt von OTL

Code:

ATTFilter

OTL Extras logfile created on: 09.12.2012 13:55:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Tizian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,75 Gb Available Physical Memory | 58,51% Memory free
6,19 Gb Paging File | 4,85 Gb Available in Paging File | 78,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 19,40 Gb Free Space | 13,02% Space Free | Partition Type: NTFS
Drive D: | 149,04 Gb Total Space | 7,82 Gb Free Space | 5,25% Space Free | Partition Type: NTFS
Drive E: | 139,28 Gb Total Space | 45,00 Gb Free Space | 32,31% Space Free | Partition Type: NTFS
Drive F: | 149,04 Gb Total Space | 122,19 Gb Free Space | 81,98% Space Free | Partition Type: NTFS
 
Computer Name: TIZIAN-PC | User Name: Tizian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-3697480073-924179132-2046094984-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{49E5A8F5-713F-4748-A690-A47BDCB4067D}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{4D21E7DD-CE13-46E0-98F8-DE66D884104F}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AD0D42-67A5-44E4-B018-7EB6E057AE0F}" = protocol=17 | dir=in | app=c:\users\tizian\appdata\roaming\dropbox\bin\dropbox.exe | 
"{040A6A9A-2598-4581-9D39-91886659A6DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1224D520-E8DB-4157-B137-771288682E21}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1941EEF4-BAAD-4C5B-BABA-947F8596F615}" = protocol=6 | dir=in | app=e:\tobit radio.fx\client\rfx-client.exe | 
"{1A831430-E460-4D66-9695-7C6B5D9D6C42}" = protocol=17 | dir=in | app=e:\tobit radio.fx\server\rfx-server.exe | 
"{2A3CDAB4-FAA1-4BA8-B2EA-E7F1F77BD7B9}" = protocol=17 | dir=in | app=c:\users\tizian\appdata\local\akamai\netsession_win.exe | 
"{2F270881-2730-4988-BABC-B00A8381A7E9}" = protocol=6 | dir=in | app=c:\users\tizian\appdata\local\akamai\netsession_win.exe | 
"{4E90AC87-B446-42AE-BC9F-916968D3CC96}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{58CE9B10-FD55-4093-8CE0-6D932E735327}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{5AEA9B8B-1C60-4018-A38A-BD90C06268D9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5C409830-0926-445A-B8FB-771D08E8FBEB}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{657DDAC1-149E-4B37-9CB2-2DC8C5DD6238}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{67EA182D-E8D8-47E3-BFC9-9F6A8C9B0DBA}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{6ACD2CED-B420-448D-88B6-3B6DE54779D3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6C3035A2-5347-4EE8-82CF-C3D7F99DB46F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{6E8E52BB-B3F5-4812-9B09-C703E2316295}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{7A466D84-874B-4E3B-A3C0-5F9FA3DAAE10}" = dir=in | app=c:\users\tizian\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{7DD97539-CFA2-4490-8BDD-7066254877B7}" = protocol=6 | dir=in | app=e:\tobit radio.fx\server\rfx-server.exe | 
"{7F2F97DF-199B-4FE1-B053-D2CFADDD9084}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{8B1F975E-2A79-4AB7-BD27-2C3DB133A239}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E1B6846-885C-4886-8C5A-DB506492A711}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{93393AD2-F316-423C-A53C-6ED5A3881AC5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A2941A56-F942-4318-821F-8C1E082870FD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A6AB8BF4-F25F-4728-8497-C05AEC9BDDD5}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{AC955B0B-20FF-42B9-8692-5543F51FD402}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{B1D14B06-933E-498A-8465-3CFD5F8757BB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{B3BFCD58-244A-4F50-B575-39B846326776}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{C97FBF44-FDE7-4DB4-82D8-B8E4E197DD5D}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{CC872B75-14EA-46CB-924A-BE74A60259E8}" = protocol=17 | dir=in | app=e:\tobit radio.fx\client\rfx-client.exe | 
"{D25C53FD-3F09-4513-B7FC-FC2F155B6E75}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{D9D533E1-BEAA-4415-ACB4-9851769A842D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DD100F57-C09A-45E1-89A8-944AAFEF2225}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{DE9E5D78-D0DB-446D-A281-265C5849FE01}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{E1D3A8D4-8B67-4C2E-9F1D-88112D6166F0}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe | 
"{EC882E42-34D4-4E81-AC53-73C2BBB63812}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{FFEBD48D-A15C-4D00-9909-5B8E705BA189}" = protocol=6 | dir=in | app=c:\users\tizian\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{0790D541-FF7B-473E-B166-985B76A1EB09}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{1AD0180B-779C-439F-832D-952086936961}C:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"TCP Query User{28658F92-EBA5-403A-A573-30045C26E005}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"TCP Query User{2FE056E5-314F-4AD3-92CE-2401DC7A8E56}C:\program files\steam\steamapps\thiezzz\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\thiezzz\team fortress 2\hl2.exe | 
"TCP Query User{5734368B-E726-4660-B6CA-59F624ACDE88}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{62FCB79E-47C6-4698-904E-90252A09D599}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{6ABEC431-25A7-479F-9121-76522138D40D}C:\users\tizian\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\tizian\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{6B16312F-F979-4433-9B1C-612F9312F8B5}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{7A06171D-17CD-4B9B-98A8-7F1A94B84896}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe | 
