Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Spam-Versand über meinen Yahoo-Account (https://www.trojaner-board.de/113171-spam-versand-meinen-yahoo-account.html)

Broid 04.04.2012 21:34
Spam-Versand über meinen Yahoo-Account
 
Hallo,

während ich mit meinem PC im Internet surfte, wurden über meinen Yahoo-Account (in diesem Moment war ich nicht angemeldet) haufenweise Spam-Mails an meine Kontaktadressen versandt. Ich habe daraufhin über mein HP Touchpad das Passwort des Yahoo-Accounts verändert und meinen Virenscaner (Avira Free Antivirus) das System checken lassen. Gefunden wurde bei dem Check nichts.

Anschließend habe ich Malewarebytes drüber laufen lassen – wieder ohne Ergebnis (ich habe es als Textfile angehängt).

Natürlich möchte ich nun aber sichergehen, dass mein System wirklich sauber ist. Und dazu würde ich gerne eure Hilfe in Anspruch nehmen. Ich habe sämtliche Scans aus eurer Anleitung durchgeführt und hoffe, dass ihr mir sagen könnt, ob noch eine Gefährdung besteht.


Vielen Dank dafür bereits im Voraus.


Liebe Grüße,

Broid

cosinus 05.04.2012 19:50
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Broid 05.04.2012 22:20
Hallo,

danke für die Antwort. Ich habe das Programm erst gestern installiert, nachdem das Problem aufgetreten ist. Kann also mit weiteren Logs leider nicht dienen.

cosinus 06.04.2012 14:04
Ok. Hattest du vllt ein zu einfach zu erratendes Passwort gehabt? Du hast es ja nun geändert.
Dasselbe jetzt mittlerweile geänderte Passwort nutzt du auch für andere Logins oder hast du das nur für für den Yahoo-Mailzugang benutzt?
Warst du vllt mal an einem anderen Rechner dran und hast dich in Yahoo mit der Passworteingabe eingeloggt?

Ich frag nach weil das Passwort a) entweder zu einfach war oder b) abgegriffen wurde als du an einem infizierten (anderen) Rechner mal dran warst

Broid 07.04.2012 06:02
Hallo,

ich persönlich habe das bisherige Passwort (Mix aus Buchstaben und Zahlen) eigentlich nicht als zu leicht empfunden, da es z.B. auch keinen "persönlichen Bezug" hatte. Aber ich hattes es bereits seit sehr langer Zeit benutzt - und dies nicht nur für den Yahoo-Zugang...

Im Regelfall kam es aber nur an zwei (nicht öffentlichen) PCs zum Einsatz. Den anderen PC habe ich noch nicht überprüft, aber an dem war ich auch schon länger nicht mehr dran. Ich werde ihn aber bei nächster Gelegenheit auch noch checken.

Und ja, das neue Passwort ist wirklich "neu" und benutze ich nur für Yahoo. Und bisher auch nur an dem "durchgecheckten" PC. An dem anderen PC werde ich es erst einsetzen, wenn dort auch Malwarebytes durchgelaufen ist.

Insgesamt ist es mir schon ein Rätsel, wie jemand an das alte Passwort gekommen ist. Aber kann ich aus den Fragen ableiten, dass dieser PC sonst nicht weiter gefährdet ist?


LG,

Broid

cosinus 07.04.2012 17:44
Zitat:
Aber kann ich aus den Fragen ableiten, dass dieser PC sonst nicht weiter gefährdet ist?
Nein. Das war erstmal eine Frage um an weitere Infos zu kommen

Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Broid 08.04.2012 08:28
Hallo,

hier das Ergebnis des Scans mit ESET. Es hat einen Treffer gegeben:

-----------
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c8f940a8d3da10438757246aeb92df0b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-08 07:16:39
# local_time=2012-04-08 09:16:39 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 8364935 8364935 0 0
# compatibility_mode=5893 16776573 100 94 139458 85492274 0 0
# compatibility_mode=8192 67108863 100 0 308 308 0 0
# scanned=208062
# found=1
# cleaned=0
# scan_time=8316
E:\Program Files\TERA\Client\Binaries\TERA.exe a variant of Win32/Packed.Themida application (unable to clean) 00000000000000000000000000000000 I
---------------

Zur Info: Bei TERA handelt um eine Online-RPG. Dazu habe ich folgendes gefunden: https://forum.tera-europe.com/showthread.php?t=32689

In meiner Dummheit/Vergesslichkeit habe ich allerdings bis gerade eben völlig vergessen, dass es bei meinem vorletzten Avira Free Antivirus-Scan Treffer gab. Ich habe daher den Report dazu angehängt. Hätte ich früher dran denken können...

cosinus 08.04.2012 16:44
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Broid 08.04.2012 23:15
Okay, erledigt:

OTL Logfile:
Code:
OTL logfile created on: 08.04.2012 23:51:29 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Matthias\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 82,80% Memory free
6,00 Gb Paging File | 4,90 Gb Available in Paging File | 81,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 71,94 Gb Total Space | 17,03 Gb Free Space | 23,67% Space Free | Partition Type: NTFS
Drive D: | 7,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 145,89 Gb Total Space | 52,82 Gb Free Space | 36,21% Space Free | Partition Type: NTFS
Drive F: | 72,26 Gb Total Space | 26,46 Gb Free Space | 36,62% Space Free | Partition Type: NTFS
Drive G: | 3,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive L: | 931,51 Gb Total Space | 200,65 Gb Free Space | 21,54% Space Free | Partition Type: NTFS
 
Computer Name: MATTHIAS-PC | User Name: Matthias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.08 23:49:57 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Matthias\Downloads\OTL.exe
PRC - [2012.03.15 07:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2012.02.09 13:44:06 | 002,509,184 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2012.02.09 13:43:46 | 002,029,952 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Remote\Server\DataProxy.exe
PRC - [2012.01.26 20:38:52 | 000,525,768 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files\Sony\Content Manager Assistant\CMAWatcher.exe
PRC - [2012.01.26 20:38:42 | 002,520,504 | ---- | M] (Sony Computer Entertainment Inc.) -- C:\Program Files\Sony\Content Manager Assistant\CMA.exe
PRC - [2011.12.15 16:00:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.12.15 15:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.15 15:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.15 15:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.12.02 15:17:38 | 000,074,752 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.05.21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.21 07:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.05.21 07:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.03.15 16:35:16 | 000,061,440 | ---- | M] (Palm) -- C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.03.10 21:42:25 | 000,228,352 | ---- | M] () -- C:\Program Files\DVBViewer\Scheduler.exe
PRC - [2010.01.01 12:10:40 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008.10.14 22:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2007.09.11 16:50:28 | 000,804,144 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!DSL\StCenter.exe
PRC - [2007.09.04 11:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
PRC - [2007.04.13 11:51:46 | 001,261,568 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
PRC - [2007.03.01 16:38:48 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.11.20 22:08:50 | 000,228,088 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006.11.20 22:08:46 | 000,017,656 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.17 21:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.06.13 23:54:28 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010.03.10 21:42:25 | 000,228,352 | ---- | M] () -- C:\Program Files\DVBViewer\Scheduler.exe
MOD - [2007.04.13 11:51:46 | 001,261,568 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v2\WG111v2.exe
MOD - [2006.11.20 21:33:28 | 004,587,520 | R--- | M] () -- C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2012.04.04 16:46:02 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.30 18:34:59 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.03.15 07:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2012.02.09 13:44:10 | 000,531,328 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011.12.15 15:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 15:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.02 15:17:38 | 000,074,752 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2011.05.21 07:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.03.15 16:35:16 | 000,061,440 | ---- | M] (Palm) [Auto | Running] -- C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe -- (NovacomD)
SRV - [2010.10.19 14:29:03 | 002,011,944 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.01.01 12:10:40 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.04 11:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2007.07.17 16:48:16 | 000,180,224 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\WinService.exe -- (SCM_Service)
SRV - [2007.03.20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)
SRV - [2006.07.25 11:48:30 | 000,613,376 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Packard Bell\SrvCDEject.exe -- (SrvCDEject)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2012.02.17 20:04:23 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.15 16:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.05.21 07:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.06.25 19:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.12.22 14:48:34 | 000,585,280 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2009.12.22 14:48:34 | 000,549,952 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2009.12.22 04:31:26 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.11.19 20:54:15 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.11.19 20:54:15 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.07.15 13:01:52 | 000,265,744 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MtsBda.sys -- (MTSBDA)
DRV - [2009.07.15 13:01:52 | 000,023,568 | ---- | M] (TechniSat Provide) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MtsHID.sys -- (MtsHID)
DRV - [2009.07.14 00:02:53 | 000,044,032 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fetnd6.sys -- (FETNDIS)
DRV - [2008.09.22 03:20:42 | 000,043,520 | ---- | M] (VIA Technologies, Inc.              ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fetnd6v.sys -- (FETND6V)
DRV - [2007.12.26 11:46:00 | 000,288,768 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wg111v2.sys -- (RTL8187)
DRV - [2007.01.19 04:20:54 | 000,021,728 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2005.02.04 18:12:50 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 CE DE 72 02 32 CC 01  [binary data]
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 CE DE 72 02 32 CC 01  [binary data]
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://web.de/"
FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {fa46cb24-1d5b-4048-911a-2857a0944395}:1.0.16
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011.12.09 05:13:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9051303c-7e41-4311-a783-d6fe5ef2832d}: C:\Program Files\FVD Suite\addons\Firefox [2011.10.11 12:08:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.20 18:38:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.25 13:37:00 | 000,000,000 | ---D | M]
 
[2009.12.26 11:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Extensions
[2012.01.28 09:13:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\avwfls0h.default\extensions
[2010.04.28 23:38:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\avwfls0h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.16 06:06:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\yjhxrhza.default\extensions
[2009.12.26 11:53:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\yjhxrhza.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.18 20:12:05 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\yjhxrhza.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.02.16 06:06:42 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\yjhxrhza.default\extensions\ffxtlbr@Facemoods.com
[2009.12.26 11:53:12 | 000,000,000 | ---D | M] ("VideoDownloader") -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\yjhxrhza.default\extensions\videodowloader@videodownloader.net
[2012.03.29 19:25:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.03.29 19:25:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AVWFLS0H.DEFAULT\EXTENSIONS\URLLISTER@BINNYVA.COM.XPI
[2012.03.20 18:38:09 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.29 19:25:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.14 23:41:58 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.14 23:41:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.14 23:41:58 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2012.02.14 23:41:58 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.14 23:41:58 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.14 23:41:58 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Open FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D44} - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [RunAfterBoot] "C:\Users\Matthias\Downloads\soft_deen_CableStar-HD-2_001\download\Install\Setup.exe" File not found
O4 - HKU\S-1-5-21-3588467925-2773255752-379782172-1002..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3588467925-2773255752-379782172-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\..Trusted Ranges: Range1 ([*] in Local intranet)
O15 - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56BF1CA5-F6E8-4731-B8A7-501BEC03FB6C}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Matthias\Pictures\Die Jungs & wir\Coole Miezen\Bild 015.jpg
O24 - Desktop BackupWallPaper: C:\Users\Matthias\Pictures\Die Jungs & wir\Coole Miezen\Bild 015.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.11.14 12:59:05 | 000,000,081 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2012.02.14 14:55:43 | 000,000,000 | R--D | M] - D:\autostarter -- [ UDF ]
O32 - AutoRun File - [2007.07.30 12:00:50 | 000,233,472 | R--- | M] () - D:\AutoStarter.exe -- [ UDF ]
O32 - AutoRun File - [2009.10.09 13:09:33 | 000,000,000 | ---D | M] - E:\Automatisch zu iTunes hinzufügen -- [ NTFS ]
O32 - AutoRun File - [2011.04.26 19:10:15 | 000,000,000 | RH-D | M] - L:\autorun -- [ NTFS ]
O33 - MountPoints2\{0fc7009d-f202-11de-9ba0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0fc7009d-f202-11de-9ba0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\0data\cbs.exe -- [2011.11.18 18:29:39 | 003,427,328 | R--- | M] ()
O33 - MountPoints2\{7adeff26-d897-11df-9c8e-0019db404e90}\Shell - "" = AutoRun
O33 - MountPoints2\{7adeff26-d897-11df-9c8e-0019db404e90}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O33 - MountPoints2\{c86c6041-eda0-11df-88a4-0019db404e90}\Shell - "" = AutoRun
O33 - MountPoints2\{c86c6041-eda0-11df-88a4-0019db404e90}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O33 - MountPoints2\{c86c605b-eda0-11df-88a4-0019db404e90}\Shell - "" = AutoRun
O33 - MountPoints2\{c86c605b-eda0-11df-88a4-0019db404e90}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O33 - MountPoints2\{edbbb379-eeef-11df-9177-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{edbbb379-eeef-11df-9177-806e6f6e6963}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Matthias^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe_ID0EYTHM - hkey= - key= - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AirVideoServer - hkey= - key= - C:\Program Files\AirVideoServer\AirVideoServer.exe ()
MsConfig - StartUpReg: FVDSuite - hkey= - key= -  File not found
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= -  File not found
MsConfig - StartUpReg: Mobile Partner - hkey= - key= -  File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Remote Control Editor - hkey= - key= -  File not found
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
MsConfig - State: "bootini" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A4AB98F1-2C41-3B11-485B-D089DB039F59} - Internet Explorer
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2016.03.23 18:11:23 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\MAGIX
[2016.03.23 18:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Shared
[2016.03.23 18:09:41 | 000,909,312 | ---- | C] (MAGIX AG) -- C:\Windows\System32\MXRestore.exe
[2016.03.23 18:09:41 | 000,724,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLAV32.dll
[2016.03.23 18:09:41 | 000,278,528 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLRES32.dll
[2016.03.23 18:09:41 | 000,221,184 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDRV32.dll
[2016.03.23 18:09:41 | 000,212,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDEV32.dll
[2016.03.23 18:09:41 | 000,147,456 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCPY32.dll
[2016.03.23 18:09:41 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCDA32.dll
[2016.03.23 18:09:41 | 000,094,208 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIO32.dll
[2016.03.23 18:09:41 | 000,090,112 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPRF32.dll
[2016.03.23 18:09:41 | 000,077,824 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPNT32.dll
[2016.03.23 18:09:41 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\STRING32.dll
[2016.03.23 18:09:41 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPTL32.dll
[2016.03.23 18:09:41 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLCDF32.dll
[2016.03.23 18:09:41 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLTPO32.dll
[2016.03.23 18:09:41 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLPRJ32.dll
[2016.03.23 18:09:41 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIMG32.dll
[2016.03.23 18:09:41 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLRD32.dll
[2016.03.23 18:09:41 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLMSC32.dll
[2016.03.23 18:09:41 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLISO32.dll
[2016.03.23 18:09:41 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLDIR32.dll
[2016.03.23 18:09:41 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\TTIC32.dll
[2016.03.23 18:09:41 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\TTI32.dll
[2016.03.23 18:09:41 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\System32\DLLIX.dll
[2016.03.23 18:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2016.03.23 18:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2016.03.23 18:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2012.04.08 12:37:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVR-Studio HD 2
[2012.04.08 12:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\DVR-Studio HD 2
[2012.04.08 06:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.06 15:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.04.04 19:49:52 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes
[2012.04.04 19:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.04 19:46:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.04 19:46:38 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.04 19:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.31 17:21:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Silver
[2012.03.29 19:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.03.20 19:37:04 | 000,000,000 | ---D | C] -- C:\Users\Matthias\AppData\Roaming\Tropico 4
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.08 23:49:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.08 23:44:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.08 21:36:00 | 000,707,088 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.08 21:36:00 | 000,660,706 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.08 21:36:00 | 000,152,680 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.08 21:36:00 | 000,124,896 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.08 17:04:27 | 000,019,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.08 17:04:27 | 000,019,120 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.08 16:56:40 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.08 14:27:05 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\ZDF (deu) 09-04-2012 17-25-00 Titanic (2-2).job
[2012.04.08 14:27:05 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\ZDF (deu) 09-04-2012 17-23-00 Titanic (2-2).job
[2012.04.08 12:37:39 | 000,002,581 | ---- | M] () -- C:\Users\Public\Desktop\DVR-Studio HD 2.lnk
[2012.04.08 06:20:26 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2012.04.04 19:46:40 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.04 18:28:02 | 000,000,000 | ---- | M] () -- C:\Users\Matthias\defogger_reenable
[2012.04.04 13:46:49 | 243,669,710 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.03.31 17:30:43 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\The Whispered World.lnk
[2012.03.20 22:56:32 | 000,001,262 | ---- | M] () -- C:\Users\Matthias\Desktop\Tropico4.lnk
[2012.03.18 20:09:03 | 000,001,768 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2012.03.14 04:20:29 | 001,749,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2016.03.23 18:09:41 | 000,038,492 | ---- | C] () -- C:\Windows\System32\DLLAV32.lib
[2016.03.23 18:07:42 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2012.04.08 12:37:39 | 000,002,581 | ---- | C] () -- C:\Users\Public\Desktop\DVR-Studio HD 2.lnk
[2012.04.06 19:04:05 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\ZDF (deu) 09-04-2012 17-25-00 Titanic (2-2).job
[2012.04.06 16:07:03 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\ZDF (deu) 09-04-2012 17-23-00 Titanic (2-2).job
[2012.04.04 19:46:40 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.04 18:28:02 | 000,000,000 | ---- | C] () -- C:\Users\Matthias\defogger_reenable
[2012.04.04 13:48:45 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.04 13:46:49 | 243,669,710 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.03.31 17:30:43 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\The Whispered World.lnk
[2012.03.20 22:56:32 | 000,001,262 | ---- | C] () -- C:\Users\Matthias\Desktop\Tropico4.lnk
[2012.03.02 20:26:12 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.03.02 20:26:12 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.02.29 21:21:24 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2011.09.08 21:35:24 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.07.28 19:19:29 | 000,007,626 | ---- | C] () -- C:\Users\Matthias\AppData\Local\Resmon.ResmonCfg
[2011.06.24 02:55:47 | 000,004,930 | ---- | C] () -- C:\ProgramData\ojobkspa.ako
[2010.09.04 19:53:39 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.09.04 19:53:39 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010.06.03 07:47:54 | 000,000,046 | ---- | C] () -- C:\Windows\System32\DonationCoder_urlsnooper_InstallInfo.dat
 
