tcbhn wurde beendet und geschlossen

stumpfi53 · 24.05.2013, 10:15

hallo ich habe mir diesen tcbhn fehler eingefangen. die tcbhn meldung kommt immer wieder.wie ich hier las ist jedes problem einzeln zu beheben. wer kann mir helfen. Google chrome funktioniert auch nicht mehr. geht zwar auf aber nach paar sekunden schließt chrome wieder. der pc läuft auch sehr langsam.

markusg · 24.05.2013, 10:15

hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

stumpfi53 · 24.05.2013, 23:17

danke für die rasche hilfe.

markusg · 24.05.2013, 23:19

Hi,
das is ja schon mal die Hälfte der Logs

stumpfi53 · 24.05.2013, 23:24

hi ich muss die OTL auf 2 beiträge aufteilen. datei zu groß.

OTL logfile created on: 24.05.2013 23:24:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Celina\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,93 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 57,59% Memory free
6,09 Gb Paging File | 4,83 Gb Available in Paging File | 79,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,09 Gb Total Space | 54,85 Gb Free Space | 19,24% Space Free | Partition Type: NTFS

Computer Name: CELINA-PC | User Name: Celina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.05.24 22:49:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Celina\Downloads\OTL.exe
PRC - [2013.05.23 19:04:02 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.04.07 10:55:02 | 000,015,152 | ---- | M] () -- C:\Windows\System32\jmdp\stij.exe
PRC - [2013.04.07 10:54:58 | 001,156,400 | ---- | M] () -- C:\Windows\System32\dmwu.exe
PRC - [2013.02.18 12:49:58 | 000,590,848 | ---- | M] (Blabbers Communications Ltd) -- C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe
PRC - [2013.02.08 16:10:08 | 001,644,680 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2013.01.27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\NisSrv.exe
PRC - [2013.01.27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2013.01.27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2013.01.05 18:10:35 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2012.12.25 10:53:30 | 002,547,816 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
PRC - [2012.11.29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012.10.04 17:34:36 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2012.08.15 20:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.30 23:45:22 | 000,231,576 | ---- | M] () -- C:\Programme\otshot\ZalmanUpdateService.exe
PRC - [2012.03.27 16:58:08 | 000,692,888 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\BrowserCompanion\tcbhn.exe
PRC - [2012.02.02 15:32:52 | 000,018,432 | ---- | M] () -- C:\Users\Celina\AppData\LocalLow\ReminderFox\IE\ReminderFoxUpdater.exe
PRC - [2011.08.12 18:13:26 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.03.30 17:44:58 | 001,324,008 | ---- | M] (Iminent) -- C:\Programme\Iminent\IMBooster\IMBooster.exe
PRC - [2010.09.15 10:37:40 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgdersvc.exe
PRC - [2010.09.15 10:33:32 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.05.07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.07 17:26:28 | 001,038,136 | ---- | M] (Packard Bell BV) -- C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe
PRC - [2008.03.03 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

========== Modules (No Company Name) ==========

MOD - [2013.05.23 19:03:46 | 003,128,728 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2013.05.16 22:22:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll
MOD - [2013.05.16 09:57:07 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll
MOD - [2013.04.07 10:55:02 | 000,015,152 | ---- | M] () -- C:\Windows\System32\jmdp\stij.exe
MOD - [2013.04.07 10:54:20 | 000,306,176 | ---- | M] () -- C:\Windows\System32\jmdp\lmrn.dll
MOD - [2013.02.15 16:58:36 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\d186bf251ae14af93b3a943d472ee9f5\System.Web.Services.ni.dll
MOD - [2013.02.15 16:58:33 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll
MOD - [2013.02.05 09:25:06 | 000,362,029 | ---- | M] () -- C:\Windows\System32\jmdp\sqlite3.dll
MOD - [2013.01.11 13:05:58 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013.01.11 13:05:22 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013.01.11 13:04:05 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013.01.11 13:03:48 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012.12.25 10:53:30 | 002,547,816 | ---- | M] () -- C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
MOD - [2012.12.25 10:51:45 | 002,202,728 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2012.03.27 16:58:08 | 000,692,888 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\BrowserCompanion\tcbhn.exe
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.30 17:45:12 | 000,016,360 | ---- | M] () -- C:\Programme\Iminent\IMBooster\de\Iminent.Booster.UI.resources.dll
MOD - [2011.03.30 17:45:06 | 000,236,520 | ---- | M] () -- C:\Programme\Iminent\IMBooster\Iminent.Windows.dll
MOD - [2011.03.30 17:45:06 | 000,218,600 | ---- | M] () -- C:\Programme\Iminent\IMBooster\Iminent.Workflow.dll
MOD - [2011.03.30 17:45:04 | 001,869,288 | ---- | M] () -- C:\Programme\Iminent\IMBooster\Iminent.Services.dll
MOD - [2011.03.30 17:45:02 | 000,041,960 | ---- | M] () -- C:\Programme\Iminent\IMBooster\Iminent.Business.TinyUrl.dll
MOD - [2011.03.30 17:45:00 | 000,337,896 | ---- | M] () -- C:\Programme\Iminent\IMBooster\Iminent.Booster.UI.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