"TCP Query User{7F518AA1-CAF0-449B-86CD-A86E0AA5502E}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{81C23710-32F8-48F0-8B63-534C8CEC44BF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{8386E7A3-1FAC-4495-9A9E-B6E1F5103A1A}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{8629486D-1F91-47F1-A04B-3CCB536A5F70}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{8E356E42-2438-4642-A867-C24A6F8DBDD8}C:\program files\flightgear\bin\win32\fgfs.exe" = protocol=6 | dir=in | app=c:\program files\flightgear\bin\win32\fgfs.exe | 
"TCP Query User{A6D489B7-3375-45E1-8AEC-465F8D7533F9}C:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"TCP Query User{C3675F75-087A-4FAE-B81B-E37B3AB44607}C:\users\tizian\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\tizian\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{CFD9FF78-F7C3-4356-A932-DCCF75F6B3F8}C:\users\tizian\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\tizian\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{E3659A3F-A049-415D-8523-9095292DB3DD}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{08A4E1A0-23D8-498C-80FF-4688877C860A}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{2B679D0A-72B0-45B9-BBFC-BC191B51AB50}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{3115272B-FF2E-480D-BBB9-AD95A47F7D42}C:\users\tizian\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\tizian\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{4583DD82-EAAF-4C8D-9E80-61D7FF538E3B}C:\users\tizian\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\tizian\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{62A3308E-74DF-488E-8772-7B1B0B20F3E4}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{633D00DB-F227-4168-89B2-605E4B0E9A72}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"UDP Query User{644C7C60-A7DA-4CB9-9707-52ACF40CA698}C:\users\tizian\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\tizian\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{84A0C7E8-3385-44E1-9980-DE99D88E123B}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{A6950D22-B51F-45BE-A1EA-6D6DA4BB562C}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{AFE68AA8-6D37-4DDA-840F-132661D45E04}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{B6F3DBDB-0F44-4764-B6D7-317F31A167D4}C:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"UDP Query User{C60625BC-1DFB-442C-A7C0-A771F24B666E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{CA15448D-FFC8-4CBF-B906-32F5E395BBB1}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe | 
"UDP Query User{D3A69AB7-AF01-4DC3-A451-55D76E9E7B4C}C:\program files\steam\steamapps\thiezzz\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\thiezzz\team fortress 2\hl2.exe | 
"UDP Query User{E28FE486-42B1-4A4D-A8B8-CC75A4E44110}C:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"UDP Query User{EE07E2A6-2882-4EF1-A17C-7007637E6C55}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe | 
"UDP Query User{EFE78845-8AA0-4718-8667-DFF8D820819A}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{F0474BD4-6EA8-4DFD-8E21-D59CEE937F49}C:\program files\flightgear\bin\win32\fgfs.exe" = protocol=17 | dir=in | app=c:\program files\flightgear\bin\win32\fgfs.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B6C0E95-182C-48E0-9C4B-4F916308249C}" = iTunes
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27ACB3B0-7D93-4A24-A3E0-E439C25949AD}" = Green Line NEW 3 Bayern Sprachtrainer Kommunikation
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.89
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron Version SRWare Iron 19.0.1100.0
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}" = ASUS Security Protect Manager
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DE66EFAD-B9CC-4FD4-9157-6C18E5100161}" = Dolby Control Center
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts
"{FC3D290D-79BE-44B7-ABF9-FDD110925930}" = P4P
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface Service
"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"C-Media Card Reader Driver USB2.0" = C-Media Card Reader Driver USB2.0
"DivX Setup" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.5.3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.2.0
"Free Video Dub_is1" = Free Video Dub version 2.0.5.221
"Free YouTube Download_is1" = Free YouTube Download version 3.1.31.706
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.36.1201
"Frozen-Bubble_is1" = Frozen-Bubble 1.0
"iTSfv_is1" = iTSfv 5.61.2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OpenAL" = OpenAL
"Pidgin" = Pidgin
"SpeedFan" = SpeedFan (remove only)
"Steam App 410" = Portal: First Slice
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TIPP10_is1" = TIPP10 Version 2.1.0
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"USB2.0 1.3M UVC WebCam" = USB2.0 1.3M UVC WebCam
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VLC media player 2.0.2
"WheelMouse" = Advanced Wheel Mouse 6.0.0.002
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 3.0.8.5
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3697480073-924179132-2046094984-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 5.1.0.880
"pdfsam" = pdfsam
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.12.2012 03:31:16 | Computer Name = Tizian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6443
 