========== LOP Check ==========
 
[2011.09.22 22:30:56 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Amazon
[2011.02.21 20:43:30 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\AnvSoft
[2010.04.25 16:22:26 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\avidemux
[2009.12.26 11:52:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Bioshock
[2009.12.26 11:52:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Blitware
[2011.02.24 20:43:23 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Chime
[2010.06.03 07:47:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DonationCoder
[2011.12.09 05:15:23 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DVDVideoSoft
[2011.01.18 20:12:05 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.06 08:47:36 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Engelmann Media
[2009.12.26 11:52:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\everlight
[2012.03.20 19:36:05 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\FileZilla
[2011.09.24 15:14:18 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\FRITZ!
[2011.10.11 12:09:06 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\FVDToolbar
[2009.05.16 15:09:01 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\GrabPro
[2010.04.25 16:20:22 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\gtk-2.0
[2010.05.22 01:15:35 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Haenlein-Software
[2011.07.31 00:21:07 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\HandBrake
[2011.01.21 22:05:41 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ
[2007.03.06 01:04:10 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ Toolbar
[2009.12.26 11:53:00 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQLite
[2011.08.13 13:32:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\IrfanView
[2011.09.07 11:00:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Jason Robitaille
[2011.09.17 07:02:50 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Kalypso Media
[2016.03.23 18:11:23 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\MAGIX
[2011.10.29 09:43:06 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Might & Magic Heroes VI
[2011.06.24 02:55:52 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\MOVAVI
[2009.12.26 11:53:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\My Games
[2010.12.29 20:09:51 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Opera
[2012.03.28 22:52:49 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Orbit
[2009.12.26 11:53:13 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Packard Bell
[2010.09.04 20:00:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\PC Suite
[2010.12.09 17:14:05 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ProgSense
[2010.06.30 05:29:08 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ProtectDisc
[2010.12.19 19:42:23 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Samsung
[2009.12.26 11:53:14 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Sony
[2009.06.17 12:53:00 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Sony Setup
[2010.11.18 19:04:32 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TeamViewer
[2009.12.26 11:53:14 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Template
[2010.02.04 00:12:34 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TerraTec
[2009.12.26 11:53:14 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\The Games Company
[2011.07.28 18:15:38 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Tific
[2011.09.17 20:13:33 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Tropico 3
[2012.04.07 18:31:44 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Tropico 4
[2011.11.19 13:46:15 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ubisoft
[2009.12.26 11:53:15 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\UBitMenu
[2011.09.14 03:57:41 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Windows Live Writer
[2011.02.23 21:06:27 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\XMedia Recode
[2012.04.05 23:23:43 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\XnView
[2012.04.08 06:20:26 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2012.02.29 17:12:38 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.04.08 14:27:05 | 000,000,304 | ---- | M] () -- C:\Windows\Tasks\ZDF (deu) 09-04-2012 17-23-00 Titanic (2-2).job
[2012.04.08 14:27:05 | 000,000,304 | ---- | M] () -- C:\Windows\Tasks\ZDF (deu) 09-04-2012 17-25-00 Titanic (2-2).job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.06 20:22:03 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Adobe
[2010.05.18 02:06:23 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ahead
[2011.09.22 22:30:56 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Amazon
[2011.02.21 20:43:30 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\AnvSoft
[2009.12.26 11:52:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\AOL
[2012.03.19 14:08:07 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Apple Computer
[2010.04.25 16:22:26 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\avidemux
[2012.01.02 12:28:00 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Avira
[2009.12.26 11:52:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Bioshock
[2009.12.26 11:52:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Blitware
[2011.02.24 20:43:23 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Chime
[2010.01.10 13:57:42 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\CyberLink
[2010.06.03 07:47:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DonationCoder
[2012.01.06 13:51:43 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\dvdcss
[2011.12.09 05:15:23 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DVDVideoSoft
[2011.01.18 20:12:05 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.06 08:47:36 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Engelmann Media
[2009.12.26 11:52:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\everlight
[2012.03.20 19:36:05 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\FileZilla
[2011.09.24 15:14:18 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\FRITZ!
[2011.10.11 12:09:06 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\FVDToolbar
[2009.12.26 11:52:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Google
[2009.05.16 15:09:01 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\GrabPro
[2010.04.25 16:20:22 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\gtk-2.0
[2010.05.22 01:15:35 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Haenlein-Software
[2011.07.31 00:21:07 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\HandBrake
[2011.01.21 22:05:41 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ
[2007.03.06 01:04:10 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQ Toolbar
[2009.12.26 11:53:00 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ICQLite
[2010.03.20 01:14:08 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Identities
[2009.12.26 11:53:00 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\InstallShield
[2011.08.13 13:32:09 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\IrfanView
[2011.09.07 11:00:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Jason Robitaille
[2009.12.26 11:53:00 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Joost
[2011.09.17 07:02:50 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Kalypso Media
[2009.12.26 11:53:00 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Macromedia
[2016.03.23 18:11:23 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\MAGIX
[2012.04.04 19:49:52 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Media Center Programs
[2010.08.09 21:51:06 | 000,000,000 | --SD | M] -- C:\Users\Matthias\AppData\Roaming\Microsoft
[2011.10.29 09:43:06 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Might & Magic Heroes VI
[2011.06.24 02:55:52 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\MOVAVI
[2009.12.26 11:53:11 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Mozilla
[2009.12.26 11:53:12 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\My Games
[2010.07.29 18:23:10 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\NVIDIA
[2010.12.29 20:09:51 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Opera
[2012.03.28 22:52:49 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Orbit
[2009.12.26 11:53:13 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Packard Bell
[2010.09.04 20:00:54 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\PC Suite
[2010.12.09 17:14:05 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ProgSense
[2010.06.30 05:29:08 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\ProtectDisc
[2009.12.26 11:53:14 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Real
[2009.12.26 11:53:14 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Roxio
[2010.12.19 19:42:23 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Samsung
[2012.03.01 00:03:20 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Skype
[2012.02.29 23:17:17 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\skypePM
[2009.12.26 11:53:14 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Sony
[2012.02.22 22:37:58 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Sony Corporation
[2009.06.17 12:53:00 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Sony Setup
[2010.11.18 19:04:32 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TeamViewer
[2009.12.26 11:53:14 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Template
[2010.02.04 00:12:34 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\TerraTec
[2009.12.26 11:53:14 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\The Games Company
[2011.07.28 18:15:38 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Tific
[2011.09.17 20:13:33 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Tropico 3
[2012.04.07 18:31:44 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Tropico 4
[2011.11.19 13:46:15 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Ubisoft
[2009.12.26 11:53:15 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\UBitMenu
[2011.09.09 00:59:02 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\vlc
[2011.09.14 03:57:41 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Windows Live Writer
[2012.03.02 20:38:59 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\WinRAR
[2012.03.29 19:24:26 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\Xfire
[2011.02.23 21:06:27 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\XMedia Recode
[2012.04.05 23:23:43 | 000,000,000 | ---D | M] -- C:\Users\Matthias\AppData\Roaming\XnView
 
< %APPDATA%\*.exe /s >
[2011.07.08 10:20:02 | 000,485,134 | ---- | M] () -- C:\Users\Matthias\AppData\Roaming\Haenlein-Software\DVR-Studio HD 2\Temp\Setup.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.04.12 18:37:47 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.04.12 18:37:47 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Wondershare iPhone Ringtone Maker:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Witcher 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Unwritten Tales:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Unwritten Tales - Viehchroniken:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Symantec:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Stronghold 3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\StreamTransport:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Star Wars - The Old Republic:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\PS Vita:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Overlord:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Osmos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\OneNote-Notizbücher:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\My WeGame Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\My WeGame Screenshots:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\My Weblog Posts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\My Stationery:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Might & Magic Heroes VI:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\HeroBlade Logs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Haenlein-Software:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Grotesque-Tactics2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Freemake:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\FIFA 12:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\FFOutput:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Emicsoft Studio:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\dvd:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\DonationCoder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\DeepBlackReloaded:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\CyberLink:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\ArcaniA - Gothic 4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\ANNO 2070:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\ANNO 2070 Demo:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Anno 1404:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Adobe Scripts:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Documents\Abelssoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Desktop\Neulied:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Matthias\Desktop\Games:Roxio EMC Stream

< End of report >
--- --- ---

cosinus 09.04.2012 15:19
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - user.js - File not found
[2010.04.28 23:38:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\avwfls0h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.26 11:53:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\yjhxrhza.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.18 20:12:05 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\yjhxrhza.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.02.16 06:06:42 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\yjhxrhza.default\extensions\ffxtlbr@Facemoods.com
[2010.12.13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O3 - HKLM\..\Toolbar: (FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [RunAfterBoot] "C:\Users\Matthias\Downloads\soft_deen_CableStar-HD-2_001\download\Install\Setup.exe" File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.11.14 12:59:05 | 000,000,081 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2012.02.14 14:55:43 | 000,000,000 | R--D | M] - D:\autostarter -- [ UDF ]
O32 - AutoRun File - [2007.07.30 12:00:50 | 000,233,472 | R--- | M] () - D:\AutoStarter.exe -- [ UDF ]
O32 - AutoRun File - [2009.10.09 13:09:33 | 000,000,000 | ---D | M] - E:\Automatisch zu iTunes hinzufügen -- [ NTFS ]
O32 - AutoRun File - [2011.04.26 19:10:15 | 000,000,000 | RH-D | M] - L:\autorun -- [ NTFS ]
O33 - MountPoints2\{0fc7009d-f202-11de-9ba0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0fc7009d-f202-11de-9ba0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\0data\cbs.exe -- [2011.11.18 18:29:39 | 003,427,328 | R--- | M] ()
O33 - MountPoints2\{7adeff26-d897-11df-9c8e-0019db404e90}\Shell - "" = AutoRun
O33 - MountPoints2\{7adeff26-d897-11df-9c8e-0019db404e90}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O33 - MountPoints2\{c86c6041-eda0-11df-88a4-0019db404e90}\Shell - "" = AutoRun
O33 - MountPoints2\{c86c6041-eda0-11df-88a4-0019db404e90}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O33 - MountPoints2\{c86c605b-eda0-11df-88a4-0019db404e90}\Shell - "" = AutoRun
O33 - MountPoints2\{c86c605b-eda0-11df-88a4-0019db404e90}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O33 - MountPoints2\{edbbb379-eeef-11df-9177-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{edbbb379-eeef-11df-9177-806e6f6e6963}\Shell\AutoRun\command - "" = M:\AutoRun.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Broid 10.04.2012 18:21
Hallo!

Ich habe drei Mal (dazwischen Neustarts des PCs) versucht, Deine Anweisungen durchzuführen. Ich habe OTL als Administrator geöffnet, den Text in die Box kopiert, alle Programme (auch Virenscanner, Browser sowie alle Autostart-Dienste) geschlossen und den Fix gestartet.

Der Prozess hängt leider jedes Mal bei der Zeile (so zumindest laut der Angabe links unten am Rand von OTL)

O3 - HKLM\..\Toolbar: (FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D41} - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll (FVD Suite - Free Desktop Video Converter and Downloader | Screen Recorder/Capture @ Convert video from Youtube-like sites to mpeg, mp4, avi, mp3 and other media formats. RTMP Streams download. Screen Recording/Capture)

Es heißt dann "Keine Rückmeldung". Ich habe danach jedes Mal sehr lange gewartet, doch es hat sich leider nie daran etwas geändert, weswegen ich den Prozeß irgendwann abgebrochen habe.

Bin selbst leider ratlos, woran es liegen könnte. Hast Du evtl. einen Tipp?