========== Services (SafeList) ==========

SRV - [2013.05.23 19:04:02 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.15 16:56:22 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.07 10:54:58 | 001,156,400 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dmwu.exe -- (IBUpdaterService)
SRV - [2013.02.28 19:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.01.27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.12.25 10:53:30 | 002,547,816 | ---- | M] () [Auto | Running] -- C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect)
SRV - [2012.11.29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.05.30 23:45:22 | 000,231,576 | ---- | M] () [Auto | Running] -- C:\Programme\otshot\ZalmanUpdateService.exe -- (otshot)
SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.02.02 15:32:52 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\Celina\AppData\LocalLow\ReminderFox\IE\ReminderFoxUpdater.exe -- (ReminderFoxUpdater)
SRV - [2011.08.12 18:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.09.15 10:37:40 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc)
SRV - [2010.09.15 10:33:32 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.05.07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.01.08 18:44:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 04:23:24 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:23:24 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013.05.24 21:42:14 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50AD74FE-0560-463F-A9AE-EB7D0EFA3A27}\MpKsl484af71c.sys -- (MpKsl484af71c)
DRV - [2013.01.20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012.10.11 05:08:38 | 000,034,432 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2012.10.11 05:08:36 | 000,025,088 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012.04.22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.01.09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.08.02 16:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010.11.10 04:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2010.11.10 04:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.09.15 10:37:40 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.09.15 10:33:32 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.06.23 11:23:46 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.05.07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus)
DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl)
DRV - [2010.04.27 04:25:12 | 000,123,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2010.04.27 04:25:12 | 000,098,560 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus)
DRV - [2010.04.27 04:25:12 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2010.01.12 06:42:22 | 000,241,696 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.06.10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008.04.28 00:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0309&m=easynote_mh45
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=41179&tid=397&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=41179&tid=397&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=41179&tid=397&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41179&home=true&tid=397
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={8F504842-4628-11E2-9321-00238B86E39C}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.certified-toolbar.com?si=41179&tid=397&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://search.certified-toolbar.com?si=41179&tid=397&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.certified-toolbar.com?si=41179&tid=397&bs=true&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41179&home=true&tid=397
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://search.certified-toolbar.com?si=41179&home=true&tid=397
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAvan.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=f1f001d2-77b1-42ba-ad8b-4fdb6874a94d&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{630FD045-91C5-9970-69E4-09088733D902}: "URL" = hxxp://search.certified-toolbar.com?si=41179&bs=true&tid=397&q={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzuyEtN2Y1L1QzutDtDtBtAzz0BzzyC0EtAzy0C0Ezz0A0CtN0D0Tzu0CtBtDtAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=92 2416930
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=417&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={8F504842-4628-11E2-9321-00238B86E39C}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = hxxp://search.iminent.com/?appId=2aa335d9-62df-4643-96ae-16c0d5deae0f&ref=homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114506&tt=0113_8&babsrc=HP_clro&mntrId=b69ee8ac0000000000000017c4735219
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=2&o=vp32&d=0309&m=easynote_mh45
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=f1f001d2-77b1-42ba-ad8b-4fdb6874a94d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=f1f001d2-77b1-42ba-ad8b-4fdb6874a94d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41179&home=true&tid=397
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appId=2aa335d9-62df-4643-96ae-16c0d5deae0f&ref=homepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=f1f001d2-77b1-42ba-ad8b-4fdb6874a94d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = hxxp://search.certified-toolbar.com?si=41179&tid=397&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.certified-toolbar.com?si=41179&tid=397&bs=true&q=
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=f1f001d2-77b1-42ba-ad8b-4fdb6874a94d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41179&home=true&tid=397
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://search.certified-toolbar.com?si=41179&home=true&tid=397
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=DE&userid=f1f001d2-77b1-42ba-ad8b-4fdb6874a94d&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{09383BC6-A656-4BC2-94D6-66FE2EEA2FFD}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=0113_8&babsrc=SP_clro&mntrId=b69ee8ac0000000000000017c4735219
IE - HKCU\..\SearchScopes\{1BEB2628-4B70-43CE-8285-B466476CDB29}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_deDE330
IE - HKCU\..\SearchScopes\{20489C2F-7CA7-4C2E-8F90-8E4B9AE5E30E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_deDE330
IE - HKCU\..\SearchScopes\{5D3D9B27-CA75-45B0-976A-0DDE60D3F70C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=bc853243-c0a3-4e93-953a-3f0e7984f695&apn_sauid=BE8ED578-BD22-4C89-A5C8-6BACA4FAD4B6
IE - HKCU\..\SearchScopes\{630FD045-91C5-9970-69E4-09088733D902}: "URL" = hxxp://search.certified-toolbar.com?si=41179&bs=true&tid=397&q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACPW_deDE330&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=tauU6RA_xqZOyaaUt4E002PZHyc?q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=417&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://mystart.incredibar.com/mb155/?search={searchTerms}&loc=IB_DS&a=6PQA3iHIBb&i=26
IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb203?a=6PR0m4kmFl&search={searchTerms}&i=26
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={8F504842-4628-11E2-9321-00238B86E39C}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..backup.old.browser.search.defaultenginename: "SearchTheWeb"
FF - prefs.js..backup.old.browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.iminent.com/?appId=2aa335d9-62df-4643-96ae-16c0d5deae0f&ref=homepage"
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Claro Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredibar.com/mb203?a=6PR0m4kmFl&i=26|hxxp://search.iminent.com/?appId=2aa335d9-62df-4643-96ae-16c0d5deae0f&ref=homepage"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb203?a=6PR0m4kmFl&i=26&search="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Celina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.01.05 18:11:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.23 19:04:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.13 17:49:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.15 23:19:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension [2013.01.05 20:07:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.23 19:04:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.13 17:49:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.05.15 23:19:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011.08.09 13:45:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\Extensions
[2010.09.01 20:56:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.05.23 16:18:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\Firefox\Profiles\d92375a8.default\extensions
[2013.05.22 22:31:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Celina\AppData\Roaming\mozilla\Firefox\Profiles\d92375a8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.07.28 20:15:58 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Celina\AppData\Roaming\mozilla\Firefox\Profiles\d92375a8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.07.04 16:54:25 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Celina\AppData\Roaming\mozilla\Firefox\Profiles\d92375a8.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
[2012.07.27 21:51:34 | 000,000,000 | ---D | M] (Certified Toolbar) -- C:\Users\Celina\AppData\Roaming\mozilla\Firefox\Profiles\d92375a8.default\extensions\{dc8881ef-7ab2-4f5d-b262-f6cabc04f8b0}
[2012.02.06 16:08:52 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Celina\AppData\Roaming\mozilla\Firefox\Profiles\d92375a8.default\extensions\addon@reminderfox.org
[2012.07.05 15:19:19 | 000,000,000 | ---D | M] (Ginyas Browser Companion) -- C:\Users\Celina\AppData\Roaming\mozilla\Firefox\Profiles\d92375a8.default\extensions\bbrs_002@blabbers.com
[2013.05.22 22:31:25 | 000,000,000 | ---D | M] ("Giant Savings") -- C:\Users\Celina\AppData\Roaming\mozilla\Firefox\Profiles\d92375a8.default\extensions\crossriderapp4479@crossrider.com
[2012.12.04 21:04:16 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\Celina\AppData\Roaming\mozilla\Firefox\Profiles\d92375a8.default\extensions\ffxtlbr@babylon.com
[2012.07.27 21:51:13 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Celina\AppData\Roaming\mozilla\Firefox\Profiles\d92375a8.default\extensions\ffxtlbr@funmoods.com
[2012.06.10 15:13:32 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Celina\AppData\Roaming\mozilla\Firefox\Profiles\d92375a8.default\extensions\ffxtlbr@incredibar.com
[2013.03.18 22:18:37 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Celina\AppData\Roaming\mozilla\Firefox\Profiles\d92375a8.default\extensions\toolbar@ask.com
[2013.05.22 22:31:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\Firefox\Profiles\d92375a8.default\extensions\crossriderapp4479@crossrider.com\chrome\content\extensionCode
[2012.08.23 09:30:22 | 000,101,863 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\ciuvo-extension@icq.de.xpi
[2012.12.13 22:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013.02.25 22:51:13 | 000,021,487 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\plugin@yontoo.com.xpi
[2013.05.22 22:31:34 | 000,282,569 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2012.12.27 21:38:28 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.05.23 16:18:17 | 000,269,448 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.01.12 12:29:15 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013.02.04 21:26:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4 ae9424591b_expire
[2012.06.03 21:27:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0b0a2599f44d1020163e86 09e8c344c8_expire
[2013.02.17 14:15:05 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0bb66476c57d47d5a6fb7e 7674377c0d_expire
[2013.02.28 18:40:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1d8715bd00dbafbff504a0 b9666c85e1_expire
[2013.02.17 14:15:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\21a6fdff5cdeec15248bec 4975ed92cb_expire
[2012.06.10 15:02:18 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\21d2bb231d3c04f5b64342 20b2b1cb9e_expire
[2013.02.28 18:39:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\24779e9d2de93d13d7e07b 527a1684d4_expire
[2012.06.03 21:27:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\28a66dcbc42f487b74bf70 75f325b374_expire
[2013.02.28 18:39:56 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6 b90d079658_expire
[2013.02.19 22:07:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a86ac4f3322238b4f27d1 4a09839275_expire
[2012.09.09 20:52:15 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2aa36605cf6813c4f900fe 3b9f825f38_expire
[2012.08.12 13:55:40 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2e74403c227112bec52379 6d5a77d77e_expire
[2012.06.03 21:27:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\30c5a5f3cac664f14898d4 ff02c8b8aa_expire
[2012.11.15 20:44:42 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\318a60c11319c3e2ba7a0c 842afb07b8_expire
[2012.08.16 23:05:08 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3b507b6d0186efd3615b9b 9233c5f708_expire
[2012.06.05 21:00:32 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3ee6bbef623a0ac7077352 d3a4953dd7_expire
[2012.08.28 21:57:18 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4ad053d40dfa5cab7948e9 251df6e3d9_expire
[2013.02.25 22:52:12 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a 49b26be41f_expire
[2012.06.10 15:02:18 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5d5c3541c8187f3a48d4f7 2f4374009c_expire
[2013.03.01 13:01:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5f9c09c99c058ffa5befab 6cbe17f7d4_expire
[2012.10.01 17:12:35 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\608fb1265439dbf7f648e0 4f0f11d4c1_expire
[2012.09.02 12:19:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\61e2ae11ba3d1cbe8887ea 80f192e299_expire
[2012.06.10 15:02:18 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6a8ef73701ad78f92631cc abc37a9b58_expire
[2012.12.30 22:38:34 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6ec88a37be1bea7fa99383 e8b8c69afe_expire
[2013.02.28 18:40:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\70c2a96a431c22c0f2f583 2c6ebabf40_expire
[2013.01.09 11:24:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\719f6985083c6f0c2a8fef 7aa1f75d63_expire
[2013.03.01 13:01:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\72891ec935a3d247f2da65 62ef29a005_expire
[2013.01.14 12:45:48 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\7897897b2fe8740a8b1cda 5290f14fb3_expire
[2013.03.01 13:01:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\7c703b5a324924a63df3f6 2c4c95fae8_expire
[2012.06.03 21:27:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\83efd7b1964c50bb7cce42 72a9a96e90_expire
[2012.12.13 12:22:32 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8a8dc36effa0a0300d6fb1 a383936a49_expire
[2012.06.03 21:27:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8f38426a71d2ff9849ef42 7e4cdfbea6_expire
[2012.11.21 23:26:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8ffbb13aa6f702b0cafab3 91f90d1db7_expire
[2012.12.19 19:30:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\92194431db7be5da81e123 9636d98155_expire
[2012.06.10 15:02:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\93aa59562815aa22d93923 c7215ac7f1_expire
[2013.02.19 22:07:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9ef5e4c08312c8e6d81dfd 42b7176e39_expire
[2012.08.12 22:05:01 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a35ec2adf572a908b47081 c94acefc6d_expire
[2013.03.01 13:01:25 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8 fd995f57a6_expire
[2013.03.01 13:01:24 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a7e0abb80dabcdbb6dbaec 920aa126a0_expire
[2013.02.28 18:40:00 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\addabc0e1349eebead0353 2357f33ad8_expire
[2013.01.16 22:09:22 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\adf275b6644b3fcac86a14 ffe551dede_expire
[2012.09.14 22:57:53 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b98ec85a6f6b5dca57a81c 971a2ec1f5_expire
[2012.06.10 15:02:18 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bd75b259da6df295d57bcf 03a94e1ba6_expire
[2013.02.28 18:39:57 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bf73732e1f0b76bac43529 3ba3880579_expire
[2012.06.05 21:00:35 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c4a4e7d52f3f8044d9a639 a16862ea54_expire
[2012.10.26 21:26:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ca270719b0852041725973 84bb29b44d_expire
[2012.10.26 21:26:26 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb647c72e5b13b52d1392 c603dcfde6_expire
[2012.08.19 17:17:16 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cbb69a449d3e39b3a3781f fb1d7fa52b_expire
[2012.08.19 17:17:17 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d6867a63f98943c5d45ac3 e1e96e45bb_expire
[2012.08.26 18:53:13 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d83bb387de1d7c4401815e 133de06c6b_expire
[2012.12.19 19:30:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\d89bfd841403290d610bcf 662008b443_expire
[2012.08.25 20:40:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dc6668d28979688b1e2066 d1dcaef0f6_expire
[2012.09.14 22:57:53 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e02b35320e5111f1b62646 6c13c70a0a_expire
[2012.08.25 20:40:44 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e7215b147326809c45f6cf 0952274624_expire
[2013.02.28 18:39:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c4 26e4264271_expire
[2012.11.15 20:44:41 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece5f266221b5245c6e3d7 e27ddee963_expire
[2012.10.01 17:12:35 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ece71b71690fad200cbed9 5871ef4bb2_expire
[2013.02.28 18:39:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ef8b53537a5678ed1fcb65 662c69bced_expire
[2013.02.28 18:39:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f03527c67e08602d2e4c18 ae7867300d_expire
[2013.02.28 18:39:59 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f6aecfda2ad6d99e917e4b 2cd6b18978_expire
[2013.02.25 22:52:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d 91dfbe0d6b_expire
[2012.09.02 12:19:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fb2a2d37c3a5abdb2d5c51 d90fdaebc4_expire
[2013.02.25 22:52:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9e f4062b1c6f_expire
[2013.03.18 22:18:37 | 000,002,344 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\askcom.xml
[2012.12.04 21:04:22 | 000,002,432 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\babylon1.xml
[2012.12.08 23:43:48 | 000,002,402 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\bingp.xml
[2013.01.05 20:07:29 | 000,001,300 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\claro.xml
[2012.11.06 18:32:50 | 000,000,931 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\conduit.xml
[2013.05.22 22:27:19 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-1.xml
[2011.03.03 22:29:08 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-10.xml
[2011.03.09 12:06:31 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-11.xml
[2011.03.24 00:10:44 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-12.xml
[2011.04.30 15:48:53 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-13.xml
[2011.06.22 11:13:43 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-14.xml
[2011.08.09 14:33:20 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-15.xml
[2011.09.02 21:58:23 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-16.xml
[2011.09.02 22:03:24 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-17.xml
[2011.09.02 22:08:14 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-18.xml
[2011.09.02 22:25:31 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-19.xml
[2010.06.30 21:23:42 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-2.xml
[2011.10.04 21:35:02 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-20.xml
[2011.10.05 17:51:34 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-21.xml
[2011.11.10 21:40:11 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-22.xml
[2011.11.15 16:12:02 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-23.xml
[2011.12.02 18:18:34 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-24.xml
[2011.12.22 14:47:31 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-25.xml
[2012.01.06 17:34:45 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-26.xml
[2012.01.19 11:12:23 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-27.xml
[2012.03.25 09:48:51 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-28.xml
[2012.04.04 14:09:09 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-29.xml
[2010.07.04 20:54:11 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-3.xml
[2012.04.06 16:24:00 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-30.xml
[2012.05.17 20:53:17 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-31.xml
[2012.08.04 22:19:42 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-32.xml
[2012.08.22 09:26:26 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-33.xml
[2012.09.14 22:57:01 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-34.xml
[2012.12.13 12:20:33 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-35.xml
[2012.12.15 12:51:19 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-36.xml
[2013.01.08 15:25:54 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-37.xml
[2013.01.09 11:31:17 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-38.xml
[2013.01.11 14:58:34 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-39.xml
[2010.07.25 11:59:32 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-4.xml
[2013.01.11 18:37:51 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-40.xml
[2013.01.12 12:27:15 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-41.xml
[2013.03.15 16:15:44 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-42.xml
[2010.07.25 17:49:22 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-5.xml
[2010.09.17 14:51:29 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-6.xml
[2010.10.21 10:56:18 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-7.xml
[2010.10.28 21:20:33 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-8.xml
[2010.11.03 23:48:26 | 000,000,950 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin-9.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\icqplugin.xml
[2012.12.04 21:04:25 | 000,002,536 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\mngr.xml
[2013.05.05 22:38:45 | 000,002,120 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\MyStart Search.xml
[2012.07.27 21:51:26 | 000,002,337 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\Search.xml
[2011.08.09 14:10:18 | 000,002,497 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\SearchResults.xml
[2013.01.21 18:31:07 | 000,002,230 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\SearchTheWeb.xml
[2012.12.14 21:59:33 | 000,003,998 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\sweetim.xml
[2012.09.23 16:00:45 | 000,002,469 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\mozilla\firefox\profiles\d92375a8.default\searchplugins\Web Search.xml
[2013.05.23 19:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.02.01 11:23:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.11.20 16:26:00 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Programme\Mozilla Firefox\extensions\webbooster@iminent.com
[2013.05.23 19:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.23 19:04:04 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.09.01 13:45:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013.01.05 18:10:43 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2009.03.24 11:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2013.01.05 20:06:12 | 000,006,522 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.08.09 14:10:18 | 000,002,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2010.07.10 12:21:02 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml
[2012.07.05 15:16:45 | 000,003,267 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Web Search.xml

========== Chrome ==========

CHR - default_search_provider: UTF-8, icon_url: hxxp://www.google.com/favicon.ico, id: 2, instant_url: {google:baseURL}webhp?sourceid=chrome-instant&{google:RLZ}{google:instantEnabledParameter}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}{google