Error - 08.12.2012 06:51:38 | Computer Name = Tizian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.12.2012 10:48:25 | Computer Name = Tizian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.12.2012 10:48:25 | Computer Name = Tizian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9111
 
Error - 08.12.2012 10:48:25 | Computer Name = Tizian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9111
 
Error - 08.12.2012 15:48:45 | Computer Name = Tizian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 08.12.2012 15:48:45 | Computer Name = Tizian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3026
 
Error - 08.12.2012 15:48:45 | Computer Name = Tizian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3026
 
Error - 09.12.2012 08:34:08 | Computer Name = Tizian-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.12.2012 08:50:52 | Computer Name = Tizian-PC | Source = WinMgmt | ID = 10
Description = 
 
[ ASUS Security Protect Manager Events ]
Error - 14.08.2012 12:01:14 | Computer Name = Tizian-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Tizian@TIZIAN-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 16.08.2012 09:28:39 | Computer Name = Tizian-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Tizian@TIZIAN-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 17.08.2012 08:00:16 | Computer Name = Tizian-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Tizian@TIZIAN-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 13.09.2012 13:14:51 | Computer Name = Tizian-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Tizian@TIZIAN-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 21.09.2012 22:05:00 | Computer Name = Tizian-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Tizian@TIZIAN-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 27.09.2012 11:02:05 | Computer Name = Tizian-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Tizian@TIZIAN-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 06.10.2012 07:49:47 | Computer Name = Tizian-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Tizian@TIZIAN-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 10.10.2012 14:29:10 | Computer Name = Tizian-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Tizian@TIZIAN-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 08.12.2012 06:50:56 | Computer Name = Tizian-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Tizian@TIZIAN-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
Error - 09.12.2012 08:34:51 | Computer Name = Tizian-PC | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    Benutzer: Tizian@TIZIAN-PC
Anmeldeinformationen:
 Kennwort   Fehler: (0xC516020B) Anmeldung fehlgeschlagen.  Überprüfen Sie, ob Benutzername
 und Domäne korrekt sind, und geben Sie Ihr Kennwort erneut ein.  Bei Kennwörtern
 wird die Groß- und Kleinschreibung beachtet.  Stellen Sie sicher, dass die Feststelltaste
 nicht aktiviert ist.
 
[ System Events ]
Error - 21.01.2010 10:42:02 | Computer Name = Tizian-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 21.01.2010 10:42:34 | Computer Name = Tizian-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 22.01.2010 11:23:56 | Computer Name = Tizian-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.01.2010 11:24:29 | Computer Name = Tizian-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 22.01.2010 14:50:36 | Computer Name = Tizian-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.01.2010 14:51:17 | Computer Name = Tizian-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 23.01.2010 15:41:44 | Computer Name = Tizian-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 23.01.2010 15:41:44 | Computer Name = Tizian-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.01.2010 11:29:36 | Computer Name = Tizian-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 24.01.2010 11:30:03 | Computer Name = Tizian-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >

cosinus · 09.12.2012, 18:04

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKLM..\Run: [TQ566808] "G:\Setup.exe" File not found
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray File not found
O4 - HKU\S-1-5-21-3697480073-924179132-2046094984-1000..\Run: [feedreader.exe] "C:\Program Files\FeedReader30\feedreader.exe" File not found
O4 - HKU\S-1-5-21-3697480073-924179132-2046094984-1000..\Run: [ICQ] "C:\Program Files\ICQ7.6\ICQ.exe" silent loginmode=4 File not found
O4 - HKU\S-1-5-21-3697480073-924179132-2046094984-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
[2012.12.03 23:22:50 | 000,000,512 | ---- | M] () -- C:\Users\Tizian\Desktop\MBR.dat
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

arnto · 15.12.2012, 23:28

Das hat nicht ganz geklappt: Nach dem Drücken auf Fix verschwinden die Desktopsymbole, die Symbolleiste und alles andere bis auf das OTL-Fenster. Der Fix läuft bis auf die letzten zwei Zeilen durch, danach stürzt OTL ab und ich musste den PC neu starten. Ein Log wurde nicht erstellt. Was jetzt?

cosinus · 16.12.2012, 15:03

Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus.

16.12.2012, 15:03	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Avira Antivir findet JAVA/Agent.LP und JAVA/Kalika.D Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus. __________________ Logfiles bitte immer in CODE-Tags posten

Avira Antivir findet JAVA/Agent.LP und JAVA/Kalika.D

Log-Analyse und Auswertung: Avira Antivir findet JAVA/Agent.LP und JAVA/Kalika.D