LG,

Broid

cosinus 11.04.2012 08:59
Wiederhol den Fix im abgesicherten Modus bitte

Broid 22.04.2012 05:33
Hallo,

sorry für die sehr späte Antwort! Ich war für eine Woche nicht da.

Zum Thema:

Ich habe versucht, den Fix im Abgesicherten Modus durchzuführen. Doch auch hier hat sich der Prozess an derselben Stelle aufgehängt...

LG,

Broid

cosinus 22.04.2012 18:46
Dann lassen wir diese Zeile mal raus, also nimm das hier als FIxScript

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1002\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3588467925-2773255752-379782172-1005\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - user.js - File not found
[2010.04.28 23:38:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\avwfls0h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.26 11:53:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\yjhxrhza.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.18 20:12:05 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\yjhxrhza.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.02.16 06:06:42 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\yjhxrhza.default\extensions\ffxtlbr@Facemoods.com
[2010.12.13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [RunAfterBoot] "C:\Users\Matthias\Downloads\soft_deen_CableStar-HD-2_001\download\Install\Setup.exe" File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.11.14 12:59:05 | 000,000,081 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2012.02.14 14:55:43 | 000,000,000 | R--D | M] - D:\autostarter -- [ UDF ]
O32 - AutoRun File - [2007.07.30 12:00:50 | 000,233,472 | R--- | M] () - D:\AutoStarter.exe -- [ UDF ]
O32 - AutoRun File - [2009.10.09 13:09:33 | 000,000,000 | ---D | M] - E:\Automatisch zu iTunes hinzufügen -- [ NTFS ]
O32 - AutoRun File - [2011.04.26 19:10:15 | 000,000,000 | RH-D | M] - L:\autorun -- [ NTFS ]
O33 - MountPoints2\{0fc7009d-f202-11de-9ba0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0fc7009d-f202-11de-9ba0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\0data\cbs.exe -- [2011.11.18 18:29:39 | 003,427,328 | R--- | M] ()
O33 - MountPoints2\{7adeff26-d897-11df-9c8e-0019db404e90}\Shell - "" = AutoRun
O33 - MountPoints2\{7adeff26-d897-11df-9c8e-0019db404e90}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O33 - MountPoints2\{c86c6041-eda0-11df-88a4-0019db404e90}\Shell - "" = AutoRun
O33 - MountPoints2\{c86c6041-eda0-11df-88a4-0019db404e90}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O33 - MountPoints2\{c86c605b-eda0-11df-88a4-0019db404e90}\Shell - "" = AutoRun
O33 - MountPoints2\{c86c605b-eda0-11df-88a4-0019db404e90}\Shell\AutoRun\command - "" = M:\AutoRun.exe
O33 - MountPoints2\{edbbb379-eeef-11df-9177-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{edbbb379-eeef-11df-9177-806e6f6e6963}\Shell\AutoRun\command - "" = M:\AutoRun.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Broid 23.04.2012 04:07
Okay, wunderbar. Ist nun durchgelaufen. Hier das Ergebnis:


All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKU\S-1-5-21-3588467925-2773255752-379782172-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3588467925-2773255752-379782172-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3588467925-2773255752-379782172-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKU\S-1-5-21-3588467925-2773255752-379782172-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3588467925-2773255752-379782172-1005\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3588467925-2773255752-379782172-1005\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Folder C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\avwfls0h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.
Folder C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\yjhxrhza.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.
Folder C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\yjhxrhza.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\ not found.
Folder C:\Users\Matthias\AppData\Roaming\mozilla\Firefox\Profiles\yjhxrhza.default\extensions\ffxtlbr@Facemoods.com\ not found.
File C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ not found.
File C:\Program Files\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\facemoods deleted successfully.
C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RunAfterBoot deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File D:\autorun.inf not found.
File not found.
File D:\AutoStarter.exe not found.
File not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fc7009d-f202-11de-9ba0-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fc7009d-f202-11de-9ba0-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fc7009d-f202-11de-9ba0-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fc7009d-f202-11de-9ba0-806e6f6e6963}\ not found.
File D:\0data\cbs.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7adeff26-d897-11df-9c8e-0019db404e90}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7adeff26-d897-11df-9c8e-0019db404e90}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7adeff26-d897-11df-9c8e-0019db404e90}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7adeff26-d897-11df-9c8e-0019db404e90}\ not found.
File M:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c86c6041-eda0-11df-88a4-0019db404e90}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c86c6041-eda0-11df-88a4-0019db404e90}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c86c6041-eda0-11df-88a4-0019db404e90}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c86c6041-eda0-11df-88a4-0019db404e90}\ not found.
File M:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c86c605b-eda0-11df-88a4-0019db404e90}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c86c605b-eda0-11df-88a4-0019db404e90}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c86c605b-eda0-11df-88a4-0019db404e90}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c86c605b-eda0-11df-88a4-0019db404e90}\ not found.
File M:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edbbb379-eeef-11df-9177-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{edbbb379-eeef-11df-9177-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edbbb379-eeef-11df-9177-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{edbbb379-eeef-11df-9177-806e6f6e6963}\ not found.
File M:\AutoRun.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Matthias
->Temp folder emptied: 28806670 bytes
->Temporary Internet Files folder emptied: 102116690 bytes
->Java cache emptied: 481 bytes
->FireFox cache emptied: 718262569 bytes
->Opera cache emptied: 11844709 bytes
->Flash cache emptied: 51324 bytes

User: Mcx2

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 60148804 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 879,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Matthias
->Flash cache emptied: 0 bytes

User: Mcx2

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.39.2 log created on 04232012_045847

Files\Folders moved on Reboot...
C:\Windows\temp\JETEE86.tmp moved successfully.

Registry entries deleted on Reboot...

cosinus 23.04.2012 09:34
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Broid 23.04.2012 17:28
Hier das Posting:

18:20:23.0124 1028 TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
18:20:23.0330 1028 ============================================================
18:20:23.0330 1028 Current date / time: 2012/04/23 18:20:23.0330
18:20:23.0330 1028 SystemInfo:
18:20:23.0330 1028
18:20:23.0330 1028 OS Version: 6.1.7601 ServicePack: 1.0
18:20:23.0330 1028 Product type: Workstation
18:20:23.0331 1028 ComputerName: MATTHIAS-PC
18:20:23.0331 1028 UserName: Matthias
18:20:23.0331 1028 Windows directory: C:\Windows
18:20:23.0331 1028 System windows directory: C:\Windows
18:20:23.0331 1028 Processor architecture: Intel x86
18:20:23.0331 1028 Number of processors: 2
18:20:23.0331 1028 Page size: 0x1000
18:20:23.0331 1028 Boot type: Normal boot
18:20:23.0331 1028 ============================================================
18:20:23.0953 1028 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:20:23.0964 1028 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:20:32.0117 1028 \Device\Harddisk0\DR0:
18:20:32.0132 1028 MBR partitions:
18:20:32.0132 1028 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1000800, BlocksNum 0x8FDED03
18:20:32.0132 1028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9FDF503, BlocksNum 0x123C62A1
18:20:32.0146 1028 \Device\Harddisk1\DR1:
18:20:32.0146 1028 MBR partitions:
18:20:32.0146 1028 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74706D70
18:20:32.0181 1028 C: <-> \Device\Harddisk0\DR0\Partition0
18:20:32.0211 1028 E: <-> \Device\Harddisk0\DR0\Partition1
18:20:32.0233 1028 L: <-> \Device\Harddisk1\DR1\Partition0
18:20:32.0233 1028 Initialize success
18:20:32.0233 1028 ============================================================
18:21:22.0397 4656 ============================================================
18:21:22.0397 4656 Scan started
18:21:22.0397 4656 Mode: Manual; SigCheck; TDLFS;
18:21:22.0397 4656 ============================================================
18:21:23.0255 4656 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:21:23.0367 4656 1394ohci - ok
18:21:23.0461 4656 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
18:21:23.0500 4656 acedrv11 - ok
18:21:23.0562 4656 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:21:23.0585 4656 ACPI - ok
18:21:23.0649 4656 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:21:23.0704 4656 AcpiPmi - ok
18:21:23.0813 4656 Adobe Version Cue CS3 (14c23516c990dcd6052152cf034dde40) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
18:21:23.0832 4656 Adobe Version Cue CS3 - ok
18:21:23.0941 4656 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:21:23.0958 4656 AdobeFlashPlayerUpdateSvc - ok
18:21:24.0041 4656 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:21:24.0073 4656 adp94xx - ok
18:21:24.0115 4656 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:21:24.0139 4656 adpahci - ok
18:21:24.0167 4656 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:21:24.0188 4656 adpu320 - ok
18:21:24.0241 4656 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
18:21:24.0366 4656 AeLookupSvc - ok
18:21:24.0468 4656 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:21:24.0516 4656 AFD - ok
18:21:24.0560 4656 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:21:24.0578 4656 agp440 - ok
18:21:24.0623 4656 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:21:24.0642 4656 aic78xx - ok
18:21:24.0683 4656 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
18:21:24.0734 4656 ALG - ok
18:21:24.0788 4656 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:21:24.0804 4656 aliide - ok
18:21:24.0854 4656 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:21:24.0873 4656 amdagp - ok
18:21:24.0906 4656 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:21:24.0922 4656 amdide - ok
18:21:24.0973 4656 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:21:25.0003 4656 AmdK8 - ok
18:21:25.0036 4656 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:21:25.0076 4656 AmdPPM - ok
18:21:25.0124 4656 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:21:25.0143 4656 amdsata - ok
18:21:25.0209 4656 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:21:25.0246 4656 amdsbs - ok
18:21:25.0358 4656 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:21:25.0375 4656 amdxata - ok
18:21:25.0461 4656 AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:21:25.0478 4656 AntiVirSchedulerService - ok
18:21:25.0520 4656 AntiVirService (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:21:25.0535 4656 AntiVirService - ok
18:21:25.0619 4656 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
18:21:25.0633 4656 AOL ACS - ok
18:21:25.0739 4656 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:21:25.0790 4656 AppID - ok
18:21:25.0837 4656 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
18:21:25.0889 4656 AppIDSvc - ok
18:21:25.0950 4656 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
18:21:25.0996 4656 Appinfo - ok
18:21:26.0091 4656 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:21:26.0105 4656 Apple Mobile Device - ok
18:21:26.0197 4656 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:21:26.0216 4656 arc - ok
18:21:26.0248 4656 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:21:26.0266 4656 arcsas - ok
18:21:26.0369 4656 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:21:26.0394 4656 aspnet_state - ok
18:21:26.0470 4656 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:21:26.0576 4656 AsyncMac - ok
18:21:26.0635 4656 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:21:26.0652 4656 atapi - ok
18:21:26.0710 4656 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
18:21:26.0731 4656 atksgt - ok
18:21:26.0792 4656 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:21:26.0845 4656 AudioEndpointBuilder - ok
18:21:26.0875 4656 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:21:26.0916 4656 Audiosrv - ok
18:21:26.0946 4656 Automatisches LiveUpdate - Scheduler - ok
18:21:27.0062 4656 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
18:21:27.0077 4656 avgntflt - ok
18:21:27.0141 4656 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
18:21:27.0158 4656 avipbb - ok
18:21:27.0242 4656 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
18:21:27.0256 4656 avkmgr - ok
18:21:27.0311 4656 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
18:21:27.0349 4656 AxInstSV - ok
18:21:27.0418 4656 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:21:27.0461 4656 b06bdrv - ok
18:21:27.0523 4656 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:21:27.0544 4656 b57nd60x - ok
18:21:27.0590 4656 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
18:21:27.0634 4656 BDESVC - ok
18:21:27.0690 4656 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:21:27.0739 4656 Beep - ok
18:21:27.0826 4656 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
18:21:27.0880 4656 BFE - ok
18:21:27.0966 4656 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
18:21:28.0020 4656 BITS - ok
18:21:28.0102 4656 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:21:28.0127 4656 blbdrive - ok
18:21:28.0206 4656 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:21:28.0228 4656 Bonjour Service - ok
18:21:28.0321 4656 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:21:28.0364 4656 bowser - ok
18:21:28.0397 4656 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:21:28.0425 4656 BrFiltLo - ok
18:21:28.0492 4656 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:21:28.0530 4656 BrFiltUp - ok
18:21:28.0590 4656 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
18:21:28.0649 4656 Browser - ok
18:21:28.0706 4656 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:21:28.0764 4656 Brserid - ok
18:21:28.0800 4656 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:21:28.0834 4656 BrSerWdm - ok
18:21:28.0850 4656 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:21:28.0881 4656 BrUsbMdm - ok
18:21:28.0894 4656 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:21:28.0930 4656 BrUsbSer - ok
18:21:29.0029 4656 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:21:29.0060 4656 BTHMODEM - ok
18:21:29.0115 4656 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
18:21:29.0163 4656 bthserv - ok
18:21:29.0253 4656 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:21:29.0299 4656 cdfs - ok
18:21:29.0434 4656 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
18:21:29.0467 4656 cdrom - ok
18:21:29.0530 4656 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:21:29.0577 4656 CertPropSvc - ok
18:21:29.0615 4656 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:21:29.0636 4656 circlass - ok
18:21:29.0708 4656 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:21:29.0731 4656 CLFS - ok
18:21:29.0784 4656 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:21:29.0799 4656 clr_optimization_v2.0.50727_32 - ok
18:21:29.0859 4656 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:21:29.0892 4656 clr_optimization_v4.0.30319_32 - ok
18:21:29.0956 4656 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:21:29.0983 4656 CmBatt - ok
18:21:30.0036 4656 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:21:30.0052 4656 cmdide - ok
18:21:30.0105 4656 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:21:30.0147 4656 CNG - ok
18:21:30.0200 4656 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:21:30.0217 4656 Compbatt - ok
18:21:30.0272 4656 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:21:30.0309 4656 CompositeBus - ok
18:21:30.0389 4656 COMSysApp - ok
18:21:30.0451 4656 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:21:30.0467 4656 crcdisk - ok
18:21:30.0525 4656 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
18:21:30.0571 4656 CryptSvc - ok
18:21:30.0633 4656 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:21:30.0695 4656 DcomLaunch - ok
18:21:30.0743 4656 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
18:21:30.0791 4656 defragsvc - ok
18:21:30.0863 4656 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:21:30.0906 4656 DfsC - ok
18:21:31.0002 4656 dgderdrv - ok
18:21:31.0060 4656 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
18:21:31.0107 4656 Dhcp - ok
18:21:31.0179 4656 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:21:31.0231 4656 discache - ok
18:21:31.0345 4656 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:21:31.0364 4656 Disk - ok
18:21:31.0394 4656 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
18:21:31.0465 4656 Dnscache - ok
18:21:31.0541 4656 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
18:21:31.0589 4656 dot3svc - ok
18:21:31.0648 4656 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
18:21:31.0710 4656 DPS - ok
18:21:31.0820 4656 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:21:31.0847 4656 drmkaud - ok
18:21:31.0925 4656 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:21:31.0968 4656 DXGKrnl - ok
18:21:32.0011 4656 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
18:21:32.0063 4656 EapHost - ok
18:21:32.0237 4656 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:21:32.0362 4656 ebdrv - ok
18:21:32.0435 4656 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
18:21:32.0482 4656 EFS - ok
18:21:32.0551 4656 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:21:32.0590 4656 elxstor - ok
18:21:32.0661 4656 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:21:32.0692 4656 ErrDev - ok
18:21:32.0755 4656 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
18:21:32.0803 4656 EventSystem - ok
18:21:32.0902 4656 ewusbnet - ok
18:21:32.0960 4656 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:21:33.0008 4656 exfat - ok
18:21:33.0086 4656 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:21:33.0135 4656 fastfat - ok
18:21:33.0231 4656 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
18:21:33.0280 4656 Fax - ok
18:21:33.0359 4656 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:21:33.0387 4656 fdc - ok
18:21:33.0433 4656 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
18:21:33.0481 4656 fdPHost - ok
18:21:33.0539 4656 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
18:21:33.0583 4656 FDResPub - ok
18:21:33.0688 4656 FETND6V (403bedad0226653ba8d05aefc3f04a0c) C:\Windows\system32\DRIVERS\fetnd6v.sys
18:21:33.0715 4656 FETND6V - ok
18:21:33.0761 4656 FETNDIS (f5cb6cb6d12f495516be27cffccde4bf) C:\Windows\system32\DRIVERS\fetnd6.sys
18:21:33.0798 4656 FETNDIS - ok
18:21:33.0891 4656 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:21:33.0909 4656 FileInfo - ok
18:21:33.0945 4656 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:21:33.0991 4656 Filetrace - ok
18:21:34.0066 4656 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:21:34.0097 4656 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:21:34.0097 4656 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:21:34.0190 4656 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:21:34.0208 4656 flpydisk - ok
18:21:34.0242 4656 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:21:34.0261 4656 FltMgr - ok
18:21:34.0335 4656 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
18:21:34.0410 4656 FontCache - ok
18:21:34.0455 4656 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:21:34.0469 4656 FontCache3.0.0.0 - ok
18:21:34.0542 4656 Freemake Improver (37c2ff67a2565286f1c1c1072be74678) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
18:21:34.0565 4656 Freemake Improver ( UnsignedFile.Multi.Generic ) - warning
18:21:34.0565 4656 Freemake Improver - detected UnsignedFile.Multi.Generic (1)
18:21:34.0672 4656 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:21:34.0691 4656 FsDepends - ok
18:21:34.0769 4656 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
18:21:34.0788 4656 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
18:21:34.0788 4656 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
18:21:34.0837 4656 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
18:21:34.0854 4656 Fs_Rec - ok
18:21:34.0923 4656 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:21:34.0948 4656 fvevol - ok
18:21:35.0013 4656 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:21:35.0032 4656 gagp30kx - ok
18:21:35.0085 4656 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:21:35.0097 4656 GEARAspiWDM - ok
18:21:35.0154 4656 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
18:21:35.0218 4656 gpsvc - ok
18:21:35.0315 4656 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:21:35.0357 4656 hcw85cir - ok
18:21:35.0455 4656 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:21:35.0502 4656 HdAudAddService - ok
18:21:35.0576 4656 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:21:35.0608 4656 HDAudBus - ok
18:21:35.0640 4656 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:21:35.0673 4656 HidBatt - ok
18:21:35.0756 4656 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:21:35.0791 4656 HidBth - ok
18:21:35.0832 4656 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:21:35.0853 4656 HidIr - ok
18:21:35.0894 4656 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
18:21:35.0944 4656 hidserv - ok
18:21:36.0064 4656 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
18:21:36.0082 4656 HidUsb - ok
18:21:36.0132 4656 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
18:21:36.0181 4656 hkmsvc - ok
18:21:36.0243 4656 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
18:21:36.0289 4656 HomeGroupListener - ok
18:21:36.0336 4656 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
18:21:36.0373 4656 HomeGroupProvider - ok
18:21:36.0443 4656 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:21:36.0461 4656 HpSAMD - ok
18:21:36.0527 4656 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:21:36.0573 4656 HTTP - ok
18:21:36.0617 4656 hwdatacard - ok
18:21:36.0670 4656 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:21:36.0690 4656 hwpolicy - ok
18:21:36.0733 4656 hwusbdev - ok
18:21:36.0797 4656 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:21:36.0831 4656 i8042prt - ok
18:21:36.0904 4656 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:21:36.0929 4656 iaStorV - ok
18:21:37.0008 4656 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:21:37.0029 4656 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:21:37.0030 4656 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:21:37.0138 4656 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:21:37.0187 4656 idsvc - ok
18:21:37.0256 4656 IGDCTRL (e28602c9e17b0ddce9f5deb3b3e2a635) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
18:21:37.0270 4656 IGDCTRL - ok