mniboxStartMarginPar ameter}ie={inputEncoding}, keyword: google.de, name: Google, prepopulate_id: 1, search_terms_replacement_key: espv, search_url: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}, suggest_url: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter} (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://search.avira.com/?l=dis&o=APN10261&gct=hp&dc=EU&locale=de_DE, homepage_is_newtabpage: false
CHR - Extension: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYGr7n8PLb+LRt0x7+5n4yZPPtBu6HOub3BaxduHOABvX3rtwMwI9hHmnH6Ma24PAzz8wJ8vXHGc8QTOMCjteA+bAhFEfmNmum8o8YXQ6gEMdBEj JkPGD9TYJX+kpMzLujZim+7O33AkH3jSX9lN24yQYmeyWKf+n0NGa6J2l5XwIDAQAB, name: Avira Toolbar, permissions: [ bookmarks, contextMenus, cookies, geolocation, history, idle, management, notifications, tabs, unlimitedStorage, hxxp://*/*, https://*/*, chrome://favicon/*, chrome-internal://newtab/ ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.22.42172_0\
CHR - Extension: Funmoods, permissions: [ tabs, cookies, hxxp://*/*, *://*.facebook.com/, hxxp://addon.greetingmoods.com/, *://igor.funmoods.com/*, *://f.funmoods.com/* ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.1.3_0\
CHR - Extension: Movie2kDownloader, permissions: [ contextMenus, tabs, hxxp://*/*, https://*/* ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\
CHR - Extension: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4V8Oznt0OvrC3tBkDH6OobBG3RlEu8rHmyAy5hxzRsXeDaRgnmTjf8TNpTtAzOkvJvVceBKO4k683QijVFLOQY29JI6Zow3vI86PWRQ+ca1s9lC K0FczAxk2Fq9GgpsDVWgQ9Sl4EwvKWQRokalZtV+acWX/S5XxxAKfvUovEOwIDAQAB, name: Montiera Chrome Toolbar, permissions: [ tabs, hxxp://*/, notifications ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmbgdmijgopggjaelphhajpjldacbnba\1.0_0\
CHR - Extension: Ginyas Browser Companion = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
CHR - Extension: 23, name: Neuer Tab, permissions: [ storage, unlimitedStorage, contextMenus, webNavigation, history, bookmarks, tabs, management, topSites, chrome://favicon/, hxxp://*/*, https://*/* ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\8.2_0\
CHR - Extension: Claro Toolbar, permissions: [ tabs ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl\1.4_0\
CHR - Extension: Babylon Toolbar, permissions: [ tabs, hxxp://*/ ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\
CHR - Extension: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLu0oa5zhFoZIcej9K72PcWn5Hlkycp97SUqjY6L7qyT6U1FJ9saRpYiR5QBW2NIsKODTULVvb3OndBlRWRWOi8XwXxn8M1laM58q4JhIw8IM0e8 FrK0jmskEWBti1WXxUNjZitgt8xFvRxxtWglTzKAgLY9StcCThRLSuDruF+wIDAQAB, name: Complitly plugin for chrome, update_url: hxxp://www.predictad.com/update/chrome/?si=41178&ver=1.1, version: 1.1 = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: FileConverter 1.3, permissions: [ storage, tabs, hxxp://*/*, https://*/*, notifications, management, unlimitedStorage, bookmarks, contextMenus, cookies, geolocation, history, idle, webNavigation, chrome://favicon/*, webRequest, webRequestBlocking ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\engeblojhfeingnjnfpiceofljnjpldp\10.15.2.523_0\
CHR - Extension: New Tab for Chrome, optional_permissions: [ background, notifications, unlimitedStorage, webNavigation ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg\1.0.0.0_0\
CHR - Extension: Detects all recordable content on the browser, key: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIwlyxIOu0hwMoAcBARugBpVhj7EGgYOAP2Fl/1dfiz6Z250yRI76IyXJvgOTbPYkbWguSD7kAcxsj25UMDyPs97CSQdqNFfqo212NRd7QWCV4hdqE2VR2KBLB5Ns4quB1GmCVzqNR83CCRu8RcONuamJ0FHQwmPSNbcDLkhuvuwIDAQAB, name: RealDownloader, permissions: [ tabs, hxxp://*/*, https://*/* ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: SweetIM for Facebook, optional_permissions: [ background ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: Skype Click to Call, permissions: [ tabs, hxxp://*/*, https://*/* ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\
CHR - Extension: Anzeigen und Verwalten von Terminen und Aufgaben. ReminderFox erinnert Sie an Dinge, die sich nicht im Kopf haben., key: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmpCaMOstd1BdwMqt0fDBaOAfiQsMTj+6pi73QuPIQDUlECMCNJDPhLYCdEB59C0vZZ6kj4ThGpiZDZ+txFfWMWZ30DwqO+e9GD79O3qLCP+I+/GQhu1RfR8khHI4gh9d6cc7a3QZmUzdF7pDpy4MRolDnxWPTQ0nfCcKzC/BvSwIDAQAB, name: ReminderFox, permissions: [ tabs, *://*/*, management ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpejamdehjfchbpcpblhacbebhiopkom\1.99.5_0\
CHR - Extension: Giant Savings, permissions: [ hxxp://*/*, https://*/*, tabs, cookies, notifications, contextMenus, webNavigation, webRequest, webRequestBlocking, unlimitedStorage ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.23.96_0\crossrider
CHR - Extension: Giant Savings, permissions: [ hxxp://*/*, https://*/*, tabs, cookies, notifications, contextMenus, webNavigation, webRequest, webRequestBlocking, unlimitedStorage ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.23.96_0\
CHR - Extension: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDVt8s/snYdV0IAGzWeS4515hfdeW55RxbjePwJ40IKnoM/49TuneDq0F9wjT0CqRu0Q6JFAnFR/WBDJF9kuZD27ePkaxVSOxwoPuQua/VNtdYBJ8i+/tf9NRe1LTqlq6eQjEJQjXunC+xt3QWZlNFqRnC1tpUtsaHgYxXIyZ16QIDAQAB, name: TimelineRemove, permissions: [ bookmarks, tabs, *://*.facebook.com/* ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfhopoibjodcfbppkiginpbcpekbdgln\0.8_0\
CHR - Extension: SweetPacks Chrome Extension, optional_permissions: [ background, notifications, unlimitedStorage, webNavigation ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\
CHR - Extension: Settings Protector, page_action: = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDYGr7n8PLb+LRt0x7+5n4yZPPtBu6HOub3BaxduHOABvX3rtwMwI9hHmnH6Ma24PAzz8wJ8vXHGc8QTOMCjteA+bAhFEfmNmum8o8YXQ6gEMdBEj JkPGD9TYJX+kpMzLujZim+7O33AkH3jSX9lN24yQYmeyWKf+n0NGa6J2l5XwIDAQAB, name: Avira Toolbar, permissions: [ bookmarks, contextMenus, cookies, geolocation, history, idle, management, notifications, tabs, unlimitedStorage, hxxp://*/*, https://*/*, chrome://favicon/*, chrome-internal://newtab/ ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl\7.15.22.42172_0\
CHR - Extension: Funmoods, permissions: [ tabs, cookies, hxxp://*/*, *://*.facebook.com/, hxxp://addon.greetingmoods.com/, *://igor.funmoods.com/*, *://f.funmoods.com/* ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\2.1.3_0\
CHR - Extension: Movie2kDownloader, permissions: [ contextMenus, tabs, hxxp://*/*, https://*/* ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf\1.0_0\
CHR - Extension: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4V8Oznt0OvrC3tBkDH6OobBG3RlEu8rHmyAy5hxzRsXeDaRgnmTjf8TNpTtAzOkvJvVceBKO4k683QijVFLOQY29JI6Zow3vI86PWRQ+ca1s9lC K0FczAxk2Fq9GgpsDVWgQ9Sl4EwvKWQRokalZtV+acWX/S5XxxAKfvUovEOwIDAQAB, name: Montiera Chrome Toolbar, permissions: [ tabs, hxxp://*/, notifications ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmbgdmijgopggjaelphhajpjldacbnba\1.0_0\
CHR - Extension: Ginyas Browser Companion = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf\1.0.5_0\
CHR - Extension: 23, name: Neuer Tab, permissions: [ storage, unlimitedStorage, contextMenus, webNavigation, history, bookmarks, tabs, management, topSites, chrome://favicon/, hxxp://*/*, https://*/* ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\8.2_0\
CHR - Extension: Claro Toolbar, permissions: [ tabs ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl\1.4_0\
CHR - Extension: Babylon Toolbar, permissions: [ tabs, hxxp://*/ ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\
CHR - Extension: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLu0oa5zhFoZIcej9K72PcWn5Hlkycp97SUqjY6L7qyT6U1FJ9saRpYiR5QBW2NIsKODTULVvb3OndBlRWRWOi8XwXxn8M1laM58q4JhIw8IM0e8 FrK0jmskEWBti1WXxUNjZitgt8xFvRxxtWglTzKAgLY9StcCThRLSuDruF+wIDAQAB, name: Complitly plugin for chrome, update_url: hxxp://www.predictad.com/update/chrome/?si=41178&ver=1.1, version: 1.1 = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda\1.1_0\
CHR - Extension: FileConverter 1.3, permissions: [ storage, tabs, hxxp://*/*, https://*/*, notifications, management, unlimitedStorage, bookmarks, contextMenus, cookies, geolocation, history, idle, webNavigation, chrome://favicon/*, webRequest, webRequestBlocking ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\engeblojhfeingnjnfpiceofljnjpldp\10.15.2.523_0\
CHR - Extension: New Tab for Chrome, optional_permissions: [ background, notifications, unlimitedStorage, webNavigation ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgfdfcbeamjnjdejakdidpniblllnbpg\1.0.0.0_0\
CHR - Extension: Detects all recordable content on the browser, key: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIwlyxIOu0hwMoAcBARugBpVhj7EGgYOAP2Fl/1dfiz6Z250yRI76IyXJvgOTbPYkbWguSD7kAcxsj25UMDyPs97CSQdqNFfqo212NRd7QWCV4hdqE2VR2KBLB5Ns4quB1GmCVzqNR83CCRu8RcONuamJ0FHQwmPSNbcDLkhuvuwIDAQAB, name: RealDownloader, permissions: [ tabs, hxxp://*/*, https://*/* ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: SweetIM for Facebook, optional_permissions: [ background ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: Skype Click to Call, permissions: [ tabs, hxxp://*/*, https://*/* ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\
CHR - Extension: Anzeigen und Verwalten von Terminen und Aufgaben. ReminderFox erinnert Sie an Dinge, die sich nicht im Kopf haben., key: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCmpCaMOstd1BdwMqt0fDBaOAfiQsMTj+6pi73QuPIQDUlECMCNJDPhLYCdEB59C0vZZ6kj4ThGpiZDZ+txFfWMWZ30DwqO+e9GD79O3qLCP+I+/GQhu1RfR8khHI4gh9d6cc7a3QZmUzdF7pDpy4MRolDnxWPTQ0nfCcKzC/BvSwIDAQAB, name: ReminderFox, permissions: [ tabs, *://*/*, management ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpejamdehjfchbpcpblhacbebhiopkom\1.99.5_0\
CHR - Extension: Giant Savings, permissions: [ hxxp://*/*, https://*/*, tabs, cookies, notifications, contextMenus, webNavigation, webRequest, webRequestBlocking, unlimitedStorage ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.23.96_0\crossrider
CHR - Extension: Giant Savings, permissions: [ hxxp://*/*, https://*/*, tabs, cookies, notifications, contextMenus, webNavigation, webRequest, webRequestBlocking, unlimitedStorage ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj\1.23.96_0\
CHR - Extension: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDVt8s/snYdV0IAGzWeS4515hfdeW55RxbjePwJ40IKnoM/49TuneDq0F9wjT0CqRu0Q6JFAnFR/WBDJF9kuZD27ePkaxVSOxwoPuQua/VNtdYBJ8i+/tf9NRe1LTqlq6eQjEJQjXunC+xt3QWZlNFqRnC1tpUtsaHgYxXIyZ16QIDAQAB, name: TimelineRemove, permissions: [ bookmarks, tabs, *://*.facebook.com/* ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfhopoibjodcfbppkiginpbcpekbdgln\0.8_0\
CHR - Extension: SweetPacks Chrome Extension, optional_permissions: [ background, notifications, unlimitedStorage, webNavigation ] = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0\
CHR - Extension: Settings Protector, page_action: = C:\Users\Celina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\

stumpfi53 · 24.05.2013, 23:27

hier der 2. teil

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Programme\Claro LTD\claro\1.8.8.5\bh\claro.dll (Montera Technologeis LTD)
O2 - BHO: (Ginyas Browser Companion) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Programme\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Celina\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
O2 - BHO: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Programme\Avanquest_App'-Anwendungsleiste\prxtbAvan.dll (Conduit Ltd.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.4.9\bh\BabylonToolbar.dll File not found
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll File not found
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Programme\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Certified Toolbar) - {6636902a-3781-4d94-ab36-af118b839af5} - C:\Users\Celina\AppData\Roaming\CertifiedToolbar\CertifiedToolbar.dll (Simply Tech LTD)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Funmoods Helper Object) - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Programme\Funmoods\1.5.23.22\bh\escort.dll (Funmoods BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ReminderFox) - {7C9B39E6-6606-4ED2-8A3F-36E39C78CBDC} - C:\Users\Celina\AppData\LocalLow\ReminderFox\IE\ReminderFox.dll (Tom Mutdosch)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ginyas Browser Companion Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Programme\BrowserCompanion\updatebhoWin32.dll (Blabbers Communications Ltd)
O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Programme\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Avanquest App'-Anwendungsleiste Toolbar) - {1d8566bd-f06f-4029-a3be-ba80af5a09f3} - C:\Program Files\Avanquest_App'-Anwendungsleiste\prxtbAvan.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Certified Toolbar) - {6636902a-3781-4d94-ab36-af118b839af5} - C:\Users\Celina\AppData\Roaming\CertifiedToolbar\CertifiedToolbar.dll (Simply Tech LTD)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Programme\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Programme\Claro LTD\claro\1.8.8.5\claroTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Funmoods Toolbar) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Programme\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - Startup: C:\Users\Celina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tcbhn.lnk = C:\Users\Celina\AppData\Roaming\BrowserCompanion\tcbhn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Celina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52C8EA0B-7F30-4256-A916-F8AA9A67DBFD}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ED693BA-9C85-450E-BEE5-04AB68D3F4B4}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F719714-2185-499D-BEB9-236453B50CAA}: DhcpNameServer = 10.74.210.210 10.74.210.211
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~2\261040~1.25\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20 - AppInit_DLLs: (c:\progra~1\google\google~1\goec62~1.dll) - c:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Celina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Celina\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\System32\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{630ea6fd-a966-11e1-a478-00238b86e39c}\Shell - "" = AutoRun
O33 - MountPoints2\{630ea6fd-a966-11e1-a478-00238b86e39c}\Shell\AutoRun\command - "" = E:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{e12fa0fc-ce5a-11e0-a32d-00238b86e39c}\Shell - "" = AutoRun
O33 - MountPoints2\{e12fa0fc-ce5a-11e0-a32d-00238b86e39c}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)

MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg: Browser Infrastructure Helper - hkey= - key= - C:\Users\Celina\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar)
MsConfig - StartUpReg: HTC Sync Loader - hkey= - key= - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LWS - hkey= - key= - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: WatchMyCam - hkey= - key= - C:\Programme\WatchMyCam\WatchMyCam.exe (www.WatchMyCam.de)
MsConfig - StartUpReg: WeatherBugAlert - hkey= - key= - C:\Program Files\AWS\WeatherBug Alert\WeatherBugAlert.exe (AWS Convergence Technologies)
MsConfig - StartUpReg: Windows Mobile-based device management - hkey= - key= - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013.05.24 10:29:11 | 000,000,000 | ---D | C] -- C:\Users\Celina\AppData\Roaming\Systweak
[2013.05.22 23:11:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013.05.15 23:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2013.04.29 20:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.04.28 20:01:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Praktikum
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.05.24 23:27:03 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Chrome Watcher.job
[2013.05.24 23:20:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.24 23:18:00 | 000,000,992 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Runner.job
[2013.05.24 23:05:05 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Stats Report.job
[2013.05.24 22:56:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.24 22:56:08 | 000,000,860 | ---- | M] () -- C:\Users\Celina\Desktop\OTL - Verknüpfung.lnk
[2013.05.24 22:21:18 | 000,002,022 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.05.24 22:02:17 | 000,000,992 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion FireFox Watcher.job
[2013.05.24 22:02:15 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Update Checker.job
[2013.05.24 22:02:11 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.24 21:41:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 21:41:44 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.24 21:41:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.24 10:45:52 | 000,153,600 | ---- | M] () -- C:\Users\Celina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.24 09:39:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3573906517-1408000182-2565755776-1000UA.job
[2013.05.23 21:39:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3573906517-1408000182-2565755776-1000Core.job
[2013.05.22 23:13:45 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.05.22 00:07:29 | 000,000,155 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013.05.16 09:59:44 | 000,633,830 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.16 09:59:44 | 000,129,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.16 09:59:44 | 000,106,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.16 09:59:44 | 000,008,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.16 09:52:16 | 000,305,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.13 17:49:12 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.05.13 16:45:04 | 000,011,156 | ---- | M] () -- C:\Users\Celina\AppData\Roaming\wklnhst.dat
[2013.04.25 13:37:30 | 001,727,488 | ---- | M] () -- C:\Users\Celina\Desktop\Hormonelle Empfängnisverhütung.wps
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.05.24 22:56:08 | 000,000,860 | ---- | C] () -- C:\Users\Celina\Desktop\OTL - Verknüpfung.lnk
[2013.05.22 23:13:45 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013.05.22 23:13:18 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013.05.13 17:49:12 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2013.05.13 17:49:12 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013.01.03 22:56:45 | 000,002,512 | ---- | C] () -- C:\Users\Celina\ESt2010.elfo
[2012.12.04 21:03:38 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll
[2012.09.19 21:27:30 | 000,007,168 | -H-- | C] () -- C:\Users\Celina\photothumb.db
[2012.09.18 18:31:59 | 000,064,569 | ---- | C] () -- C:\Users\Celina\317.jpg
[2012.09.04 16:03:54 | 001,156,400 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2012.09.04 16:03:54 | 000,027,136 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2012.07.21 19:38:16 | 000,384,844 | ---- | C] () -- C:\Users\Celina\AppData\Local\funmoods-speeddial.crx
[2012.07.21 19:38:06 | 000,031,465 | ---- | C] () -- C:\Users\Celina\AppData\Local\funmoods.crx
[2012.07.05 15:16:51 | 000,009,216 | ---- | C] () -- C:\Windows\Launcher.exe
[2012.06.22 19:49:30 | 000,011,486 | ---- | C] () -- C:\Users\Celina\AppData\Local\recently-used.xbel
[2012.05.29 14:47:54 | 000,000,042 | ---- | C] () -- C:\Users\Celina\.gtk-bookmarks
[2012.05.07 21:14:43 | 000,172,032 | ---- | C] () -- C:\Users\Celina\Lachsfilets mit Spinatsauce.wps
[2012.05.07 20:58:17 | 000,031,232 | ---- | C] () -- C:\Users\Celina\Irische scones
[2011.12.04 16:09:47 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.06.05 18:01:02 | 002,022,819 | ---- | C] () -- C:\Users\Celina\Bitburger_Teilnahmekarte.pdf
[2010.11.11 21:37:58 | 000,099,627 | ---- | C] () -- C:\Users\Celina\phase-6-backpack-celina-2010-11-11.p6b
[2010.09.05 20:33:44 | 000,617,105 | ---- | C] () -- C:\Users\Celina\DIR_setup.exe
[2010.08.18 21:29:28 | 000,011,953 | ---- | C] () -- C:\Users\Celina\phase-6-backpack-celina-2010-08-18.p6b
[2010.08.14 11:25:53 | 000,001,330 | RHS- | C] () -- C:\Users\Celina\ntuser.pol
[2010.07.27 08:38:02 | 000,000,680 | ---- | C] () -- C:\Users\Celina\AppData\Local\d3d9caps.dat
[2009.11.09 20:41:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.06.17 12:09:22 | 000,011,156 | ---- | C] () -- C:\Users\Celina\AppData\Roaming\wklnhst.dat
[2009.06.06 12:37:30 | 000,153,600 | ---- | C] () -- C:\Users\Celina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011.02.03 11:48:49 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\AnvSoft
[2010.01.01 21:44:41 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\Ashampoo
[2011.12.04 16:06:55 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\Babylon
[2012.06.03 21:45:43 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\BabylonToolbar
[2013.05.24 22:02:29 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\BrowserCompanion
[2009.11.29 19:14:55 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\Canneverbe_Limited
[2010.03.02 21:35:00 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\Canon
[2012.07.05 15:16:51 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\CertifiedToolbar
[2013.01.05 20:06:53 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\Claro
[2013.01.05 20:06:40 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\Claro LTD
[2012.07.05 15:19:17 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\Complitly
[2010.06.16 16:03:30 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\Cornelsen
[2010.12.26 20:41:36 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.03 23:29:14 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\elsterformular
[2012.07.02 11:16:46 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\FreeScreenToVideo
[2009.11.29 15:24:11 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\FreeVideoConverter
[2012.09.07 21:51:00 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\GrabPro
[2011.10.13 15:29:32 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\gtk-2.0
[2011.12.28 21:28:19 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\HTC
[2009.09.11 21:55:49 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\IrfanView
[2012.08.06 13:06:53 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\Leadertech
[2012.07.05 17:47:38 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\ManyCam
[2012.09.07 21:50:58 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\OpenCandy
[2012.07.05 15:39:28 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\Optimizer Pro
[2013.02.25 00:41:15 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\Orbit
[2009.06.12 15:15:35 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\Packard Bell
[2012.05.29 10:49:42 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\PC Suite
[2012.12.04 21:04:28 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\PDFCreatorPackages
[2013.01.09 11:24:00 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\PerformerSoft
[2012.09.07 21:51:03 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\ProgSense
[2010.10.14 22:23:03 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\Samsung
[2013.05.24 11:52:58 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\Systweak
[2011.10.10 12:52:35 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\TeamViewer
[2009.06.17 12:09:34 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\Template
[2010.09.01 20:56:09 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\Thunderbird
[2010.08.14 13:39:53 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\Uniblue
[2009.07.15 21:22:25 | 000,000,000 | ---D | M] -- C:\Users\Celina\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Custom Scans ==========

< Code: >
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,032,556 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.02.14 12:27:48 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010.02.14 12:27:49 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.05.08 22:42:20 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.11.15 22:34:58 | 000,000,910 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3573906517-1408000182-2565755776-1000Core.job
[2012.11.15 22:34:59 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3573906517-1408000182-2565755776-1000UA.job
[2013.01.05 20:08:45 | 000,000,438 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for Celina.job
[2013.02.28 21:17:50 | 000,000,992 | ---- | C] () -- C:\Windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job
[2013.02.28 21:17:54 | 000,001,040 | ---- | C] () -- C:\Windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job
[2013.02.28 21:17:57 | 000,001,040 | ---- | C] () -- C:\Windows\Tasks\GinyasBrowserCompanion Stats Report.job
[2013.02.28 21:18:04 | 000,000,924 | ---- | C] () -- C:\Windows\Tasks\GinyasBrowserCompanion Update Checker.job
[2013.02.28 21:18:07 | 000,000,992 | ---- | C] () -- C:\Windows\Tasks\GinyasBrowserCompanion Runner.job

< --------- >

< %SYSTEMDRIVE%\*. >
[2013.05.07 14:20:11 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.04.20 16:00:04 | 000,000,000 | ---D | M] -- C:\199f0e34b85a54fb44cb
[2013.04.11 14:32:23 | 000,000,000 | ---D | M] -- C:\30c107c084c8c697df
[2009.06.15 12:45:55 | 000,000,000 | -H-D | M] -- C:\ACER
[2009.09.13 21:09:41 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.03.14 22:18:00 | 000,000,000 | ---D | M] -- C:\c02e8cc81246ee6ed1
[2010.09.29 15:41:54 | 000,000,000 | ---D | M] -- C:\Cornelsen
[2010.06.16 16:22:08 | 000,000,000 | ---D | M] -- C:\CSOFT
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.06.05 19:43:28 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.02.25 00:41:28 | 000,000,000 | ---D | M] -- C:\downloads
[2012.06.03 22:56:18 | 000,000,000 | ---D | M] -- C:\DVDVOLUME
[2012.08.26 14:23:19 | 000,000,000 | -HSD | M] -- C:\found.000
[2013.02.14 21:25:18 | 000,000,000 | -HSD | M] -- C:\found.001
[2009.01.08 18:24:25 | 000,000,000 | ---D | M] -- C:\Intel
[2009.08.21 16:11:46 | 000,000,000 | ---D | M] -- C:\KIDDINX
[2009.01.08 18:34:04 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.10.26 20:52:48 | 000,000,000 | ---D | M] -- C:\O!kay!
[2009.12.26 21:42:29 | 000,000,000 | ---D | M] -- C:\output
[2012.01.19 10:31:44 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.05.24 11:52:59 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.05.24 11:48:03 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.06.05 19:43:28 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.05.24 23:28:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.08.03 11:18:16 | 000,000,000 | ---D | M] -- C:\TEMP
[2010.02.17 18:20:09 | 000,000,000 | ---D | M] -- C:\Terzio
[2010.10.10 14:13:55 | 000,000,000 | ---D | M] -- C:\TLCwin
[2013.05.07 14:19:38 | 000,000,000 | R--D | M] -- C:\Users
[2013.05.22 23:13:45 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< C:\Windows\system32\*.tsp >
[2006.11.02 11:44:49 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2006.11.02 11:44:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2006.11.02 11:44:49 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2006.11.02 11:44:49 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2009.04.11 08:27:17 | 000,280,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< MD5 for: AGP440.SYS >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTORV.SYS >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USER32.DLL >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