18:21:37.0375 4656 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:21:37.0394 4656 iirsp - ok
18:21:37.0453 4656 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
18:21:37.0517 4656 IKEEXT - ok
18:21:37.0663 4656 IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
18:21:37.0741 4656 IntcAzAudAddService - ok
18:21:37.0846 4656 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:21:37.0863 4656 intelide - ok
18:21:37.0901 4656 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:21:37.0935 4656 intelppm - ok
18:21:38.0004 4656 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
18:21:38.0043 4656 IPBusEnum - ok
18:21:38.0116 4656 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:21:38.0168 4656 IpFilterDriver - ok
18:21:38.0246 4656 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
18:21:38.0313 4656 iphlpsvc - ok
18:21:38.0375 4656 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:21:38.0408 4656 IPMIDRV - ok
18:21:38.0452 4656 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:21:38.0505 4656 IPNAT - ok
18:21:38.0606 4656 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
18:21:38.0635 4656 iPod Service - ok
18:21:38.0735 4656 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:21:38.0756 4656 IRENUM - ok
18:21:38.0794 4656 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:21:38.0812 4656 isapnp - ok
18:21:38.0843 4656 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:21:38.0866 4656 iScsiPrt - ok
18:21:38.0912 4656 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:21:38.0929 4656 kbdclass - ok
18:21:38.0969 4656 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
18:21:38.0999 4656 kbdhid - ok
18:21:39.0033 4656 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:21:39.0050 4656 KeyIso - ok
18:21:39.0091 4656 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:21:39.0109 4656 KSecDD - ok
18:21:39.0147 4656 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:21:39.0167 4656 KSecPkg - ok
18:21:39.0229 4656 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
18:21:39.0287 4656 KtmRm - ok
18:21:39.0379 4656 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
18:21:39.0432 4656 LanmanServer - ok
18:21:39.0486 4656 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
18:21:39.0524 4656 LanmanWorkstation - ok
18:21:39.0611 4656 LightScribeService (ccad2aae36e24346488b0f54a049de78) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:21:39.0624 4656 LightScribeService - ok
18:21:39.0716 4656 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
18:21:39.0730 4656 lirsgt - ok
18:21:39.0783 4656 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:21:39.0829 4656 lltdio - ok
18:21:39.0895 4656 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
18:21:39.0937 4656 lltdsvc - ok
18:21:39.0960 4656 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
18:21:40.0012 4656 lmhosts - ok
18:21:40.0074 4656 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:21:40.0093 4656 LSI_FC - ok
18:21:40.0130 4656 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:21:40.0150 4656 LSI_SAS - ok
18:21:40.0194 4656 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:21:40.0212 4656 LSI_SAS2 - ok
18:21:40.0247 4656 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:21:40.0267 4656 LSI_SCSI - ok
18:21:40.0308 4656 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:21:40.0345 4656 luafv - ok
18:21:40.0396 4656 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:21:40.0414 4656 megasas - ok
18:21:40.0445 4656 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:21:40.0468 4656 MegaSR - ok
18:21:40.0504 4656 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:21:40.0574 4656 MMCSS - ok
18:21:40.0667 4656 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:21:40.0720 4656 Modem - ok
18:21:40.0802 4656 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:21:40.0834 4656 monitor - ok
18:21:40.0888 4656 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:21:40.0907 4656 mouclass - ok
18:21:40.0961 4656 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:21:40.0997 4656 mouhid - ok
18:21:41.0071 4656 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:21:41.0088 4656 mountmgr - ok
18:21:41.0145 4656 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:21:41.0165 4656 mpio - ok
18:21:41.0205 4656 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:21:41.0249 4656 mpsdrv - ok
18:21:41.0330 4656 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
18:21:41.0395 4656 MpsSvc - ok
18:21:41.0450 4656 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:21:41.0475 4656 MRxDAV - ok
18:21:41.0556 4656 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:21:41.0591 4656 mrxsmb - ok
18:21:41.0628 4656 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:21:41.0664 4656 mrxsmb10 - ok
18:21:41.0720 4656 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:21:41.0754 4656 mrxsmb20 - ok
18:21:41.0806 4656 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:21:41.0824 4656 msahci - ok
18:21:41.0858 4656 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:21:41.0877 4656 msdsm - ok
18:21:41.0910 4656 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
18:21:41.0944 4656 MSDTC - ok
18:21:42.0039 4656 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:21:42.0075 4656 Msfs - ok
18:21:42.0097 4656 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:21:42.0143 4656 mshidkmdf - ok
18:21:42.0197 4656 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:21:42.0213 4656 msisadrv - ok
18:21:42.0272 4656 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
18:21:42.0319 4656 MSiSCSI - ok
18:21:42.0360 4656 msiserver - ok
18:21:42.0453 4656 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:21:42.0505 4656 MSKSSRV - ok
18:21:42.0608 4656 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:21:42.0652 4656 MSPCLOCK - ok
18:21:42.0748 4656 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:21:42.0799 4656 MSPQM - ok
18:21:42.0871 4656 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:21:42.0891 4656 MsRPC - ok
18:21:42.0953 4656 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:21:42.0970 4656 mssmbios - ok
18:21:43.0054 4656 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:21:43.0090 4656 MSTEE - ok
18:21:43.0155 4656 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:21:43.0181 4656 MTConfig - ok
18:21:43.0249 4656 MTSBDA (f87e160bed37ad7e2e5394cf4bce7839) C:\Windows\system32\Drivers\MtsBda.sys
18:21:43.0267 4656 MTSBDA - ok
18:21:43.0311 4656 MtsHID (dae8572b995a67e90633a28d7b204a4f) C:\Windows\system32\drivers\MtsHID.sys
18:21:43.0324 4656 MtsHID - ok
18:21:43.0370 4656 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:21:43.0387 4656 Mup - ok
18:21:43.0430 4656 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
18:21:43.0496 4656 napagent - ok
18:21:43.0600 4656 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:21:43.0627 4656 NativeWifiP - ok
18:21:43.0743 4656 NBService (5836b9e91863a00ec1b8e785efd86ecb) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
18:21:43.0790 4656 NBService - ok
18:21:43.0889 4656 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:21:43.0927 4656 NDIS - ok
18:21:43.0972 4656 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:21:44.0021 4656 NdisCap - ok
18:21:44.0115 4656 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:21:44.0161 4656 NdisTapi - ok
18:21:44.0275 4656 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:21:44.0319 4656 Ndisuio - ok
18:21:44.0392 4656 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:21:44.0437 4656 NdisWan - ok
18:21:44.0491 4656 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:21:44.0527 4656 NDProxy - ok
18:21:44.0590 4656 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:21:44.0643 4656 NetBIOS - ok
18:21:44.0740 4656 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:21:44.0791 4656 NetBT - ok
18:21:44.0863 4656 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:21:44.0881 4656 Netlogon - ok
18:21:44.0939 4656 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
18:21:45.0000 4656 Netman - ok
18:21:45.0109 4656 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:21:45.0132 4656 NetMsmqActivator - ok
18:21:45.0175 4656 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:21:45.0193 4656 NetPipeActivator - ok
18:21:45.0274 4656 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
18:21:45.0341 4656 netprofm - ok
18:21:45.0443 4656 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:21:45.0458 4656 NetTcpActivator - ok
18:21:45.0464 4656 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:21:45.0480 4656 NetTcpPortSharing - ok
18:21:45.0556 4656 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:21:45.0576 4656 nfrd960 - ok
18:21:45.0617 4656 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
18:21:45.0677 4656 NlaSvc - ok
18:21:45.0771 4656 NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
18:21:45.0791 4656 NMIndexingService - ok
18:21:45.0827 4656 NovacomD (085440078813949c51c33589557bfd29) C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
18:21:45.0845 4656 NovacomD ( UnsignedFile.Multi.Generic ) - warning
18:21:45.0845 4656 NovacomD - detected UnsignedFile.Multi.Generic (1)
18:21:45.0965 4656 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
18:21:45.0978 4656 NPF - ok
18:21:46.0041 4656 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:21:46.0087 4656 Npfs - ok
18:21:46.0146 4656 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
18:21:46.0203 4656 nsi - ok
18:21:46.0251 4656 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:21:46.0301 4656 nsiproxy - ok
18:21:46.0385 4656 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:21:46.0453 4656 Ntfs - ok
18:21:46.0498 4656 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:21:46.0535 4656 Null - ok
18:21:46.0829 4656 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:21:47.0080 4656 nvlddmkm - ok
18:21:47.0189 4656 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:21:47.0209 4656 nvraid - ok
18:21:47.0232 4656 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:21:47.0252 4656 nvstor - ok
18:21:47.0332 4656 nvsvc (7c732aff202dcd06c3d262966d71604c) C:\Windows\system32\nvvsvc.exe
18:21:47.0363 4656 nvsvc - ok
18:21:47.0508 4656 nvUpdatusService (262d2fbf211a88dcb84249df0f6ef6e7) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:21:47.0591 4656 nvUpdatusService - ok
18:21:47.0681 4656 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:21:47.0701 4656 nv_agp - ok
18:21:47.0783 4656 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:21:47.0809 4656 odserv - ok
18:21:47.0908 4656 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:21:47.0941 4656 ohci1394 - ok
18:21:48.0015 4656 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:21:48.0033 4656 ose - ok
18:21:48.0103 4656 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:21:48.0131 4656 p2pimsvc - ok
18:21:48.0154 4656 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
18:21:48.0180 4656 p2psvc - ok
18:21:48.0268 4656 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:21:48.0297 4656 Parport - ok
18:21:48.0359 4656 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:21:48.0376 4656 partmgr - ok
18:21:48.0422 4656 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:21:48.0456 4656 Parvdm - ok
18:21:48.0513 4656 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
18:21:48.0539 4656 PcaSvc - ok
18:21:48.0586 4656 pccsmcfd - ok
18:21:48.0624 4656 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:21:48.0644 4656 pci - ok
18:21:48.0703 4656 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:21:48.0719 4656 pciide - ok
18:21:48.0783 4656 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:21:48.0804 4656 pcmcia - ok
18:21:48.0851 4656 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:21:48.0869 4656 pcw - ok
18:21:48.0902 4656 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:21:48.0969 4656 PEAUTH - ok
18:21:49.0077 4656 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\Windows\system32\drivers\pfc.sys
18:21:49.0092 4656 pfc ( UnsignedFile.Multi.Generic ) - warning
18:21:49.0092 4656 pfc - detected UnsignedFile.Multi.Generic (1)
18:21:49.0172 4656 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
18:21:49.0268 4656 pla - ok
18:21:49.0358 4656 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
18:21:49.0391 4656 PlugPlay - ok
18:21:49.0431 4656 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
18:21:49.0461 4656 PNRPAutoReg - ok
18:21:49.0510 4656 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:21:49.0535 4656 PNRPsvc - ok
18:21:49.0605 4656 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
18:21:49.0655 4656 PolicyAgent - ok
18:21:49.0720 4656 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
18:21:49.0774 4656 Power - ok
18:21:49.0848 4656 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:21:49.0897 4656 PptpMiniport - ok
18:21:49.0971 4656 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:21:50.0004 4656 Processor - ok
18:21:50.0057 4656 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
18:21:50.0096 4656 ProfSvc - ok
18:21:50.0161 4656 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:21:50.0179 4656 ProtectedStorage - ok
18:21:50.0239 4656 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:21:50.0278 4656 Psched - ok
18:21:50.0341 4656 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
18:21:50.0360 4656 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
18:21:50.0360 4656 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
18:21:50.0448 4656 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:21:50.0515 4656 ql2300 - ok
18:21:50.0590 4656 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:21:50.0610 4656 ql40xx - ok
18:21:50.0658 4656 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
18:21:50.0694 4656 QWAVE - ok
18:21:50.0755 4656 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:21:50.0778 4656 QWAVEdrv - ok
18:21:50.0817 4656 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:21:50.0883 4656 RasAcd - ok
18:21:50.0969 4656 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:21:51.0017 4656 RasAgileVpn - ok
18:21:51.0078 4656 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
18:21:51.0117 4656 RasAuto - ok
18:21:51.0215 4656 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:21:51.0261 4656 Rasl2tp - ok
18:21:51.0346 4656 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
18:21:51.0398 4656 RasMan - ok
18:21:51.0474 4656 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:21:51.0527 4656 RasPppoe - ok
18:21:51.0625 4656 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:21:51.0670 4656 RasSstp - ok
18:21:51.0764 4656 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:21:51.0811 4656 rdbss - ok
18:21:51.0875 4656 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:21:51.0905 4656 rdpbus - ok
18:21:51.0957 4656 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:21:52.0000 4656 RDPCDD - ok
18:21:52.0105 4656 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:21:52.0151 4656 RDPENCDD - ok
18:21:52.0221 4656 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:21:52.0264 4656 RDPREFMP - ok
18:21:52.0339 4656 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
18:21:52.0370 4656 RDPWD - ok
18:21:52.0438 4656 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:21:52.0459 4656 rdyboost - ok
18:21:52.0496 4656 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
18:21:52.0532 4656 RemoteAccess - ok
18:21:52.0596 4656 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
18:21:52.0636 4656 RemoteRegistry - ok
18:21:52.0754 4656 RichVideo (06a49b7bdc36cfbf97dd90804f833369) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
18:21:52.0773 4656 RichVideo - ok
18:21:52.0867 4656 RoxMediaDB9 (9c19e4419a6acf8fff53f1dd1c305e9e) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
18:21:52.0916 4656 RoxMediaDB9 - ok
18:21:52.0950 4656 RoxWatch9 (9d95da35ec22511a1ceb38a8c3a0bc7e) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
18:21:52.0965 4656 RoxWatch9 - ok
18:21:53.0020 4656 rpcapd (b60f58f175de20a6739194e85b035178) C:\Program Files\WinPcap\rpcapd.exe
18:21:53.0036 4656 rpcapd - ok
18:21:53.0106 4656 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
18:21:53.0153 4656 RpcEptMapper - ok
18:21:53.0213 4656 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
18:21:53.0247 4656 RpcLocator - ok
18:21:53.0289 4656 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:21:53.0332 4656 RpcSs - ok