< MD5 for: USERINIT.EXE >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %USERPROFILE%\*.* >
[2012.05.29 14:47:54 | 000,000,042 | ---- | M] () -- C:\Users\Celina\.gtk-bookmarks
[2012.09.18 18:31:50 | 000,064,569 | ---- | M] () -- C:\Users\Celina\317.jpg
[2012.05.07 20:58:21 | 000,570,368 | ---- | M] () -- C:\Users\Celina\Apfelstrudel.doc
[2012.05.07 20:58:25 | 000,060,928 | ---- | M] () -- C:\Users\Celina\Armer Ritter mit Zitronenschaum.doc
[2012.05.07 20:58:26 | 000,027,136 | ---- | M] () -- C:\Users\Celina\Baiser Himbeer Traum.doc
[2012.05.07 20:58:27 | 000,032,256 | ---- | M] () -- C:\Users\Celina\Bananen-Apfel-Shake.doc
[2012.05.07 20:58:28 | 000,028,672 | ---- | M] () -- C:\Users\Celina\Bananensplitt.doc
[2012.05.07 20:58:29 | 000,044,544 | ---- | M] () -- C:\Users\Celina\Birnenkompott.doc
[2011.06.05 18:01:02 | 002,022,819 | ---- | M] () -- C:\Users\Celina\Bitburger_Teilnahmekarte.pdf
[2012.05.07 20:58:20 | 000,024,576 | ---- | M] () -- C:\Users\Celina\Bulgur.doc
[2012.05.07 20:58:39 | 000,030,208 | ---- | M] () -- C:\Users\Celina\Bunter Nudelauflauf.doc
[2012.05.07 20:58:16 | 000,029,696 | ---- | M] () -- C:\Users\Celina\Canneloni.doc
[2012.05.07 20:58:30 | 000,026,112 | ---- | M] () -- C:\Users\Celina\Crêpes.doc
[2002.06.11 22:53:54 | 000,617,105 | ---- | M] () -- C:\Users\Celina\DIR_setup.exe
[2013.01.03 22:56:45 | 000,002,512 | ---- | M] () -- C:\Users\Celina\ESt2010.elfo
[2012.05.07 20:58:42 | 000,028,160 | ---- | M] () -- C:\Users\Celina\Fladenbrot.doc
[2012.05.07 20:58:31 | 000,054,272 | ---- | M] () -- C:\Users\Celina\Grießflammerie.doc
[2012.05.07 20:58:19 | 000,038,400 | ---- | M] () -- C:\Users\Celina\Gurkendickmilch.doc
[2012.05.07 20:58:17 | 000,345,600 | ---- | M] () -- C:\Users\Celina\Hackfleischauflauf mit Kartoffelpüree.doc
[2012.05.07 20:58:32 | 000,025,600 | ---- | M] () -- C:\Users\Celina\Himbeer-Buttermilch-Shake.doc
[2012.05.07 20:58:22 | 000,030,208 | ---- | M] () -- C:\Users\Celina\Holländer.doc
[2012.05.07 20:58:43 | 000,027,136 | ---- | M] () -- C:\Users\Celina\Indisches Currybrot.doc
[2012.05.07 20:58:18 | 000,031,232 | ---- | M] () -- C:\Users\Celina\Irische scones
[2012.05.07 20:58:32 | 000,027,648 | ---- | M] () -- C:\Users\Celina\Irish crumble.doc
[2012.05.07 20:58:10 | 000,094,208 | ---- | M] () -- C:\Users\Celina\Kartoffelpuffer mit Apfelmus.doc
[2012.05.07 20:58:08 | 000,039,424 | ---- | M] () -- C:\Users\Celina\Kürbiscremesuppe.doc
[2012.05.07 20:58:39 | 000,077,824 | ---- | M] () -- C:\Users\Celina\Lachsfilets mit Spinatsauce.doc
[2012.05.07 21:14:44 | 000,172,032 | ---- | M] () -- C:\Users\Celina\Lachsfilets mit Spinatsauce.wps
[2012.05.07 20:58:11 | 000,029,696 | ---- | M] () -- C:\Users\Celina\Lauch-Speck-Kuchen.doc
[2012.05.07 20:58:09 | 000,067,072 | ---- | M] () -- C:\Users\Celina\Lauchcremesuppe.doc
[2012.05.07 20:58:38 | 000,071,680 | ---- | M] () -- C:\Users\Celina\Mehlpfannkuchen.doc
[2012.05.07 20:58:33 | 000,045,568 | ---- | M] () -- C:\Users\Celina\Milchnudeln.doc
[2013.05.24 23:50:44 | 008,912,896 | -HS- | M] () -- C:\Users\Celina\ntuser.dat
[2013.05.24 23:50:44 | 000,262,144 | -H-- | M] () -- C:\Users\Celina\ntuser.dat.LOG1
[2011.06.04 15:46:46 | 000,262,144 | -H-- | M] () -- C:\Users\Celina\ntuser.dat.LOG2
[2012.08.26 14:30:26 | 000,065,536 | -HS- | M] () -- C:\Users\Celina\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2012.08.26 14:30:26 | 000,524,288 | -HS- | M] () -- C:\Users\Celina\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2011.09.08 19:37:22 | 000,524,288 | -HS- | M] () -- C:\Users\Celina\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2013.05.24 11:53:48 | 000,065,536 | -HS- | M] () -- C:\Users\Celina\ntuser.dat{65065922-ef9d-11e1-ae19-00238b86e39c}.TM.blf
[2013.05.24 11:53:48 | 000,524,288 | -HS- | M] () -- C:\Users\Celina\ntuser.dat{65065922-ef9d-11e1-ae19-00238b86e39c}.TMContainer00000000000000000001.regtrans-ms
[2012.08.26 18:45:51 | 000,524,288 | -HS- | M] () -- C:\Users\Celina\ntuser.dat{65065922-ef9d-11e1-ae19-00238b86e39c}.TMContainer00000000000000000002.regtrans-ms
[2009.06.05 19:46:39 | 000,000,020 | -HS- | M] () -- C:\Users\Celina\ntuser.ini
[2012.01.16 21:25:33 | 000,001,330 | RHS- | M] () -- C:\Users\Celina\ntuser.pol
[2012.05.07 20:58:23 | 000,028,160 | ---- | M] () -- C:\Users\Celina\Obstboden.doc
[2012.05.07 20:58:12 | 000,079,360 | ---- | M] () -- C:\Users\Celina\Paprikageschnetzeltes.doc
[2010.08.18 21:29:12 | 000,011,953 | ---- | M] () -- C:\Users\Celina\phase-6-backpack-celina-2010-08-18.p6b
[2010.11.11 21:37:49 | 000,099,627 | ---- | M] () -- C:\Users\Celina\phase-6-backpack-celina-2010-11-11.p6b
[2013.03.03 17:17:51 | 000,007,168 | -H-- | M] () -- C:\Users\Celina\photothumb.db
[2012.05.07 20:58:34 | 000,117,248 | ---- | M] () -- C:\Users\Celina\Power Drink.doc
[2012.05.07 20:58:24 | 000,031,232 | ---- | M] () -- C:\Users\Celina\Rhabarber.doc
[2012.05.07 20:58:40 | 000,027,136 | ---- | M] () -- C:\Users\Celina\Rosmarinkartoffeln.doc
[2012.05.07 20:58:12 | 000,047,616 | ---- | M] () -- C:\Users\Celina\Schnelles Schaschlik.doc
[2012.05.07 20:58:13 | 000,033,792 | ---- | M] () -- C:\Users\Celina\Spatzeklöß.doc
[2012.05.07 20:58:35 | 000,030,720 | ---- | M] () -- C:\Users\Celina\Spekulatius-Pflaumen.doc
[2012.05.07 20:58:14 | 000,083,456 | ---- | M] () -- C:\Users\Celina\Spinatellen mit Tomatensoße und Reis.doc
[2012.05.07 20:58:41 | 000,035,840 | ---- | M] () -- C:\Users\Celina\Tomaten und Jogurtdoc.doc
[2012.05.07 20:58:09 | 000,038,912 | ---- | M] () -- C:\Users\Celina\Tomatensuppe.doc
[2012.05.07 20:58:15 | 000,072,192 | ---- | M] () -- C:\Users\Celina\Tortellini mit Sahnesauce.doc
[2012.05.07 20:58:16 | 000,030,208 | ---- | M] () -- C:\Users\Celina\Tortelliniauflauf.doc
[2012.05.07 20:58:37 | 000,028,160 | ---- | M] () -- C:\Users\Celina\Vanillecreme mit Früchten.doc
[2012.05.07 20:58:36 | 000,142,336 | ---- | M] () -- C:\Users\Celina\Waffeln mit Kompott.doc
[2012.05.07 20:58:44 | 000,097,792 | ---- | M] () -- C:\Users\Celina\Weihnachtsplätzchen.doc
[2012.05.07 20:58:21 | 000,043,008 | ---- | M] () -- C:\Users\Celina\Yam.doc
[2012.05.07 20:58:10 | 000,030,208 | ---- | M] () -- C:\Users\Celina\Zucchinisuppe.doc

< %USERPROFILE%\Local Settings\Temp\*.exe >

< %USERPROFILE%\Local Settings\Temp\*.dll >

< %USERPROFILE%\Application Data\*.exe >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< --------- >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:FB1B13D8