18:21:53.0426 4656 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:21:53.0472 4656 rspndr - ok
18:21:53.0569 4656 RTL8187 (99c27fceb21347daf3ee9e8c205314d6) C:\Windows\system32\DRIVERS\wg111v2.sys
18:21:53.0611 4656 RTL8187 - ok
18:21:53.0659 4656 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:21:53.0679 4656 SamSs - ok
18:21:53.0745 4656 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:21:53.0765 4656 sbp2port - ok
18:21:53.0801 4656 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
18:21:53.0855 4656 SCardSvr - ok
18:21:53.0943 4656 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:21:53.0992 4656 scfilter - ok
18:21:54.0045 4656 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
18:21:54.0118 4656 Schedule - ok
18:21:54.0191 4656 SCMNdisP (3b68015683c27cb00c7a6b60a37cbcfd) C:\Windows\system32\DRIVERS\scmndisp.sys
18:21:54.0205 4656 SCMNdisP - ok
18:21:54.0255 4656 SCM_Service (42660bbed859ac22dfd12ae598a8ffaa) C:\Windows\System32\WinService.exe
18:21:54.0277 4656 SCM_Service ( UnsignedFile.Multi.Generic ) - warning
18:21:54.0277 4656 SCM_Service - detected UnsignedFile.Multi.Generic (1)
18:21:54.0334 4656 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:21:54.0370 4656 SCPolicySvc - ok
18:21:54.0416 4656 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
18:21:54.0458 4656 SDRSVC - ok
18:21:54.0511 4656 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:21:54.0547 4656 secdrv - ok
18:21:54.0608 4656 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
18:21:54.0661 4656 seclogon - ok
18:21:54.0707 4656 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
18:21:54.0760 4656 SENS - ok
18:21:54.0825 4656 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
18:21:54.0867 4656 SensrSvc - ok
18:21:54.0925 4656 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:21:54.0952 4656 Serenum - ok
18:21:55.0012 4656 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:21:55.0040 4656 Serial - ok
18:21:55.0093 4656 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:21:55.0126 4656 sermouse - ok
18:21:55.0191 4656 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
18:21:55.0228 4656 SessionEnv - ok
18:21:55.0309 4656 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:21:55.0336 4656 sffdisk - ok
18:21:55.0357 4656 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:21:55.0389 4656 sffp_mmc - ok
18:21:55.0463 4656 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:21:55.0486 4656 sffp_sd - ok
18:21:55.0536 4656 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:21:55.0562 4656 sfloppy - ok
18:21:55.0629 4656 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
18:21:55.0686 4656 SharedAccess - ok
18:21:55.0766 4656 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
18:21:55.0819 4656 ShellHWDetection - ok
18:21:55.0879 4656 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:21:55.0898 4656 sisagp - ok
18:21:55.0974 4656 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:21:55.0992 4656 SiSRaid2 - ok
18:21:56.0015 4656 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:21:56.0035 4656 SiSRaid4 - ok
18:21:56.0072 4656 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:21:56.0110 4656 Smb - ok
18:21:56.0195 4656 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
18:21:56.0215 4656 SNMPTRAP - ok
18:21:56.0305 4656 SplashtopRemoteService (ccf611a259882d8cf4dbabae2341ee31) C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
18:21:56.0331 4656 SplashtopRemoteService - ok
18:21:56.0421 4656 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:21:56.0439 4656 spldr - ok
18:21:56.0496 4656 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
18:21:56.0563 4656 Spooler - ok
18:21:56.0711 4656 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
18:21:56.0838 4656 sppsvc - ok
18:21:56.0901 4656 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
18:21:56.0952 4656 sppuinotify - ok
18:21:57.0012 4656 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:21:57.0057 4656 srv - ok
18:21:57.0109 4656 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:21:57.0139 4656 srv2 - ok
18:21:57.0218 4656 SrvCDEject (9e0e4c777bf358b7863d22a8ca56b189) C:\Program Files\Packard Bell\SrvCDEject.exe
18:21:57.0245 4656 SrvCDEject ( UnsignedFile.Multi.Generic ) - warning
18:21:57.0245 4656 SrvCDEject - detected UnsignedFile.Multi.Generic (1)
18:21:57.0339 4656 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:21:57.0358 4656 srvnet - ok
18:21:57.0395 4656 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
18:21:57.0435 4656 SSDPSRV - ok
18:21:57.0514 4656 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:21:57.0526 4656 ssmdrv - ok
18:21:57.0558 4656 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
18:21:57.0597 4656 SstpSvc - ok
18:21:57.0686 4656 SSUService (1cfa4a1f3c7bb4c8f299e00428eb8677) C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
18:21:57.0707 4656 SSUService - ok
18:21:57.0773 4656 Steam Client Service - ok
18:21:57.0864 4656 Stereo Service (a2abc52cd8a5b60262b220a17a92eb31) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:21:57.0883 4656 Stereo Service - ok
18:21:57.0980 4656 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:21:57.0997 4656 stexstor - ok
18:21:58.0041 4656 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
18:21:58.0092 4656 StiSvc - ok
18:21:58.0164 4656 stllssvr (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
18:21:58.0184 4656 stllssvr ( UnsignedFile.Multi.Generic ) - warning
18:21:58.0184 4656 stllssvr - detected UnsignedFile.Multi.Generic (1)
18:21:58.0287 4656 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:21:58.0303 4656 swenum - ok
18:21:58.0341 4656 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
18:21:58.0396 4656 swprv - ok
18:21:58.0478 4656 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
18:21:58.0541 4656 SysMain - ok
18:21:58.0586 4656 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
18:21:58.0613 4656 TabletInputService - ok
18:21:58.0666 4656 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
18:21:58.0731 4656 TapiSrv - ok
18:21:58.0791 4656 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
18:21:58.0845 4656 TBS - ok
18:21:58.0977 4656 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:21:59.0043 4656 Tcpip - ok
18:21:59.0161 4656 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:21:59.0205 4656 TCPIP6 - ok
18:21:59.0300 4656 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:21:59.0351 4656 tcpipreg - ok
18:21:59.0445 4656 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:21:59.0471 4656 TDPIPE - ok
18:21:59.0515 4656 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
18:21:59.0549 4656 TDTCP - ok
18:21:59.0629 4656 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:21:59.0676 4656 tdx - ok
18:21:59.0819 4656 TeamViewer5 (2a64c802f4c8aa00ac8472c771688e00) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
18:21:59.0908 4656 TeamViewer5 - ok
18:22:00.0014 4656 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:22:00.0035 4656 TermDD - ok
18:22:00.0096 4656 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
18:22:00.0142 4656 TermService - ok
18:22:00.0217 4656 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
18:22:00.0243 4656 Themes - ok
18:22:00.0278 4656 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:22:00.0315 4656 THREADORDER - ok
18:22:00.0381 4656 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
18:22:00.0436 4656 TrkWks - ok
18:22:00.0483 4656 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
18:22:00.0531 4656 TrustedInstaller - ok
18:22:00.0612 4656 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:22:00.0647 4656 tssecsrv - ok
18:22:00.0738 4656 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:22:00.0760 4656 TsUsbFlt - ok
18:22:00.0812 4656 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:22:00.0849 4656 tunnel - ok
18:22:00.0890 4656 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:22:00.0908 4656 uagp35 - ok
18:22:00.0949 4656 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:22:00.0997 4656 udfs - ok
18:22:01.0072 4656 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
18:22:01.0106 4656 UI0Detect - ok
18:22:01.0175 4656 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:22:01.0193 4656 uliagpkx - ok
18:22:01.0256 4656 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:22:01.0284 4656 umbus - ok
18:22:01.0339 4656 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:22:01.0368 4656 UmPass - ok
18:22:01.0425 4656 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
18:22:01.0479 4656 upnphost - ok
18:22:01.0541 4656 USB28xxBGA (599a5d2f536f64ff4502f9b0d61e57c6) C:\Windows\system32\DRIVERS\emBDA.sys
18:22:01.0574 4656 USB28xxBGA - ok
18:22:01.0680 4656 USB28xxOEM (6ec3f4024514ce503789e80833b452a8) C:\Windows\system32\DRIVERS\emOEM.sys
18:22:01.0708 4656 USB28xxOEM - ok
18:22:01.0758 4656 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
18:22:01.0798 4656 USBAAPL - ok
18:22:01.0886 4656 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
18:22:01.0918 4656 usbaudio - ok
18:22:01.0972 4656 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:22:02.0002 4656 usbccgp - ok
18:22:02.0056 4656 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:22:02.0078 4656 usbcir - ok
18:22:02.0133 4656 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:22:02.0152 4656 usbehci - ok
18:22:02.0229 4656 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:22:02.0266 4656 usbhub - ok
18:22:02.0310 4656 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
18:22:02.0328 4656 usbohci - ok
18:22:02.0374 4656 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:22:02.0395 4656 usbprint - ok
18:22:02.0439 4656 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:22:02.0469 4656 usbscan - ok
18:22:02.0525 4656 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:22:02.0567 4656 USBSTOR - ok
18:22:02.0645 4656 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:22:02.0663 4656 usbuhci - ok
18:22:02.0702 4656 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
18:22:02.0750 4656 UxSms - ok
18:22:02.0821 4656 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:22:02.0839 4656 VaultSvc - ok
18:22:02.0925 4656 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:22:02.0943 4656 vdrvroot - ok
18:22:03.0000 4656 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
18:22:03.0052 4656 vds - ok
18:22:03.0154 4656 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:22:03.0174 4656 vga - ok
18:22:03.0223 4656 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:22:03.0260 4656 VgaSave - ok
18:22:03.0363 4656 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:22:03.0384 4656 vhdmp - ok
18:22:03.0428 4656 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:22:03.0447 4656 viaagp - ok
18:22:03.0505 4656 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:22:03.0533 4656 ViaC7 - ok
18:22:03.0590 4656 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:22:03.0610 4656 viaide - ok
18:22:03.0649 4656 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:22:03.0666 4656 volmgr - ok
18:22:03.0734 4656 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:22:03.0757 4656 volmgrx - ok
18:22:03.0816 4656 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:22:03.0836 4656 volsnap - ok
18:22:03.0891 4656 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:22:03.0912 4656 vsmraid - ok
18:22:03.0984 4656 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
18:22:04.0054 4656 VSS - ok
18:22:04.0129 4656 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:22:04.0162 4656 vwifibus - ok
18:22:04.0225 4656 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
18:22:04.0268 4656 W32Time - ok
18:22:04.0351 4656 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:22:04.0381 4656 WacomPen - ok
18:22:04.0481 4656 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:04.0516 4656 WANARP - ok
18:22:04.0540 4656 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:04.0573 4656 Wanarpv6 - ok
18:22:04.0638 4656 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
18:22:04.0718 4656 wbengine - ok
18:22:04.0795 4656 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
18:22:04.0849 4656 WbioSrvc - ok
18:22:04.0894 4656 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
18:22:04.0945 4656 wcncsvc - ok
18:22:04.0974 4656 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
18:22:05.0021 4656 WcsPlugInService - ok
18:22:05.0084 4656 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:22:05.0102 4656 Wd - ok
18:22:05.0148 4656 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:22:05.0185 4656 Wdf01000 - ok
18:22:05.0256 4656 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:22:05.0299 4656 WdiServiceHost - ok
18:22:05.0315 4656 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:22:05.0339 4656 WdiSystemHost - ok
18:22:05.0416 4656 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
18:22:05.0459 4656 WebClient - ok
18:22:05.0494 4656 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
18:22:05.0536 4656 Wecsvc - ok
18:22:05.0585 4656 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
18:22:05.0636 4656 wercplsupport - ok
18:22:05.0739 4656 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
18:22:05.0779 4656 WerSvc - ok
18:22:05.0849 4656 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:22:05.0885 4656 WfpLwf - ok
18:22:05.0944 4656 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:22:05.0961 4656 WIMMount - ok
18:22:06.0029 4656 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
18:22:06.0082 4656 WinDefend - ok
18:22:06.0094 4656 WinHttpAutoProxySvc - ok
18:22:06.0203 4656 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
18:22:06.0250 4656 Winmgmt - ok
18:22:06.0320 4656 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
18:22:06.0407 4656 WinRM - ok
18:22:06.0530 4656 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
18:22:06.0559 4656 WinUsb - ok
18:22:06.0609 4656 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
18:22:06.0659 4656 Wlansvc - ok
18:22:06.0772 4656 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:22:06.0838 4656 wlidsvc - ok
18:22:06.0934 4656 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:22:06.0954 4656 WmiAcpi - ok
18:22:07.0036 4656 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
18:22:07.0056 4656 wmiApSrv - ok
18:22:07.0143 4656 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:22:07.0208 4656 WMPNetworkSvc - ok
18:22:07.0271 4656 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
18:22:07.0300 4656 WPCSvc - ok
18:22:07.0341 4656 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
18:22:07.0378 4656 WPDBusEnum - ok
18:22:07.0477 4656 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:22:07.0526 4656 ws2ifsl - ok
18:22:07.0584 4656 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
18:22:07.0623 4656 wscsvc - ok
18:22:07.0635 4656 WSearch - ok
18:22:07.0724 4656 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
18:22:07.0821 4656 wuauserv - ok
18:22:07.0871 4656 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:22:07.0909 4656 WudfPf - ok
18:22:08.0011 4656 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:22:08.0047 4656 WUDFRd - ok
18:22:08.0125 4656 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
18:22:08.0164 4656 wudfsvc - ok
18:22:08.0213 4656 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
18:22:08.0254 4656 WwanSvc - ok
18:22:08.0316 4656 xusb21 (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys
18:22:08.0344 4656 xusb21 - ok
18:22:08.0379 4656 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:22:08.0517 4656 \Device\Harddisk0\DR0 - ok
18:22:08.0523 4656 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:22:08.0627 4656 \Device\Harddisk1\DR1 - ok
18:22:08.0649 4656 Boot (0x1200) (2161ede224ba40d5a38958512178ff54) \Device\Harddisk0\DR0\Partition0
18:22:08.0650 4656 \Device\Harddisk0\DR0\Partition0 - ok
18:22:08.0655 4656 Boot (0x1200) (b9709801f07bfef5ac160c75a705b7c0) \Device\Harddisk0\DR0\Partition1
18:22:08.0657 4656 \Device\Harddisk0\DR0\Partition1 - ok
18:22:08.0665 4656 Boot (0x1200) (f55078df5ffb4d1cc2922c6214e153e6) \Device\Harddisk1\DR1\Partition0
18:22:08.0666 4656 \Device\Harddisk1\DR1\Partition0 - ok
18:22:08.0668 4656 ============================================================
18:22:08.0668 4656 Scan finished
18:22:08.0668 4656 ============================================================
18:22:08.0697 2512 Detected object count: 10
18:22:08.0697 2512 Actual detected object count: 10