< End of report >

markusg · 25.05.2013, 11:41

Hi,
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

stumpfi53 · 26.05.2013, 20:18

datei ist wieder zu groß kommt auf 2 mal

20:44:03.0908 5072 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:44:04.0131 5072 ============================================================
20:44:04.0131 5072 Current date / time: 2013/05/26 20:44:04.0131
20:44:04.0131 5072 SystemInfo:
20:44:04.0131 5072
20:44:04.0131 5072 OS Version: 6.0.6002 ServicePack: 2.0
20:44:04.0132 5072 Product type: Workstation
20:44:04.0132 5072 ComputerName: CELINA-PC
20:44:04.0132 5072 UserName: Celina
20:44:04.0132 5072 Windows directory: C:\Windows
20:44:04.0132 5072 System windows directory: C:\Windows
20:44:04.0132 5072 Processor architecture: Intel x86
20:44:04.0132 5072 Number of processors: 2
20:44:04.0132 5072 Page size: 0x1000
20:44:04.0132 5072 Boot type: Normal boot
20:44:04.0132 5072 ============================================================
20:44:05.0819 5072 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:44:05.0821 5072 ============================================================
20:44:05.0821 5072 \Device\Harddisk0\DR0:
20:44:05.0821 5072 MBR partitions:
20:44:05.0821 5072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x23A2D800
20:44:05.0821 5072 ============================================================
20:44:05.0831 5072 C: <-> \Device\Harddisk0\DR0\Partition1
20:44:05.0832 5072 ============================================================
20:44:05.0832 5072 Initialize success
20:44:05.0832 5072 ============================================================
20:47:36.0579 5488 ============================================================
20:47:36.0579 5488 Scan started
20:47:36.0579 5488 Mode: Manual; SigCheck; TDLFS;
20:47:36.0579 5488 ============================================================
20:47:36.0881 5488 ================ Scan system memory ========================
20:47:36.0881 5488 System memory - ok
20:47:36.0881 5488 ================ Scan services =============================
20:47:37.0079 5488 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
20:47:37.0229 5488 ACDaemon - ok
20:47:37.0497 5488 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:47:37.0526 5488 ACPI - ok
20:47:37.0596 5488 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
20:47:37.0615 5488 AdobeActiveFileMonitor6.0 - ok
20:47:37.0685 5488 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:47:37.0702 5488 AdobeARMservice - ok
20:47:37.0762 5488 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:47:37.0787 5488 AdobeFlashPlayerUpdateSvc - ok
20:47:37.0839 5488 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:47:37.0874 5488 adp94xx - ok
20:47:37.0902 5488 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:47:37.0927 5488 adpahci - ok
20:47:37.0956 5488 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:47:37.0977 5488 adpu160m - ok
20:47:38.0000 5488 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:47:38.0022 5488 adpu320 - ok
20:47:38.0058 5488 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:47:38.0104 5488 AeLookupSvc - ok
20:47:38.0172 5488 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\Windows\system32\drivers\Afc.sys
20:47:38.0190 5488 Afc ( UnsignedFile.Multi.Generic ) - warning
20:47:38.0190 5488 Afc - detected UnsignedFile.Multi.Generic (1)
20:47:38.0230 5488 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
20:47:38.0278 5488 AFD - ok
20:47:38.0309 5488 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:47:38.0329 5488 agp440 - ok
20:47:38.0371 5488 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:47:38.0394 5488 aic78xx - ok
20:47:38.0420 5488 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
20:47:38.0463 5488 ALG - ok
20:47:38.0499 5488 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
20:47:38.0517 5488 aliide - ok
20:47:38.0538 5488 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:47:38.0557 5488 amdagp - ok
20:47:38.0581 5488 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
20:47:38.0599 5488 amdide - ok
20:47:38.0616 5488 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
20:47:38.0667 5488 AmdK7 - ok
20:47:38.0685 5488 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:47:38.0747 5488 AmdK8 - ok
20:47:38.0792 5488 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
20:47:38.0821 5488 Appinfo - ok
20:47:38.0896 5488 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:47:38.0915 5488 Apple Mobile Device - ok
20:47:38.0949 5488 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
20:47:38.0969 5488 arc - ok
20:47:39.0008 5488 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:47:39.0029 5488 arcsas - ok
20:47:39.0071 5488 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:47:39.0118 5488 AsyncMac - ok
20:47:39.0153 5488 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
20:47:39.0171 5488 atapi - ok
20:47:39.0213 5488 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:47:39.0263 5488 AudioEndpointBuilder - ok
20:47:39.0279 5488 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:47:39.0310 5488 Audiosrv - ok
20:47:39.0337 5488 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
20:47:39.0381 5488 Beep - ok
20:47:39.0440 5488 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
20:47:39.0604 5488 BFE - ok
20:47:39.0667 5488 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
20:47:39.0752 5488 BITS - ok
20:47:39.0812 5488 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
20:47:39.0851 5488 blbdrive - ok
20:47:39.0927 5488 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:47:39.0964 5488 Bonjour Service - ok
20:47:40.0007 5488 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:47:40.0053 5488 bowser - ok
20:47:40.0085 5488 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:47:40.0130 5488 BrFiltLo - ok
20:47:40.0144 5488 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:47:40.0184 5488 BrFiltUp - ok
20:47:40.0210 5488 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
20:47:40.0303 5488 Browser - ok
20:47:40.0469 5488 [ D9C8DC2D7EC28E3FF25C99EF17C8631A ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
20:47:40.0659 5488 BrowserProtect - ok
20:47:40.0709 5488 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:47:40.0780 5488 Brserid - ok
20:47:40.0795 5488 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:47:40.0869 5488 BrSerWdm - ok
20:47:40.0890 5488 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:47:40.0950 5488 BrUsbMdm - ok
20:47:40.0967 5488 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:47:41.0028 5488 BrUsbSer - ok
20:47:41.0054 5488 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:47:41.0128 5488 BTHMODEM - ok
20:47:41.0163 5488 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:47:41.0206 5488 cdfs - ok
20:47:41.0251 5488 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:47:41.0293 5488 cdrom - ok
20:47:41.0339 5488 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
20:47:41.0381 5488 CertPropSvc - ok
20:47:41.0407 5488 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
20:47:41.0451 5488 circlass - ok
20:47:41.0490 5488 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
20:47:41.0518 5488 CLFS - ok
20:47:41.0592 5488 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:47:41.0611 5488 clr_optimization_v2.0.50727_32 - ok
20:47:41.0717 5488 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:47:41.0736 5488 clr_optimization_v4.0.30319_32 - ok
20:47:41.0809 5488 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:47:41.0842 5488 CmBatt - ok
20:47:41.0888 5488 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:47:41.0907 5488 cmdide - ok
20:47:41.0924 5488 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:47:41.0943 5488 Compbatt - ok
20:47:41.0949 5488 COMSysApp - ok
20:47:41.0957 5488 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:47:41.0980 5488 crcdisk - ok
20:47:42.0001 5488 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
20:47:42.0063 5488 Crusoe - ok
20:47:42.0119 5488 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:47:42.0152 5488 CryptSvc - ok
20:47:42.0376 5488 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:47:42.0433 5488 DcomLaunch - ok
20:47:42.0465 5488 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:47:42.0501 5488 DfsC - ok
20:47:42.0611 5488 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
20:47:42.0748 5488 DFSR - ok
20:47:42.0804 5488 [ 3BE1651C63954067940E7F473498AD70 ] dgderdrv C:\Windows\system32\drivers\dgderdrv.sys
20:47:42.0860 5488 dgderdrv - ok
20:47:42.0880 5488 [ 10B8F89D146D0E20B1284D47BB4EC6C9 ] dgdersvc C:\Windows\system32\dgdersvc.exe
20:47:42.0901 5488 dgdersvc - ok
20:47:42.0951 5488 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:47:42.0996 5488 Dhcp - ok
20:47:43.0024 5488 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
20:47:43.0045 5488 disk - ok
20:47:43.0087 5488 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:47:43.0123 5488 Dnscache - ok
20:47:43.0156 5488 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:47:43.0196 5488 dot3svc - ok
20:47:43.0231 5488 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
20:47:43.0266 5488 DPS - ok
20:47:43.0309 5488 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:47:43.0357 5488 drmkaud - ok
20:47:43.0395 5488 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:47:43.0448 5488 DXGKrnl - ok
20:47:43.0471 5488 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
20:47:43.0509 5488 E1G60 - ok
20:47:43.0549 5488 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
20:47:43.0579 5488 EapHost - ok
20:47:43.0629 5488 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
20:47:43.0651 5488 Ecache - ok
20:47:43.0710 5488 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:47:43.0735 5488 ehRecvr - ok
20:47:43.0750 5488 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
20:47:43.0806 5488 ehSched - ok
20:47:43.0818 5488 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
20:47:43.0857 5488 ehstart - ok
20:47:43.0900 5488 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:47:43.0930 5488 elxstor - ok
20:47:43.0977 5488 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:47:44.0083 5488 EMDMgmt - ok
20:47:44.0142 5488 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:47:44.0176 5488 ErrDev - ok
20:47:44.0232 5488 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
20:47:44.0273 5488 EventSystem - ok
20:47:44.0308 5488 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
20:47:44.0348 5488 exfat - ok
20:47:44.0382 5488 [ 42F721C52EEF2D6DF9372A53813A83EF ] ezSharedSvc C:\Windows\System32\ezsvc7.dll
20:47:44.0395 5488 ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
20:47:44.0395 5488 ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
20:47:44.0429 5488 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:47:44.0473 5488 fastfat - ok
20:47:44.0506 5488 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:47:44.0553 5488 fdc - ok
20:47:44.0586 5488 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
20:47:44.0618 5488 fdPHost - ok
20:47:44.0630 5488 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
20:47:44.0690 5488 FDResPub - ok
20:47:44.0712 5488 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:47:44.0731 5488 FileInfo - ok
20:47:44.0748 5488 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:47:44.0793 5488 Filetrace - ok
20:47:44.0839 5488 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:47:44.0898 5488 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:47:44.0898 5488 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
20:47:44.0918 5488 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:47:44.0968 5488 flpydisk - ok
20:47:44.0996 5488 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:47:45.0020 5488 FltMgr - ok
20:47:45.0110 5488 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
20:47:45.0158 5488 FontCache - ok
20:47:45.0212 5488 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:47:45.0229 5488 FontCache3.0.0.0 - ok
20:47:45.0260 5488 [ B07663A810E861EEBFD0EAC7E82CA62D ] FsUsbExDisk C:\Windows\system32\FsUsbExDisk.SYS
20:47:45.0284 5488 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
20:47:45.0284 5488 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
20:47:45.0325 5488 [ F96C429788350DB4BA6771C3034DFD88 ] FsUsbExService C:\Windows\system32\FsUsbExService.Exe
20:47:45.0346 5488 FsUsbExService ( UnsignedFile.Multi.Generic ) - warning
20:47:45.0347 5488 FsUsbExService - detected UnsignedFile.Multi.Generic (1)
20:47:45.0380 5488 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:47:45.0415 5488 Fs_Rec - ok
20:47:45.0444 5488 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:47:45.0465 5488 gagp30kx - ok
20:47:45.0497 5488 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:47:45.0512 5488 GEARAspiWDM - ok
20:47:45.0588 5488 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
20:47:45.0604 5488 GoogleDesktopManager-051210-111108 - ok
20:47:45.0652 5488 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
20:47:45.0728 5488 gpsvc - ok
20:47:45.0801 5488 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:47:45.0821 5488 gupdate - ok
20:47:45.0846 5488 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:47:45.0864 5488 gupdatem - ok
20:47:45.0912 5488 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:47:45.0985 5488 gusvc - ok
20:47:46.0043 5488 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:47:46.0121 5488 HdAudAddService - ok
20:47:46.0167 5488 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:47:46.0273 5488 HDAudBus - ok
20:47:46.0303 5488 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:47:46.0357 5488 HidBth - ok
20:47:46.0374 5488 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
20:47:46.0435 5488 HidIr - ok
20:47:46.0467 5488 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
20:47:46.0502 5488 hidserv - ok
20:47:46.0555 5488 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:47:46.0603 5488 HidUsb - ok
20:47:46.0633 5488 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:47:46.0681 5488 hkmsvc - ok
20:47:46.0700 5488 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:47:46.0719 5488 HpCISSs - ok
20:47:46.0763 5488 [ CBD09ED9CF6822177EE85AEA4D8816A2 ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys
20:47:46.0799 5488 HTCAND32 - ok
20:47:46.0849 5488 [ 52395A94C127C0266D1C0F3CCE8A4345 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
20:47:46.0866 5488 htcnprot - ok
20:47:46.0910 5488 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:47:46.0969 5488 HTTP - ok
20:47:46.0986 5488 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:47:47.0005 5488 i2omp - ok
20:47:47.0045 5488 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:47:47.0092 5488 i8042prt - ok
20:47:47.0124 5488 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:47:47.0150 5488 iaStorV - ok
20:47:47.0232 5488 [ 81EACB021DC52E908187861FD92370B4 ] IBUpdaterService C:\Windows\system32\dmwu.exe
20:47:47.0663 5488 IBUpdaterService - ok
20:47:47.0738 5488 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:47:47.0809 5488 idsvc - ok
20:47:47.0908 5488 [ 0627FC0C422CD6E0F23E1B0D1D9F0899 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
20:47:48.0041 5488 igfx - ok
20:47:48.0064 5488 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:47:48.0095 5488 iirsp - ok
20:47:48.0143 5488 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
20:47:48.0223 5488 IKEEXT - ok
20:47:48.0310 5488 [ 9B89F2E3D705651DEC1F01033B9D6B24 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:47:48.0434 5488 IntcAzAudAddService - ok
20:47:48.0473 5488 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
20:47:48.0494 5488 intelide - ok
20:47:48.0526 5488 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:47:48.0569 5488 intelppm - ok
20:47:48.0591 5488 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:47:48.0640 5488 IPBusEnum - ok
20:47:48.0659 5488 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:47:48.0695 5488 IpFilterDriver - ok
20:47:48.0724 5488 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:47:48.0762 5488 iphlpsvc - ok
20:47:48.0768 5488 IpInIp - ok
20:47:48.0794 5488 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:47:48.0832 5488 IPMIDRV - ok
20:47:48.0851 5488 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:47:48.0887 5488 IPNAT - ok
20:47:48.0944 5488 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:47:48.0990 5488 iPod Service - ok
20:47:49.0004 5488 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:47:49.0050 5488 IRENUM - ok
20:47:49.0077 5488 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:47:49.0096 5488 isapnp - ok
20:47:49.0151 5488 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:47:49.0175 5488 iScsiPrt - ok
20:47:49.0203 5488 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:47:49.0227 5488 iteatapi - ok
20:47:49.0250 5488 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:47:49.0267 5488 iteraid - ok
20:47:49.0293 5488 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:47:49.0312 5488 kbdclass - ok
20:47:49.0334 5488 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:47:49.0374 5488 kbdhid - ok
20:47:49.0415 5488 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
20:47:49.0447 5488 KeyIso - ok
20:47:49.0490 5488 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:47:49.0522 5488 KSecDD - ok
20:47:49.0591 5488 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:47:49.0690 5488 KtmRm - ok
20:47:49.0740 5488 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
20:47:49.0764 5488 LanmanServer - ok
20:47:49.0810 5488 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:47:49.0843 5488 LanmanWorkstation - ok
20:47:49.0867 5488 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:47:49.0912 5488 lltdio - ok
20:47:49.0955 5488 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:47:50.0005 5488 lltdsvc - ok
20:47:50.0024 5488 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:47:50.0084 5488 lmhosts - ok
20:47:50.0113 5488 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:47:50.0134 5488 LSI_FC - ok
20:47:50.0171 5488 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:47:50.0203 5488 LSI_SAS - ok
20:47:50.0263 5488 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:47:50.0285 5488 LSI_SCSI - ok
20:47:50.0312 5488 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
20:47:50.0360 5488 luafv - ok
20:47:50.0386 5488 [ 8BE71D7EDB8C7494913722059F760DD0 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2Mon.sys
20:47:50.0402 5488 LVPr2Mon - ok
20:47:50.0474 5488 [ 2333057542C91AE8228BDCCC2E5F2632 ] LVPrcSrv C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
20:47:50.0494 5488 LVPrcSrv - ok
20:47:50.0568 5488 [ A1857FBB9B4930EEB2FD92386C45C529 ] LVRS C:\Windows\system32\DRIVERS\lvrs.sys
20:47:50.0590 5488 LVRS - ok
20:47:50.0716 5488 [ 3703406AF0726BADD24C5E552493E5B1 ] LVUVC C:\Windows\system32\DRIVERS\lvuvc.sys
20:47:50.0932 5488 LVUVC - ok
20:47:50.0989 5488 [ D8C0B2EB928D57C928522EFF500C4BA8 ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv.sys
20:47:51.0024 5488 ManyCam - ok
20:47:51.0080 5488 [ 964BD01FD77026F93F15040027F6F579 ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv.sys
20:47:51.0109 5488 mcaudrv_simple - ok
20:47:51.0144 5488 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:47:51.0187 5488 Mcx2Svc - ok
20:47:51.0208 5488 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
20:47:51.0227 5488 megasas - ok
20:47:51.0253 5488 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
20:47:51.0283 5488 MegaSR - ok
20:47:51.0289 5488 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
20:47:51.0344 5488 MMCSS - ok
20:47:51.0365 5488 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
20:47:51.0409 5488 Modem - ok
20:47:51.0437 5488 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:47:51.0471 5488 monitor - ok
20:47:51.0486 5488 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:47:51.0507 5488 mouclass - ok
20:47:51.0546 5488 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:47:51.0606 5488 mouhid - ok
20:47:51.0630 5488 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:47:51.0648 5488 MountMgr - ok
20:47:51.0728 5488 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:47:51.0751 5488 MozillaMaintenance - ok
20:47:51.0802 5488 [ CF105EE42E3F71E648CEBB3F666E1CF0 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:47:51.0834 5488 MpFilter - ok
20:47:51.0864 5488 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
20:47:51.0886 5488 mpio - ok
20:47:51.0984 5488 [ A69630D039C38018689190234F866D77 ] MpKsl20d065ea c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{076B4B88-5E2F-4CFF-9012-11819241C951}\MpKsl20d065ea.sys
20:47:52.0001 5488 MpKsl20d065ea - ok
20:47:52.0025 5488 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:47:52.0068 5488 mpsdrv - ok
20:47:52.0110 5488 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
20:47:52.0168 5488 MpsSvc - ok
20:47:52.0191 5488 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:47:52.0209 5488 Mraid35x - ok
20:47:52.0240 5488 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:47:52.0294 5488 MRxDAV - ok
20:47:52.0330 5488 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:47:52.0352 5488 mrxsmb - ok
20:47:52.0387 5488 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:47:52.0421 5488 mrxsmb10 - ok
20:47:52.0442 5488 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:47:52.0477 5488 mrxsmb20 - ok
20:47:52.0495 5488 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
20:47:52.0515 5488 msahci - ok
20:47:52.0540 5488 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:47:52.0561 5488 msdsm - ok
20:47:52.0599 5488 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
20:47:52.0634 5488 MSDTC - ok
20:47:52.0669 5488 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:47:52.0718 5488 Msfs - ok
20:47:52.0750 5488 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:47:52.0769 5488 msisadrv - ok
20:47:52.0804 5488 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:47:52.0855 5488 MSiSCSI - ok
20:47:52.0860 5488 msiserver - ok
20:47:52.0883 5488 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:47:52.0930 5488 MSKSSRV - ok
20:47:53.0012 5488 [ C1F19D2BACBEE9AB64D9AE69E9859AC0 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:47:53.0033 5488 MsMpSvc - ok
20:47:53.0065 5488 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:47:53.0100 5488 MSPCLOCK - ok
20:47:53.0115 5488 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:47:53.0150 5488 MSPQM - ok
20:47:53.0184 5488 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:47:53.0207 5488 MsRPC - ok
20:47:53.0233 5488 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:47:53.0252 5488 mssmbios - ok
20:47:53.0267 5488 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:47:53.0299 5488 MSTEE - ok
20:47:53.0316 5488 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
20:47:53.0335 5488 Mup - ok
20:47:53.0370 5488 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
20:47:53.0415 5488 napagent - ok
20:47:53.0455 5488 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:47:53.0478 5488 NativeWifiP - ok
20:47:53.0490 5488 NAVENG - ok
20:47:53.0497 5488 NAVEX15 - ok
20:47:53.0550 5488 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:47:53.0596 5488 NDIS - ok
20:47:53.0625 5488 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:47:53.0652 5488 NdisTapi - ok
20:47:53.0662 5488 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:47:53.0696 5488 Ndisuio - ok
20:47:53.0733 5488 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:47:53.0763 5488 NdisWan - ok
20:47:53.0779 5488 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:47:53.0807 5488 NDProxy - ok
20:47:53.0899 5488 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
20:47:53.0968 5488 Nero BackItUp Scheduler 3 - ok
20:47:53.0999 5488 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys
20:47:54.0027 5488 Netaapl - ok
20:47:54.0044 5488 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:47:54.0084 5488 NetBIOS - ok
20:47:54.0119 5488 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:47:54.0166 5488 netbt - ok
20:47:54.0184 5488 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
20:47:54.0204 5488 Netlogon - ok
20:47:54.0233 5488 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
20:47:54.0276 5488 Netman - ok
20:47:54.0298 5488 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
20:47:54.0336 5488 netprofm - ok
20:47:54.0375 5488 [ EBBD48D3F4361773B812CA67A9CFC69B ] netr28 C:\Windows\system32\DRIVERS\netr28.sys
20:47:54.0427 5488 netr28 - ok
20:47:54.0448 5488 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:47:54.0486 5488 NetTcpPortSharing - ok
20:47:54.0635 5488 [ E559EA9138C77B5D1FDA8C558764A25F ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
20:47:54.0844 5488 NETw5v32 - ok
20:47:54.0879 5488 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:47:54.0897 5488 nfrd960 - ok
20:47:54.0923 5488 [ 832E098BCA8235436FE2D8AE50AC3718 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:47:54.0946 5488 NisDrv - ok
20:47:54.0983 5488 [ E570ECA850F30EB740C2E9699DF3D2BD ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
20:47:55.0013 5488 NisSrv - ok
20:47:55.0045 5488 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:47:55.0082 5488 NlaSvc - ok
20:47:55.0156 5488 [ CD4326BC339F98DE21AA07B208A305AE ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
20:47:55.0198 5488 NMIndexingService - ok
20:47:55.0255 5488 [ F6C40E0A565EE3CE5AEEB325E10054F2 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
20:47:55.0304 5488 nmwcd - ok
20:47:55.0340 5488 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:47:55.0366 5488 Npfs - ok
20:47:55.0394 5488 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
20:47:55.0443 5488 nsi - ok
20:47:55.0467 5488 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:47:55.0506 5488 nsiproxy - ok
20:47:55.0560 5488 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:47:55.0664 5488 Ntfs - ok
20:47:55.0679 5488 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
20:47:55.0732 5488 ntrigdigi - ok
20:47:55.0756 5488 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
20:47:55.0791 5488 Null - ok
20:47:55.0813 5488 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:47:55.0836 5488 nvraid - ok
20:47:55.0858 5488 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:47:55.0880 5488 nvstor - ok
20:47:55.0914 5488 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:47:55.0934 5488 nv_agp - ok
20:47:55.0941 5488 NwlnkFlt - ok
20:47:55.0952 5488 NwlnkFwd - ok
20:47:56.0029 5488 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:47:56.0061 5488 odserv - ok
20:47:56.0083 5488 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:47:56.0147 5488 ohci1394 - ok
20:47:56.0188 5488 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:47:56.0209 5488 ose - ok
20:47:56.0272 5488 [ 1B6E5FCF86D1574A62A2546E1FE7763C ] otshot C:\program files\otshot\ZalmanUpdateService.exe
20:47:56.0506 5488 otshot - ok
20:47:56.0586 5488 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:47:56.0664 5488 p2pimsvc - ok
20:47:56.0676 5488 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
20:47:56.0710 5488 p2psvc - ok
20:47:56.0736 5488 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
20:47:56.0796 5488 Parport - ok
20:47:56.0825 5488 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:47:56.0844 5488 partmgr - ok
20:47:56.0861 5488 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
20:47:56.0932 5488 Parvdm - ok
20:47:56.0988 5488 [ 68139940B5AC84AFFB7EB1B713BE66E7 ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
20:47:57.0092 5488 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
20:47:57.0093 5488 PassThru Service - detected UnsignedFile.Multi.Generic (1)
20:47:57.0115 5488 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
20:47:57.0154 5488 PcaSvc - ok
20:47:57.0232 5488 [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
20:47:57.0249 5488 pccsmcfd - ok
20:47:57.0283 5488 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
20:47:57.0307 5488 pci - ok
20:47:57.0324 5488 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
20:47:57.0345 5488 pciide - ok
20:47:57.0385 5488 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:47:57.0406 5488 pcmcia - ok
20:47:57.0463 5488 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:47:57.0560 5488 PEAUTH - ok
20:47:57.0627 5488 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
20:47:57.0954 5488 pla - ok
20:47:57.0980 5488 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
20:47:58.0005 5488 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
20:47:58.0005 5488 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
20:47:58.0045 5488 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:47:58.0090 5488 PlugPlay - ok
20:47:58.0120 5488 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:47:58.0154 5488 PNRPAutoReg - ok
20:47:58.0187 5488 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:47:58.0219 5488 PNRPsvc - ok
20:47:58.0261 5488 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:47:58.0360 5488 PolicyAgent - ok
20:47:58.0418 5488 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:47:58.0465 5488 PptpMiniport - ok
20:47:58.0494 5488 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
20:47:58.0527 5488 Processor - ok
20:47:58.0551 5488 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
20:47:58.0585 5488 ProfSvc - ok
20:47:58.0620 5488 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
20:47:58.0640 5488 ProtectedStorage - ok
20:47:58.0672 5488 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:47:58.0733 5488 PSched - ok
20:47:58.0752 5488 [ D86B4A68565E444D76457F14172C875A ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
20:47:58.0775 5488 PxHelp20 - ok
20:47:58.0829 5488 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:47:58.0928 5488 ql2300 - ok
20:47:58.0949 5488 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:47:58.0968 5488 ql40xx - ok
20:47:58.0999 5488 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
20:47:59.0025 5488 QWAVE - ok
20:47:59.0040 5488 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:47:59.0063 5488 QWAVEdrv - ok
20:47:59.0142 5488 [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
20:47:59.0191 5488 RapiMgr - ok
20:47:59.0209 5488 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:47:59.0248 5488 RasAcd - ok
20:47:59.0269 5488 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
20:47:59.0318 5488 RasAuto - ok
20:47:59.0338 5488 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:47:59.0408 5488 Rasl2tp - ok
20:47:59.0443 5488 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
20:47:59.0476 5488 RasMan - ok
20:47:59.0512 5488 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:47:59.0539 5488 RasPppoe - ok
20:47:59.0568 5488 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:47:59.0592 5488 RasSstp - ok
20:47:59.0650 5488 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:47:59.0683 5488 rdbss - ok
20:47:59.0694 5488 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:47:59.0740 5488 RDPCDD - ok
20:47:59.0775 5488 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:47:59.0813 5488 rdpdr - ok
20:47:59.0820 5488 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:47:59.0857 5488 RDPENCDD - ok
20:47:59.0906 5488 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:47:59.0946 5488 RDPWD - ok