cosinus 23.04.2012 21:18
Poste die Logs bitte in CODE-Tags umschlossen!
Das TDSS-Killer-Log ist unvollständig, die untere Zusammenfassung fehlt

Broid 23.04.2012 21:34
Okay, sorry. Ist mir nicht aufgefallen, dass etwas fehlt. Hier nun vollständig und als Code

Code:
18:20:23.0124 1028        TDSS rootkit removing tool 2.7.31.0 Apr 20 2012 19:49:47
18:20:23.0330 1028        ============================================================
18:20:23.0330 1028        Current date / time: 2012/04/23 18:20:23.0330
18:20:23.0330 1028        SystemInfo:
18:20:23.0330 1028       
18:20:23.0330 1028        OS Version: 6.1.7601 ServicePack: 1.0
18:20:23.0330 1028        Product type: Workstation
18:20:23.0331 1028        ComputerName: MATTHIAS-PC
18:20:23.0331 1028        UserName: Matthias
18:20:23.0331 1028        Windows directory: C:\Windows
18:20:23.0331 1028        System windows directory: C:\Windows
18:20:23.0331 1028        Processor architecture: Intel x86
18:20:23.0331 1028        Number of processors: 2
18:20:23.0331 1028        Page size: 0x1000
18:20:23.0331 1028        Boot type: Normal boot
18:20:23.0331 1028        ============================================================
18:20:23.0953 1028        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:20:23.0964 1028        Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:20:32.0117 1028        \Device\Harddisk0\DR0:
18:20:32.0132 1028        MBR partitions:
18:20:32.0132 1028        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1000800, BlocksNum 0x8FDED03
18:20:32.0132 1028        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9FDF503, BlocksNum 0x123C62A1
18:20:32.0146 1028        \Device\Harddisk1\DR1:
18:20:32.0146 1028        MBR partitions:
18:20:32.0146 1028        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74706D70
18:20:32.0181 1028        C: <-> \Device\Harddisk0\DR0\Partition0
18:20:32.0211 1028        E: <-> \Device\Harddisk0\DR0\Partition1
18:20:32.0233 1028        L: <-> \Device\Harddisk1\DR1\Partition0
18:20:32.0233 1028        Initialize success
18:20:32.0233 1028        ============================================================
18:21:22.0397 4656        ============================================================
18:21:22.0397 4656        Scan started
18:21:22.0397 4656        Mode: Manual; SigCheck; TDLFS;
18:21:22.0397 4656        ============================================================
18:21:23.0255 4656        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:21:23.0367 4656        1394ohci - ok
18:21:23.0461 4656        acedrv11        (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
18:21:23.0500 4656        acedrv11 - ok
18:21:23.0562 4656        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:21:23.0585 4656        ACPI - ok
18:21:23.0649 4656        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:21:23.0704 4656        AcpiPmi - ok
18:21:23.0813 4656        Adobe Version Cue CS3 (14c23516c990dcd6052152cf034dde40) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
18:21:23.0832 4656        Adobe Version Cue CS3 - ok
18:21:23.0941 4656        AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:21:23.0958 4656        AdobeFlashPlayerUpdateSvc - ok
18:21:24.0041 4656        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
18:21:24.0073 4656        adp94xx - ok
18:21:24.0115 4656        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
18:21:24.0139 4656        adpahci - ok
18:21:24.0167 4656        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
18:21:24.0188 4656        adpu320 - ok
18:21:24.0241 4656        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
18:21:24.0366 4656        AeLookupSvc - ok
18:21:24.0468 4656        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:21:24.0516 4656        AFD - ok
18:21:24.0560 4656        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:21:24.0578 4656        agp440 - ok
18:21:24.0623 4656        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
18:21:24.0642 4656        aic78xx - ok
18:21:24.0683 4656        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
18:21:24.0734 4656        ALG - ok
18:21:24.0788 4656        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:21:24.0804 4656        aliide - ok
18:21:24.0854 4656        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:21:24.0873 4656        amdagp - ok
18:21:24.0906 4656        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:21:24.0922 4656        amdide - ok
18:21:24.0973 4656        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
18:21:25.0003 4656        AmdK8 - ok
18:21:25.0036 4656        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
18:21:25.0076 4656        AmdPPM - ok
18:21:25.0124 4656        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:21:25.0143 4656        amdsata - ok
18:21:25.0209 4656        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
18:21:25.0246 4656        amdsbs - ok
18:21:25.0358 4656        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:21:25.0375 4656        amdxata - ok
18:21:25.0461 4656        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe
18:21:25.0478 4656        AntiVirSchedulerService - ok
18:21:25.0520 4656        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
18:21:25.0535 4656        AntiVirService - ok
18:21:25.0619 4656        AOL ACS        (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
18:21:25.0633 4656        AOL ACS - ok
18:21:25.0739 4656        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:21:25.0790 4656        AppID - ok
18:21:25.0837 4656        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
18:21:25.0889 4656        AppIDSvc - ok
18:21:25.0950 4656        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
18:21:25.0996 4656        Appinfo - ok
18:21:26.0091 4656        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:21:26.0105 4656        Apple Mobile Device - ok
18:21:26.0197 4656        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
18:21:26.0216 4656        arc - ok
18:21:26.0248 4656        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
18:21:26.0266 4656        arcsas - ok
18:21:26.0369 4656        aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:21:26.0394 4656        aspnet_state - ok
18:21:26.0470 4656        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:21:26.0576 4656        AsyncMac - ok
18:21:26.0635 4656        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:21:26.0652 4656        atapi - ok
18:21:26.0710 4656        atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
18:21:26.0731 4656        atksgt - ok
18:21:26.0792 4656        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:21:26.0845 4656        AudioEndpointBuilder - ok
18:21:26.0875 4656        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
18:21:26.0916 4656        Audiosrv - ok
18:21:26.0946 4656        Automatisches LiveUpdate - Scheduler - ok
18:21:27.0062 4656        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
18:21:27.0077 4656        avgntflt - ok
18:21:27.0141 4656        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
18:21:27.0158 4656        avipbb - ok
18:21:27.0242 4656        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
18:21:27.0256 4656        avkmgr - ok
18:21:27.0311 4656        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
18:21:27.0349 4656        AxInstSV - ok
18:21:27.0418 4656        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
18:21:27.0461 4656        b06bdrv - ok
18:21:27.0523 4656        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:21:27.0544 4656        b57nd60x - ok
18:21:27.0590 4656        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
18:21:27.0634 4656        BDESVC - ok
18:21:27.0690 4656        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:21:27.0739 4656        Beep - ok
18:21:27.0826 4656        BFE            (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
18:21:27.0880 4656        BFE - ok
18:21:27.0966 4656        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
18:21:28.0020 4656        BITS - ok
18:21:28.0102 4656        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
18:21:28.0127 4656        blbdrive - ok
18:21:28.0206 4656        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
18:21:28.0228 4656        Bonjour Service - ok
18:21:28.0321 4656        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:21:28.0364 4656        bowser - ok
18:21:28.0397 4656        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:21:28.0425 4656        BrFiltLo - ok
18:21:28.0492 4656        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:21:28.0530 4656        BrFiltUp - ok
18:21:28.0590 4656        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
18:21:28.0649 4656        Browser - ok
18:21:28.0706 4656        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:21:28.0764 4656        Brserid - ok
18:21:28.0800 4656        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:21:28.0834 4656        BrSerWdm - ok
18:21:28.0850 4656        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:21:28.0881 4656        BrUsbMdm - ok
18:21:28.0894 4656        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:21:28.0930 4656        BrUsbSer - ok
18:21:29.0029 4656        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
18:21:29.0060 4656        BTHMODEM - ok
18:21:29.0115 4656        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
18:21:29.0163 4656        bthserv - ok
18:21:29.0253 4656        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:21:29.0299 4656        cdfs - ok
18:21:29.0434 4656        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
18:21:29.0467 4656        cdrom - ok
18:21:29.0530 4656        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:21:29.0577 4656        CertPropSvc - ok
18:21:29.0615 4656        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
18:21:29.0636 4656        circlass - ok
18:21:29.0708 4656        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:21:29.0731 4656        CLFS - ok
18:21:29.0784 4656        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:21:29.0799 4656        clr_optimization_v2.0.50727_32 - ok
18:21:29.0859 4656        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:21:29.0892 4656        clr_optimization_v4.0.30319_32 - ok
18:21:29.0956 4656        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
18:21:29.0983 4656        CmBatt - ok
18:21:30.0036 4656        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:21:30.0052 4656        cmdide - ok
18:21:30.0105 4656        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:21:30.0147 4656        CNG - ok
18:21:30.0200 4656        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
18:21:30.0217 4656        Compbatt - ok
18:21:30.0272 4656        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:21:30.0309 4656        CompositeBus - ok
18:21:30.0389 4656        COMSysApp - ok
18:21:30.0451 4656        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
18:21:30.0467 4656        crcdisk - ok
18:21:30.0525 4656        CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
18:21:30.0571 4656        CryptSvc - ok
18:21:30.0633 4656        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:21:30.0695 4656        DcomLaunch - ok
18:21:30.0743 4656        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
18:21:30.0791 4656        defragsvc - ok
18:21:30.0863 4656        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:21:30.0906 4656        DfsC - ok
18:21:31.0002 4656        dgderdrv - ok
18:21:31.0060 4656        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
18:21:31.0107 4656        Dhcp - ok
18:21:31.0179 4656        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:21:31.0231 4656        discache - ok
18:21:31.0345 4656        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
18:21:31.0364 4656        Disk - ok
18:21:31.0394 4656        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
18:21:31.0465 4656        Dnscache - ok
18:21:31.0541 4656        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
18:21:31.0589 4656        dot3svc - ok
18:21:31.0648 4656        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
18:21:31.0710 4656        DPS - ok
18:21:31.0820 4656        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:21:31.0847 4656        drmkaud - ok
18:21:31.0925 4656        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:21:31.0968 4656        DXGKrnl - ok
18:21:32.0011 4656        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
18:21:32.0063 4656        EapHost - ok
18:21:32.0237 4656        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
18:21:32.0362 4656        ebdrv - ok
18:21:32.0435 4656        EFS            (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
18:21:32.0482 4656        EFS - ok
18:21:32.0551 4656        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
18:21:32.0590 4656        elxstor - ok
18:21:32.0661 4656        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:21:32.0692 4656        ErrDev - ok
18:21:32.0755 4656        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
18:21:32.0803 4656        EventSystem - ok
18:21:32.0902 4656        ewusbnet - ok
18:21:32.0960 4656        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:21:33.0008 4656        exfat - ok
18:21:33.0086 4656        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:21:33.0135 4656        fastfat - ok
18:21:33.0231 4656        Fax            (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
18:21:33.0280 4656        Fax - ok
18:21:33.0359 4656        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
18:21:33.0387 4656        fdc - ok
18:21:33.0433 4656        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
18:21:33.0481 4656        fdPHost - ok
18:21:33.0539 4656        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
18:21:33.0583 4656        FDResPub - ok
18:21:33.0688 4656        FETND6V        (403bedad0226653ba8d05aefc3f04a0c) C:\Windows\system32\DRIVERS\fetnd6v.sys
18:21:33.0715 4656        FETND6V - ok
18:21:33.0761 4656        FETNDIS        (f5cb6cb6d12f495516be27cffccde4bf) C:\Windows\system32\DRIVERS\fetnd6.sys
18:21:33.0798 4656        FETNDIS - ok
18:21:33.0891 4656        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:21:33.0909 4656        FileInfo - ok
18:21:33.0945 4656        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:21:33.0991 4656        Filetrace - ok
18:21:34.0066 4656        FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
18:21:34.0097 4656        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:21:34.0097 4656        FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:21:34.0190 4656        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
18:21:34.0208 4656        flpydisk - ok
18:21:34.0242 4656        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:21:34.0261 4656        FltMgr - ok
18:21:34.0335 4656        FontCache      (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
18:21:34.0410 4656        FontCache - ok
18:21:34.0455 4656        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:21:34.0469 4656        FontCache3.0.0.0 - ok
18:21:34.0542 4656        Freemake Improver (37c2ff67a2565286f1c1c1072be74678) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
18:21:34.0565 4656        Freemake Improver ( UnsignedFile.Multi.Generic ) - warning
18:21:34.0565 4656        Freemake Improver - detected UnsignedFile.Multi.Generic (1)
18:21:34.0672 4656        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:21:34.0691 4656        FsDepends - ok
18:21:34.0769 4656        FsUsbExDisk    (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
18:21:34.0788 4656        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
18:21:34.0788 4656        FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
18:21:34.0837 4656        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
18:21:34.0854 4656        Fs_Rec - ok
18:21:34.0923 4656        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:21:34.0948 4656        fvevol - ok
18:21:35.0013 4656        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:21:35.0032 4656        gagp30kx - ok
18:21:35.0085 4656        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:21:35.0097 4656        GEARAspiWDM - ok
18:21:35.0154 4656        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
18:21:35.0218 4656        gpsvc - ok
18:21:35.0315 4656        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:21:35.0357 4656        hcw85cir - ok
18:21:35.0455 4656        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:21:35.0502 4656        HdAudAddService - ok
18:21:35.0576 4656        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:21:35.0608 4656        HDAudBus - ok
18:21:35.0640 4656        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
18:21:35.0673 4656        HidBatt - ok
18:21:35.0756 4656        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
18:21:35.0791 4656        HidBth - ok
18:21:35.0832 4656        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
18:21:35.0853 4656        HidIr - ok
18:21:35.0894 4656        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
18:21:35.0944 4656        hidserv - ok
18:21:36.0064 4656        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
18:21:36.0082 4656        HidUsb - ok
18:21:36.0132 4656        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
18:21:36.0181 4656        hkmsvc - ok
18:21:36.0243 4656        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
18:21:36.0289 4656        HomeGroupListener - ok
18:21:36.0336 4656        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
18:21:36.0373 4656        HomeGroupProvider - ok
18:21:36.0443 4656        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:21:36.0461 4656        HpSAMD - ok
18:21:36.0527 4656        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:21:36.0573 4656        HTTP - ok
18:21:36.0617 4656        hwdatacard - ok
18:21:36.0670 4656        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:21:36.0690 4656        hwpolicy - ok
18:21:36.0733 4656        hwusbdev - ok
18:21:36.0797 4656        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:21:36.0831 4656        i8042prt - ok
18:21:36.0904 4656        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:21:36.0929 4656        iaStorV - ok
18:21:37.0008 4656        IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:21:37.0029 4656        IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:21:37.0030 4656        IDriverT - detected UnsignedFile.Multi.Generic (1)
18:21:37.0138 4656        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:21:37.0187 4656        idsvc - ok
18:21:37.0256 4656        IGDCTRL        (e28602c9e17b0ddce9f5deb3b3e2a635) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
18:21:37.0270 4656        IGDCTRL - ok
18:21:37.0375 4656        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
18:21:37.0394 4656        iirsp - ok
18:21:37.0453 4656        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
18:21:37.0517 4656        IKEEXT - ok
18:21:37.0663 4656        IntcAzAudAddService (4a705bf2a6f7972f2f2ad8a0d8079f95) C:\Windows\system32\drivers\RTKVHDA.sys
18:21:37.0741 4656        IntcAzAudAddService - ok
18:21:37.0846 4656        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
18:21:37.0863 4656        intelide - ok
18:21:37.0901 4656        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:21:37.0935 4656        intelppm - ok
18:21:38.0004 4656        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
18:21:38.0043 4656        IPBusEnum - ok
18:21:38.0116 4656        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:21:38.0168 4656        IpFilterDriver - ok
18:21:38.0246 4656        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
18:21:38.0313 4656        iphlpsvc - ok
18:21:38.0375 4656        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:21:38.0408 4656        IPMIDRV - ok
18:21:38.0452 4656        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:21:38.0505 4656        IPNAT - ok
18:21:38.0606 4656        iPod Service    (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
18:21:38.0635 4656        iPod Service - ok
18:21:38.0735 4656        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:21:38.0756 4656        IRENUM - ok
18:21:38.0794 4656        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:21:38.0812 4656        isapnp - ok
18:21:38.0843 4656        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:21:38.0866 4656        iScsiPrt - ok
18:21:38.0912 4656        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:21:38.0929 4656        kbdclass - ok
18:21:38.0969 4656        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
18:21:38.0999 4656        kbdhid - ok
18:21:39.0033 4656        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:21:39.0050 4656        KeyIso - ok
18:21:39.0091 4656        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:21:39.0109 4656        KSecDD - ok
18:21:39.0147 4656        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:21:39.0167 4656        KSecPkg - ok
18:21:39.0229 4656        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
18:21:39.0287 4656        KtmRm - ok
18:21:39.0379 4656        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
18:21:39.0432 4656        LanmanServer - ok
18:21:39.0486 4656        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
18:21:39.0524 4656        LanmanWorkstation - ok
18:21:39.0611 4656        LightScribeService (ccad2aae36e24346488b0f54a049de78) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:21:39.0624 4656        LightScribeService - ok
18:21:39.0716 4656        lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
18:21:39.0730 4656        lirsgt - ok
18:21:39.0783 4656        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:21:39.0829 4656        lltdio - ok
18:21:39.0895 4656        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
18:21:39.0937 4656        lltdsvc - ok
18:21:39.0960 4656        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
18:21:40.0012 4656        lmhosts - ok
18:21:40.0074 4656        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:21:40.0093 4656        LSI_FC - ok
18:21:40.0130 4656        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:21:40.0150 4656        LSI_SAS - ok
18:21:40.0194 4656        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:21:40.0212 4656        LSI_SAS2 - ok
18:21:40.0247 4656        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:21:40.0267 4656        LSI_SCSI - ok
18:21:40.0308 4656        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:21:40.0345 4656        luafv - ok
18:21:40.0396 4656        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
18:21:40.0414 4656        megasas - ok
18:21:40.0445 4656        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
18:21:40.0468 4656        MegaSR - ok
18:21:40.0504 4656        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:21:40.0574 4656        MMCSS - ok
18:21:40.0667 4656        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:21:40.0720 4656        Modem - ok
18:21:40.0802 4656        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:21:40.0834 4656        monitor - ok
18:21:40.0888 4656        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
18:21:40.0907 4656        mouclass - ok
18:21:40.0961 4656        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
18:21:40.0997 4656        mouhid - ok
18:21:41.0071 4656        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:21:41.0088 4656        mountmgr - ok
18:21:41.0145 4656        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:21:41.0165 4656        mpio - ok
18:21:41.0205 4656        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:21:41.0249 4656        mpsdrv - ok
18:21:41.0330 4656        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
18:21:41.0395 4656        MpsSvc - ok
18:21:41.0450 4656        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:21:41.0475 4656        MRxDAV - ok
18:21:41.0556 4656        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:21:41.0591 4656        mrxsmb - ok
18:21:41.0628 4656        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:21:41.0664 4656        mrxsmb10 - ok
18:21:41.0720 4656        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:21:41.0754 4656        mrxsmb20 - ok
18:21:41.0806 4656        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
18:21:41.0824 4656        msahci - ok
18:21:41.0858 4656        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:21:41.0877 4656        msdsm - ok
18:21:41.0910 4656        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
18:21:41.0944 4656        MSDTC - ok
18:21:42.0039 4656        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:21:42.0075 4656        Msfs - ok
18:21:42.0097 4656        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:21:42.0143 4656        mshidkmdf - ok
18:21:42.0197 4656        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:21:42.0213 4656        msisadrv - ok
18:21:42.0272 4656        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
18:21:42.0319 4656        MSiSCSI - ok
18:21:42.0360 4656        msiserver - ok
18:21:42.0453 4656        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:21:42.0505 4656        MSKSSRV - ok
18:21:42.0608 4656        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:21:42.0652 4656        MSPCLOCK - ok
18:21:42.0748 4656        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:21:42.0799 4656        MSPQM - ok
18:21:42.0871 4656        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:21:42.0891 4656        MsRPC - ok
18:21:42.0953 4656        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:21:42.0970 4656        mssmbios - ok
18:21:43.0054 4656        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:21:43.0090 4656        MSTEE - ok
18:21:43.0155 4656        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
18:21:43.0181 4656        MTConfig - ok