hier der 2. teil

20:48:00.0020 5488 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
20:48:00.0036 5488 RealNetworks Downloader Resolver Service - ok
20:48:00.0135 5488 [ DCD47436476140ECC3998672C0B85BE3 ] ReminderFoxUpdater C:\Users\Celina\AppData\LocalLow\ReminderFox\IE\ReminderFoxUpdater.exe
20:48:00.0275 5488 ReminderFoxUpdater ( UnsignedFile.Multi.Generic ) - warning
20:48:00.0275 5488 ReminderFoxUpdater - detected UnsignedFile.Multi.Generic (1)
20:48:00.0318 5488 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:48:00.0398 5488 RemoteAccess - ok
20:48:00.0440 5488 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:48:00.0474 5488 RemoteRegistry - ok
20:48:00.0500 5488 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
20:48:00.0528 5488 RpcLocator - ok
20:48:00.0568 5488 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
20:48:00.0611 5488 RpcSs - ok
20:48:00.0642 5488 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:48:00.0715 5488 rspndr - ok
20:48:00.0764 5488 [ 4755C86FD7DC189FAA0E6D111C417DE1 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
20:48:00.0788 5488 RTL8169 - ok
20:48:00.0849 5488 [ 01C64783DB1F40E1E3DF67DD36199B35 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
20:48:00.0882 5488 RTSTOR - ok
20:48:00.0899 5488 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
20:48:00.0919 5488 SamSs - ok
20:48:00.0942 5488 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:48:00.0963 5488 sbp2port - ok
20:48:01.0012 5488 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:48:01.0042 5488 SCardSvr - ok
20:48:01.0095 5488 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
20:48:01.0181 5488 Schedule - ok
20:48:01.0217 5488 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:48:01.0243 5488 SCPolicySvc - ok
20:48:01.0272 5488 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:48:01.0305 5488 SDRSVC - ok
20:48:01.0342 5488 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:48:01.0401 5488 secdrv - ok
20:48:01.0427 5488 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
20:48:01.0464 5488 seclogon - ok
20:48:01.0481 5488 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
20:48:01.0522 5488 SENS - ok
20:48:01.0533 5488 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:48:01.0589 5488 Serenum - ok
20:48:01.0606 5488 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
20:48:01.0664 5488 Serial - ok
20:48:01.0706 5488 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:48:01.0738 5488 sermouse - ok
20:48:01.0815 5488 [ C15B813F2FDB44F87F23312472C6E790 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
20:48:01.0864 5488 ServiceLayer - ok
20:48:01.0897 5488 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
20:48:01.0934 5488 SessionEnv - ok
20:48:01.0957 5488 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:48:01.0983 5488 sffdisk - ok
20:48:02.0004 5488 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:48:02.0047 5488 sffp_mmc - ok
20:48:02.0063 5488 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:48:02.0100 5488 sffp_sd - ok
20:48:02.0120 5488 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:48:02.0185 5488 sfloppy - ok
20:48:02.0218 5488 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:48:02.0271 5488 SharedAccess - ok
20:48:02.0308 5488 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:48:02.0340 5488 ShellHWDetection - ok
20:48:02.0361 5488 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:48:02.0383 5488 sisagp - ok
20:48:02.0397 5488 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:48:02.0416 5488 SiSRaid2 - ok
20:48:02.0431 5488 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:48:02.0452 5488 SiSRaid4 - ok
20:48:02.0515 5488 [ 2F5AF9D91D51E832773D4A9EAF65CB33 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
20:48:02.0553 5488 SkypeUpdate - ok
20:48:02.0670 5488 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
20:48:02.0879 5488 slsvc - ok
20:48:02.0929 5488 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:48:02.0992 5488 SLUINotify - ok
20:48:03.0027 5488 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:48:03.0067 5488 Smb - ok
20:48:03.0106 5488 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:48:03.0126 5488 SNMPTRAP - ok
20:48:03.0155 5488 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
20:48:03.0173 5488 spldr - ok
20:48:03.0213 5488 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
20:48:03.0237 5488 Spooler - ok
20:48:03.0242 5488 SRTSP - ok
20:48:03.0249 5488 SRTSPX - ok
20:48:03.0284 5488 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:48:03.0329 5488 srv - ok
20:48:03.0368 5488 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:48:03.0390 5488 srv2 - ok
20:48:03.0422 5488 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:48:03.0457 5488 srvnet - ok
20:48:03.0473 5488 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:48:03.0513 5488 SSDPSRV - ok
20:48:03.0539 5488 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:48:03.0565 5488 SstpSvc - ok
20:48:03.0605 5488 [ 3F0164FBC0BD1ADBD02DF9759181451A ] ss_bbus C:\Windows\system32\DRIVERS\ss_bbus.sys
20:48:03.0624 5488 ss_bbus - ok
20:48:03.0656 5488 [ B89D62206034E5FE573C80A24DD55675 ] ss_bmdfl C:\Windows\system32\DRIVERS\ss_bmdfl.sys
20:48:03.0671 5488 ss_bmdfl - ok
20:48:03.0719 5488 [ 1ED0FCEA586FE2A416EE15196E5631DD ] ss_bmdm C:\Windows\system32\DRIVERS\ss_bmdm.sys
20:48:03.0741 5488 ss_bmdm - ok
20:48:03.0806 5488 [ 54946449A0EB74915A4BB34F7EE51A5A ] ss_bus C:\Windows\system32\DRIVERS\ss_bus.sys
20:48:03.0824 5488 ss_bus - ok
20:48:03.0851 5488 [ 4450BC0B2E9D7D9B90E3C3DE4EA00A78 ] ss_mdfl C:\Windows\system32\DRIVERS\ss_mdfl.sys
20:48:03.0866 5488 ss_mdfl - ok
20:48:03.0900 5488 [ 30B8D0DD01EAD1243F329CAF7D7D1517 ] ss_mdm C:\Windows\system32\DRIVERS\ss_mdm.sys
20:48:03.0917 5488 ss_mdm - ok
20:48:03.0935 5488 StarOpen - ok
20:48:03.0997 5488 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
20:48:04.0108 5488 stisvc - ok
20:48:04.0169 5488 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:48:04.0187 5488 swenum - ok
20:48:04.0233 5488 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
20:48:04.0278 5488 swprv - ok
20:48:04.0304 5488 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:48:04.0321 5488 Symc8xx - ok
20:48:04.0345 5488 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:48:04.0369 5488 Sym_hi - ok
20:48:04.0393 5488 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:48:04.0411 5488 Sym_u3 - ok
20:48:04.0459 5488 [ D2AA5D5FDB821EB5F9366C5E3BC2D9EA ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:48:04.0481 5488 SynTP - ok
20:48:04.0526 5488 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
20:48:04.0600 5488 SysMain - ok
20:48:04.0634 5488 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:48:04.0658 5488 TabletInputService - ok
20:48:04.0699 5488 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:48:04.0745 5488 TapiSrv - ok
20:48:04.0760 5488 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
20:48:04.0796 5488 TBS - ok
20:48:04.0848 5488 [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:48:04.0922 5488 Tcpip - ok
20:48:04.0953 5488 [ 3535CD93F944C00F098E73E12EE7FEB6 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:48:05.0006 5488 Tcpip6 - ok
20:48:05.0038 5488 [ CD21572F83F7EC6E2C20C465967BEDD9 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:48:05.0112 5488 tcpipreg - ok
20:48:05.0140 5488 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:48:05.0187 5488 TDPIPE - ok
20:48:05.0204 5488 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:48:05.0236 5488 TDTCP - ok
20:48:05.0262 5488 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:48:05.0293 5488 tdx - ok
20:48:05.0301 5488 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:48:05.0325 5488 TermDD - ok
20:48:05.0369 5488 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
20:48:05.0442 5488 TermService - ok
20:48:05.0465 5488 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
20:48:05.0515 5488 Themes - ok
20:48:05.0521 5488 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
20:48:05.0555 5488 THREADORDER - ok
20:48:05.0591 5488 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
20:48:05.0641 5488 TrkWks - ok
20:48:05.0686 5488 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:48:05.0727 5488 TrustedInstaller - ok
20:48:05.0767 5488 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:48:05.0815 5488 tssecsrv - ok
20:48:05.0840 5488 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:48:05.0870 5488 tunmp - ok
20:48:05.0902 5488 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:48:05.0922 5488 tunnel - ok
20:48:05.0943 5488 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:48:05.0965 5488 uagp35 - ok
20:48:06.0003 5488 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:48:06.0035 5488 udfs - ok
20:48:06.0077 5488 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:48:06.0133 5488 UI0Detect - ok
20:48:06.0158 5488 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:48:06.0178 5488 uliagpkx - ok
20:48:06.0200 5488 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:48:06.0225 5488 uliahci - ok
20:48:06.0237 5488 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:48:06.0257 5488 UlSata - ok
20:48:06.0281 5488 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:48:06.0302 5488 ulsata2 - ok
20:48:06.0324 5488 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:48:06.0377 5488 umbus - ok
20:48:06.0399 5488 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
20:48:06.0464 5488 upnphost - ok
20:48:06.0508 5488 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
20:48:06.0583 5488 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
20:48:06.0583 5488 USBAAPL - detected UnsignedFile.Multi.Generic (1)
20:48:06.0612 5488 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
20:48:06.0652 5488 usbaudio - ok
20:48:06.0704 5488 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:48:06.0742 5488 usbccgp - ok
20:48:06.0760 5488 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:48:06.0821 5488 usbcir - ok
20:48:06.0858 5488 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:48:06.0903 5488 usbehci - ok
20:48:06.0956 5488 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:48:07.0006 5488 usbhub - ok
20:48:07.0024 5488 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:48:07.0106 5488 usbohci - ok
20:48:07.0135 5488 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:48:07.0192 5488 usbprint - ok
20:48:07.0261 5488 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:48:07.0306 5488 usbscan - ok
20:48:07.0325 5488 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:48:07.0369 5488 USBSTOR - ok
20:48:07.0391 5488 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:48:07.0418 5488 usbuhci - ok
20:48:07.0453 5488 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:48:07.0498 5488 usbvideo - ok
20:48:07.0520 5488 [ 228F444F9AF0D3B9ECA9FC3F4FEB12F2 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
20:48:07.0554 5488 usb_rndisx - ok
20:48:07.0591 5488 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
20:48:07.0637 5488 UxSms - ok
20:48:07.0681 5488 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
20:48:07.0756 5488 vds - ok
20:48:07.0781 5488 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:48:07.0813 5488 vga - ok
20:48:07.0836 5488 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
20:48:07.0876 5488 VgaSave - ok
20:48:07.0896 5488 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:48:07.0918 5488 viaagp - ok
20:48:07.0932 5488 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
20:48:07.0965 5488 ViaC7 - ok
20:48:07.0989 5488 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
20:48:08.0008 5488 viaide - ok
20:48:08.0029 5488 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:48:08.0066 5488 volmgr - ok
20:48:08.0128 5488 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:48:08.0199 5488 volmgrx - ok
20:48:08.0327 5488 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:48:08.0352 5488 volsnap - ok
20:48:08.0370 5488 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:48:08.0394 5488 vsmraid - ok
20:48:08.0431 5488 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
20:48:08.0519 5488 VSS - ok
20:48:08.0558 5488 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
20:48:08.0593 5488 W32Time - ok
20:48:08.0610 5488 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:48:08.0694 5488 WacomPen - ok
20:48:08.0735 5488 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:48:08.0777 5488 Wanarp - ok
20:48:08.0782 5488 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:48:08.0816 5488 Wanarpv6 - ok
20:48:08.0865 5488 [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
20:48:08.0912 5488 WcesComm - ok
20:48:08.0933 5488 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:48:08.0980 5488 wcncsvc - ok
20:48:09.0026 5488 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:48:09.0064 5488 WcsPlugInService - ok
20:48:09.0083 5488 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
20:48:09.0101 5488 Wd - ok
20:48:09.0147 5488 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:48:09.0183 5488 Wdf01000 - ok
20:48:09.0207 5488 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:48:09.0246 5488 WdiServiceHost - ok
20:48:09.0254 5488 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:48:09.0292 5488 WdiSystemHost - ok
20:48:09.0342 5488 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
20:48:09.0398 5488 WebClient - ok
20:48:09.0446 5488 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:48:09.0513 5488 Wecsvc - ok
20:48:09.0535 5488 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:48:09.0577 5488 wercplsupport - ok
20:48:09.0616 5488 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
20:48:09.0649 5488 WerSvc - ok
20:48:09.0708 5488 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:48:09.0734 5488 WinDefend - ok
20:48:09.0741 5488 WinHttpAutoProxySvc - ok
20:48:09.0814 5488 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:48:09.0843 5488 Winmgmt - ok
20:48:09.0904 5488 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
20:48:09.0994 5488 WinRM - ok
20:48:10.0052 5488 [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
20:48:10.0078 5488 winusb - ok
20:48:10.0122 5488 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:48:10.0169 5488 Wlansvc - ok
20:48:10.0191 5488 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:48:10.0236 5488 WmiAcpi - ok
20:48:10.0267 5488 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:48:10.0302 5488 wmiApSrv - ok
20:48:10.0363 5488 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:48:10.0438 5488 WMPNetworkSvc - ok
20:48:10.0460 5488 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:48:10.0495 5488 WPCSvc - ok
20:48:10.0522 5488 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:48:10.0545 5488 WPDBusEnum - ok
20:48:10.0577 5488 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
20:48:10.0598 5488 WpdUsb - ok
20:48:10.0720 5488 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:48:10.0766 5488 WPFFontCache_v0400 - ok
20:48:10.0819 5488 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:48:10.0868 5488 ws2ifsl - ok
20:48:10.0897 5488 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
20:48:10.0936 5488 wscsvc - ok
20:48:10.0941 5488 WSearch - ok
20:48:11.0030 5488 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:48:11.0154 5488 wuauserv - ok
20:48:11.0203 5488 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:48:11.0223 5488 WudfPf - ok
20:48:11.0257 5488 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:48:11.0280 5488 WUDFRd - ok
20:48:11.0317 5488 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:48:11.0355 5488 wudfsvc - ok
20:48:11.0382 5488 ================ Scan global ===============================
20:48:11.0413 5488 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
20:48:11.0458 5488 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
20:48:11.0494 5488 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
20:48:11.0536 5488 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
20:48:11.0544 5488 [Global] - ok
20:48:11.0544 5488 ================ Scan MBR ==================================
20:48:11.0556 5488 [ EF932EAA6EF4C94E66A7F6CEEC7EB422 ] \Device\Harddisk0\DR0
20:48:14.0493 5488 \Device\Harddisk0\DR0 - ok
20:48:14.0494 5488 ================ Scan VBR ==================================
20:48:14.0497 5488 [ 7E1231972C1DDF0822EB1BA16802F170 ] \Device\Harddisk0\DR0\Partition1
20:48:14.0499 5488 \Device\Harddisk0\DR0\Partition1 - ok
20:48:14.0500 5488 ============================================================
20:48:14.0500 5488 Scan finished
20:48:14.0500 5488 ============================================================
20:48:14.0514 0176 Detected object count: 9
20:48:14.0514 0176 Actual detected object count: 9
20:51:25.0514 0176 Afc ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:25.0514 0176 Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:51:25.0514 0176 ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:25.0514 0176 ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:51:25.0517 0176 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:25.0520 0176 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:51:25.0521 0176 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:25.0521 0176 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:51:25.0536 0176 FsUsbExService ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:25.0536 0176 FsUsbExService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:51:25.0538 0176 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:25.0538 0176 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:51:25.0541 0176 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:25.0542 0176 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:51:25.0544 0176 ReminderFoxUpdater ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:25.0544 0176 ReminderFoxUpdater ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:51:25.0546 0176 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
20:51:25.0547 0176 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

stumpfi53 · 27.05.2013, 22:39

hi ich hoffe du kannst damit was anfangen. für mich sind das böhmische dörfer.
schönen gruß

markusg · 28.05.2013, 09:06

Hi,
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

stumpfi53 · 31.05.2013, 10:40

hi, ich kann keine combofix.txt finden, hab nur einen ordner der zeigt beim anklicken C: undD: an ????

markusg · 31.05.2013, 10:46

dann ists evtl. look.txt könnnte auch im ordner qoobox liegen, ansonsten direkt auf c:. ist das programm überhaupt bis zum Ende gelaufen, da müsste das log automatisch geöffnet worden sein

stumpfi53 · 31.05.2013, 13:08

Suche nach infizierten Dateien....
Dies dauert normalerweise nicht l„nger als 10 Minuten.
Die Scanzeit fr stark infizierte Rechner kann sich leicht verdoppeln.

Fertiggestellt Stufe_1
Fertiggestellt Stufe_2
Fertiggestellt Stufe_3
Fertiggestellt Stufe_4
Fertiggestellt Stufe_5
Fertiggestellt Stufe_6
Fertiggestellt Stufe_6A
Fertiggestellt Stufe_7
Fertiggestellt Stufe_8
Fertiggestellt Stufe_9
Fertiggestellt Stufe_10
Fertiggestellt Stufe_11
Fertiggestellt Stufe_12
Fertiggestellt Stufe_13
Fertiggestellt Stufe_14
Fertiggestellt Stufe_15
Fertiggestellt Stufe_16
Fertiggestellt Stufe_17
Fertiggestellt Stufe_18
Fertiggestellt Stufe_19
Fertiggestellt Stufe_19B
Fertiggestellt Stufe_20
Fertiggestellt Stufe_21
Fertiggestellt Stufe_22
Fertiggestellt Stufe_23
Fertiggestellt Stufe_24
Fertiggestellt Stufe_25
Fertiggestellt Stufe_26
Fertiggestellt Stufe_27
Fertiggestellt Stufe_28
Fertiggestellt Stufe_29
Fertiggestellt Stufe_30
Fertiggestellt Stufe_31
Fertiggestellt Stufe_32
Fertiggestellt Stufe_32A
Fertiggestellt Stufe_33
Fertiggestellt Stufe_34
Fertiggestellt Stufe_35
Fertiggestellt Stufe_36
Fertiggestellt Stufe_37
Fertiggestellt Stufe_38

Failed to get data for 'EnableLUA'

Fertiggestellt Stufe_39
Fertiggestellt Stufe_40
Fertiggestellt Stufe_41
Fertiggestellt Stufe_42
Fertiggestellt Stufe_43
Fertiggestellt Stufe_44
Fertiggestellt Stufe_45
Fertiggestellt Stufe_46
Fertiggestellt Stufe_47
Fertiggestellt Stufe_48
Fertiggestellt Stufe_49
Fertiggestellt Stufe_50

markusg · 31.05.2013, 13:10

das steht momentan da? dann läuft er anscheinent nochSeit wann ists bei Stufe 50?

stumpfi53 · 31.05.2013, 13:10

hab noch mal durchlaufen lassen das war das einzige im fenster. hat ca 10 min. gedauert,nach ner halben stunde hatte sich das fenster nicht mehr verändert

24.05.2013, 23:19	#4
markusg /// Malware-holic	tcbhn wurde beendet und geschlossen Hi, das is ja schon mal die Hälfte der Logs __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

tcbhn wurde beendet und geschlossen

Plagegeister aller Art und deren Bekämpfung: tcbhn wurde beendet und geschlossen