18:21:43.0249 4656        MTSBDA          (f87e160bed37ad7e2e5394cf4bce7839) C:\Windows\system32\Drivers\MtsBda.sys
18:21:43.0267 4656        MTSBDA - ok
18:21:43.0311 4656        MtsHID          (dae8572b995a67e90633a28d7b204a4f) C:\Windows\system32\drivers\MtsHID.sys
18:21:43.0324 4656        MtsHID - ok
18:21:43.0370 4656        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:21:43.0387 4656        Mup - ok
18:21:43.0430 4656        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
18:21:43.0496 4656        napagent - ok
18:21:43.0600 4656        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:21:43.0627 4656        NativeWifiP - ok
18:21:43.0743 4656        NBService      (5836b9e91863a00ec1b8e785efd86ecb) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
18:21:43.0790 4656        NBService - ok
18:21:43.0889 4656        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:21:43.0927 4656        NDIS - ok
18:21:43.0972 4656        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:21:44.0021 4656        NdisCap - ok
18:21:44.0115 4656        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:21:44.0161 4656        NdisTapi - ok
18:21:44.0275 4656        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:21:44.0319 4656        Ndisuio - ok
18:21:44.0392 4656        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:21:44.0437 4656        NdisWan - ok
18:21:44.0491 4656        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:21:44.0527 4656        NDProxy - ok
18:21:44.0590 4656        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:21:44.0643 4656        NetBIOS - ok
18:21:44.0740 4656        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:21:44.0791 4656        NetBT - ok
18:21:44.0863 4656        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:21:44.0881 4656        Netlogon - ok
18:21:44.0939 4656        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
18:21:45.0000 4656        Netman - ok
18:21:45.0109 4656        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:21:45.0132 4656        NetMsmqActivator - ok
18:21:45.0175 4656        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:21:45.0193 4656        NetPipeActivator - ok
18:21:45.0274 4656        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
18:21:45.0341 4656        netprofm - ok
18:21:45.0443 4656        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:21:45.0458 4656        NetTcpActivator - ok
18:21:45.0464 4656        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:21:45.0480 4656        NetTcpPortSharing - ok
18:21:45.0556 4656        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
18:21:45.0576 4656        nfrd960 - ok
18:21:45.0617 4656        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
18:21:45.0677 4656        NlaSvc - ok
18:21:45.0771 4656        NMIndexingService (a328a46d87bb92ce4d8a4528e9d84787) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
18:21:45.0791 4656        NMIndexingService - ok
18:21:45.0827 4656        NovacomD        (085440078813949c51c33589557bfd29) C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
18:21:45.0845 4656        NovacomD ( UnsignedFile.Multi.Generic ) - warning
18:21:45.0845 4656        NovacomD - detected UnsignedFile.Multi.Generic (1)
18:21:45.0965 4656        NPF            (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
18:21:45.0978 4656        NPF - ok
18:21:46.0041 4656        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:21:46.0087 4656        Npfs - ok
18:21:46.0146 4656        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
18:21:46.0203 4656        nsi - ok
18:21:46.0251 4656        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:21:46.0301 4656        nsiproxy - ok
18:21:46.0385 4656        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:21:46.0453 4656        Ntfs - ok
18:21:46.0498 4656        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:21:46.0535 4656        Null - ok
18:21:46.0829 4656        nvlddmkm        (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:21:47.0080 4656        nvlddmkm - ok
18:21:47.0189 4656        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:21:47.0209 4656        nvraid - ok
18:21:47.0232 4656        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:21:47.0252 4656        nvstor - ok
18:21:47.0332 4656        nvsvc          (7c732aff202dcd06c3d262966d71604c) C:\Windows\system32\nvvsvc.exe
18:21:47.0363 4656        nvsvc - ok
18:21:47.0508 4656        nvUpdatusService (262d2fbf211a88dcb84249df0f6ef6e7) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
18:21:47.0591 4656        nvUpdatusService - ok
18:21:47.0681 4656        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:21:47.0701 4656        nv_agp - ok
18:21:47.0783 4656        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:21:47.0809 4656        odserv - ok
18:21:47.0908 4656        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:21:47.0941 4656        ohci1394 - ok
18:21:48.0015 4656        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:21:48.0033 4656        ose - ok
18:21:48.0103 4656        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:21:48.0131 4656        p2pimsvc - ok
18:21:48.0154 4656        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
18:21:48.0180 4656        p2psvc - ok
18:21:48.0268 4656        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
18:21:48.0297 4656        Parport - ok
18:21:48.0359 4656        partmgr        (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:21:48.0376 4656        partmgr - ok
18:21:48.0422 4656        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
18:21:48.0456 4656        Parvdm - ok
18:21:48.0513 4656        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
18:21:48.0539 4656        PcaSvc - ok
18:21:48.0586 4656        pccsmcfd - ok
18:21:48.0624 4656        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:21:48.0644 4656        pci - ok
18:21:48.0703 4656        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:21:48.0719 4656        pciide - ok
18:21:48.0783 4656        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
18:21:48.0804 4656        pcmcia - ok
18:21:48.0851 4656        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:21:48.0869 4656        pcw - ok
18:21:48.0902 4656        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:21:48.0969 4656        PEAUTH - ok
18:21:49.0077 4656        pfc            (957b82ec80ad7ead64e5e47df6b0dc40) C:\Windows\system32\drivers\pfc.sys
18:21:49.0092 4656        pfc ( UnsignedFile.Multi.Generic ) - warning
18:21:49.0092 4656        pfc - detected UnsignedFile.Multi.Generic (1)
18:21:49.0172 4656        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
18:21:49.0268 4656        pla - ok
18:21:49.0358 4656        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
18:21:49.0391 4656        PlugPlay - ok
18:21:49.0431 4656        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
18:21:49.0461 4656        PNRPAutoReg - ok
18:21:49.0510 4656        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
18:21:49.0535 4656        PNRPsvc - ok
18:21:49.0605 4656        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
18:21:49.0655 4656        PolicyAgent - ok
18:21:49.0720 4656        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
18:21:49.0774 4656        Power - ok
18:21:49.0848 4656        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:21:49.0897 4656        PptpMiniport - ok
18:21:49.0971 4656        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
18:21:50.0004 4656        Processor - ok
18:21:50.0057 4656        ProfSvc        (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
18:21:50.0096 4656        ProfSvc - ok
18:21:50.0161 4656        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:21:50.0179 4656        ProtectedStorage - ok
18:21:50.0239 4656        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:21:50.0278 4656        Psched - ok
18:21:50.0341 4656        PxHelp20        (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
18:21:50.0360 4656        PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
18:21:50.0360 4656        PxHelp20 - detected UnsignedFile.Multi.Generic (1)
18:21:50.0448 4656        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
18:21:50.0515 4656        ql2300 - ok
18:21:50.0590 4656        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
18:21:50.0610 4656        ql40xx - ok
18:21:50.0658 4656        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
18:21:50.0694 4656        QWAVE - ok
18:21:50.0755 4656        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:21:50.0778 4656        QWAVEdrv - ok
18:21:50.0817 4656        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:21:50.0883 4656        RasAcd - ok
18:21:50.0969 4656        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:21:51.0017 4656        RasAgileVpn - ok
18:21:51.0078 4656        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
18:21:51.0117 4656        RasAuto - ok
18:21:51.0215 4656        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:21:51.0261 4656        Rasl2tp - ok
18:21:51.0346 4656        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
18:21:51.0398 4656        RasMan - ok
18:21:51.0474 4656        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:21:51.0527 4656        RasPppoe - ok
18:21:51.0625 4656        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:21:51.0670 4656        RasSstp - ok
18:21:51.0764 4656        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:21:51.0811 4656        rdbss - ok
18:21:51.0875 4656        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
18:21:51.0905 4656        rdpbus - ok
18:21:51.0957 4656        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:21:52.0000 4656        RDPCDD - ok
18:21:52.0105 4656        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:21:52.0151 4656        RDPENCDD - ok
18:21:52.0221 4656        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:21:52.0264 4656        RDPREFMP - ok
18:21:52.0339 4656        RDPWD          (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
18:21:52.0370 4656        RDPWD - ok
18:21:52.0438 4656        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:21:52.0459 4656        rdyboost - ok
18:21:52.0496 4656        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
18:21:52.0532 4656        RemoteAccess - ok
18:21:52.0596 4656        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
18:21:52.0636 4656        RemoteRegistry - ok
18:21:52.0754 4656        RichVideo      (06a49b7bdc36cfbf97dd90804f833369) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
18:21:52.0773 4656        RichVideo - ok
18:21:52.0867 4656        RoxMediaDB9    (9c19e4419a6acf8fff53f1dd1c305e9e) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
18:21:52.0916 4656        RoxMediaDB9 - ok
18:21:52.0950 4656        RoxWatch9      (9d95da35ec22511a1ceb38a8c3a0bc7e) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
18:21:52.0965 4656        RoxWatch9 - ok
18:21:53.0020 4656        rpcapd          (b60f58f175de20a6739194e85b035178) C:\Program Files\WinPcap\rpcapd.exe
18:21:53.0036 4656        rpcapd - ok
18:21:53.0106 4656        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
18:21:53.0153 4656        RpcEptMapper - ok
18:21:53.0213 4656        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
18:21:53.0247 4656        RpcLocator - ok
18:21:53.0289 4656        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
18:21:53.0332 4656        RpcSs - ok
18:21:53.0426 4656        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:21:53.0472 4656        rspndr - ok
18:21:53.0569 4656        RTL8187        (99c27fceb21347daf3ee9e8c205314d6) C:\Windows\system32\DRIVERS\wg111v2.sys
18:21:53.0611 4656        RTL8187 - ok
18:21:53.0659 4656        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:21:53.0679 4656        SamSs - ok
18:21:53.0745 4656        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:21:53.0765 4656        sbp2port - ok
18:21:53.0801 4656        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
18:21:53.0855 4656        SCardSvr - ok
18:21:53.0943 4656        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:21:53.0992 4656        scfilter - ok
18:21:54.0045 4656        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
18:21:54.0118 4656        Schedule - ok
18:21:54.0191 4656        SCMNdisP        (3b68015683c27cb00c7a6b60a37cbcfd) C:\Windows\system32\DRIVERS\scmndisp.sys
18:21:54.0205 4656        SCMNdisP - ok
18:21:54.0255 4656        SCM_Service    (42660bbed859ac22dfd12ae598a8ffaa) C:\Windows\System32\WinService.exe
18:21:54.0277 4656        SCM_Service ( UnsignedFile.Multi.Generic ) - warning
18:21:54.0277 4656        SCM_Service - detected UnsignedFile.Multi.Generic (1)
18:21:54.0334 4656        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
18:21:54.0370 4656        SCPolicySvc - ok
18:21:54.0416 4656        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
18:21:54.0458 4656        SDRSVC - ok
18:21:54.0511 4656        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:21:54.0547 4656        secdrv - ok
18:21:54.0608 4656        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
18:21:54.0661 4656        seclogon - ok
18:21:54.0707 4656        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
18:21:54.0760 4656        SENS - ok
18:21:54.0825 4656        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
18:21:54.0867 4656        SensrSvc - ok
18:21:54.0925 4656        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
18:21:54.0952 4656        Serenum - ok
18:21:55.0012 4656        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
18:21:55.0040 4656        Serial - ok
18:21:55.0093 4656        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
18:21:55.0126 4656        sermouse - ok
18:21:55.0191 4656        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
18:21:55.0228 4656        SessionEnv - ok
18:21:55.0309 4656        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:21:55.0336 4656        sffdisk - ok
18:21:55.0357 4656        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:21:55.0389 4656        sffp_mmc - ok
18:21:55.0463 4656        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:21:55.0486 4656        sffp_sd - ok
18:21:55.0536 4656        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
18:21:55.0562 4656        sfloppy - ok
18:21:55.0629 4656        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
18:21:55.0686 4656        SharedAccess - ok
18:21:55.0766 4656        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
18:21:55.0819 4656        ShellHWDetection - ok
18:21:55.0879 4656        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:21:55.0898 4656        sisagp - ok
18:21:55.0974 4656        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:21:55.0992 4656        SiSRaid2 - ok
18:21:56.0015 4656        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
18:21:56.0035 4656        SiSRaid4 - ok
18:21:56.0072 4656        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:21:56.0110 4656        Smb - ok
18:21:56.0195 4656        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
18:21:56.0215 4656        SNMPTRAP - ok
18:21:56.0305 4656        SplashtopRemoteService (ccf611a259882d8cf4dbabae2341ee31) C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
18:21:56.0331 4656        SplashtopRemoteService - ok
18:21:56.0421 4656        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:21:56.0439 4656        spldr - ok
18:21:56.0496 4656        Spooler        (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
18:21:56.0563 4656        Spooler - ok
18:21:56.0711 4656        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
18:21:56.0838 4656        sppsvc - ok
18:21:56.0901 4656        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
18:21:56.0952 4656        sppuinotify - ok
18:21:57.0012 4656        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:21:57.0057 4656        srv - ok
18:21:57.0109 4656        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:21:57.0139 4656        srv2 - ok
18:21:57.0218 4656        SrvCDEject      (9e0e4c777bf358b7863d22a8ca56b189) C:\Program Files\Packard Bell\SrvCDEject.exe
18:21:57.0245 4656        SrvCDEject ( UnsignedFile.Multi.Generic ) - warning
18:21:57.0245 4656        SrvCDEject - detected UnsignedFile.Multi.Generic (1)
18:21:57.0339 4656        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:21:57.0358 4656        srvnet - ok
18:21:57.0395 4656        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
18:21:57.0435 4656        SSDPSRV - ok
18:21:57.0514 4656        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:21:57.0526 4656        ssmdrv - ok
18:21:57.0558 4656        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
18:21:57.0597 4656        SstpSvc - ok
18:21:57.0686 4656        SSUService      (1cfa4a1f3c7bb4c8f299e00428eb8677) C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
18:21:57.0707 4656        SSUService - ok
18:21:57.0773 4656        Steam Client Service - ok
18:21:57.0864 4656        Stereo Service  (a2abc52cd8a5b60262b220a17a92eb31) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:21:57.0883 4656        Stereo Service - ok
18:21:57.0980 4656        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
18:21:57.0997 4656        stexstor - ok
18:21:58.0041 4656        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
18:21:58.0092 4656        StiSvc - ok
18:21:58.0164 4656        stllssvr        (51778fd315c9882f1cbd932743e62a72) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
18:21:58.0184 4656        stllssvr ( UnsignedFile.Multi.Generic ) - warning
18:21:58.0184 4656        stllssvr - detected UnsignedFile.Multi.Generic (1)
18:21:58.0287 4656        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:21:58.0303 4656        swenum - ok
18:21:58.0341 4656        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
18:21:58.0396 4656        swprv - ok
18:21:58.0478 4656        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
18:21:58.0541 4656        SysMain - ok
18:21:58.0586 4656        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
18:21:58.0613 4656        TabletInputService - ok
18:21:58.0666 4656        TapiSrv        (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
18:21:58.0731 4656        TapiSrv - ok
18:21:58.0791 4656        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
18:21:58.0845 4656        TBS - ok
18:21:58.0977 4656        Tcpip          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:21:59.0043 4656        Tcpip - ok
18:21:59.0161 4656        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:21:59.0205 4656        TCPIP6 - ok
18:21:59.0300 4656        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:21:59.0351 4656        tcpipreg - ok
18:21:59.0445 4656        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:21:59.0471 4656        TDPIPE - ok
18:21:59.0515 4656        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
18:21:59.0549 4656        TDTCP - ok
18:21:59.0629 4656        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:21:59.0676 4656        tdx - ok
18:21:59.0819 4656        TeamViewer5    (2a64c802f4c8aa00ac8472c771688e00) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
18:21:59.0908 4656        TeamViewer5 - ok
18:22:00.0014 4656        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:22:00.0035 4656        TermDD - ok
18:22:00.0096 4656        TermService    (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
18:22:00.0142 4656        TermService - ok
18:22:00.0217 4656        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
18:22:00.0243 4656        Themes - ok
18:22:00.0278 4656        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
18:22:00.0315 4656        THREADORDER - ok
18:22:00.0381 4656        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
18:22:00.0436 4656        TrkWks - ok
18:22:00.0483 4656        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
18:22:00.0531 4656        TrustedInstaller - ok
18:22:00.0612 4656        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:22:00.0647 4656        tssecsrv - ok
18:22:00.0738 4656        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:22:00.0760 4656        TsUsbFlt - ok
18:22:00.0812 4656        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:22:00.0849 4656        tunnel - ok
18:22:00.0890 4656        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
18:22:00.0908 4656        uagp35 - ok
18:22:00.0949 4656        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:22:00.0997 4656        udfs - ok
18:22:01.0072 4656        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
18:22:01.0106 4656        UI0Detect - ok
18:22:01.0175 4656        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:22:01.0193 4656        uliagpkx - ok
18:22:01.0256 4656        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
18:22:01.0284 4656        umbus - ok
18:22:01.0339 4656        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
18:22:01.0368 4656        UmPass - ok
18:22:01.0425 4656        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
18:22:01.0479 4656        upnphost - ok
18:22:01.0541 4656        USB28xxBGA      (599a5d2f536f64ff4502f9b0d61e57c6) C:\Windows\system32\DRIVERS\emBDA.sys
18:22:01.0574 4656        USB28xxBGA - ok
18:22:01.0680 4656        USB28xxOEM      (6ec3f4024514ce503789e80833b452a8) C:\Windows\system32\DRIVERS\emOEM.sys
18:22:01.0708 4656        USB28xxOEM - ok
18:22:01.0758 4656        USBAAPL        (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
18:22:01.0798 4656        USBAAPL - ok
18:22:01.0886 4656        usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
18:22:01.0918 4656        usbaudio - ok
18:22:01.0972 4656        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:22:02.0002 4656        usbccgp - ok
18:22:02.0056 4656        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:22:02.0078 4656        usbcir - ok
18:22:02.0133 4656        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
18:22:02.0152 4656        usbehci - ok
18:22:02.0229 4656        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:22:02.0266 4656        usbhub - ok
18:22:02.0310 4656        usbohci        (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
18:22:02.0328 4656        usbohci - ok
18:22:02.0374 4656        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
18:22:02.0395 4656        usbprint - ok
18:22:02.0439 4656        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
18:22:02.0469 4656        usbscan - ok
18:22:02.0525 4656        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:22:02.0567 4656        USBSTOR - ok
18:22:02.0645 4656        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:22:02.0663 4656        usbuhci - ok
18:22:02.0702 4656        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
18:22:02.0750 4656        UxSms - ok
18:22:02.0821 4656        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
18:22:02.0839 4656        VaultSvc - ok
18:22:02.0925 4656        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:22:02.0943 4656        vdrvroot - ok
18:22:03.0000 4656        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
18:22:03.0052 4656        vds - ok
18:22:03.0154 4656        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:22:03.0174 4656        vga - ok
18:22:03.0223 4656        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:22:03.0260 4656        VgaSave - ok
18:22:03.0363 4656        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:22:03.0384 4656        vhdmp - ok
18:22:03.0428 4656        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:22:03.0447 4656        viaagp - ok
18:22:03.0505 4656        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
18:22:03.0533 4656        ViaC7 - ok
18:22:03.0590 4656        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:22:03.0610 4656        viaide - ok
18:22:03.0649 4656        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:22:03.0666 4656        volmgr - ok
18:22:03.0734 4656        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:22:03.0757 4656        volmgrx - ok
18:22:03.0816 4656        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:22:03.0836 4656        volsnap - ok
18:22:03.0891 4656        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
18:22:03.0912 4656        vsmraid - ok
18:22:03.0984 4656        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
18:22:04.0054 4656        VSS - ok
18:22:04.0129 4656        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
18:22:04.0162 4656        vwifibus - ok
18:22:04.0225 4656        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
18:22:04.0268 4656        W32Time - ok
18:22:04.0351 4656        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
18:22:04.0381 4656        WacomPen - ok
18:22:04.0481 4656        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:04.0516 4656        WANARP - ok
18:22:04.0540 4656        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:04.0573 4656        Wanarpv6 - ok
18:22:04.0638 4656        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
18:22:04.0718 4656        wbengine - ok
18:22:04.0795 4656        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
18:22:04.0849 4656        WbioSrvc - ok
18:22:04.0894 4656        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
18:22:04.0945 4656        wcncsvc - ok
18:22:04.0974 4656        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
18:22:05.0021 4656        WcsPlugInService - ok
18:22:05.0084 4656        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
18:22:05.0102 4656        Wd - ok
18:22:05.0148 4656        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:22:05.0185 4656        Wdf01000 - ok
18:22:05.0256 4656        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:22:05.0299 4656        WdiServiceHost - ok
18:22:05.0315 4656        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
18:22:05.0339 4656        WdiSystemHost - ok
18:22:05.0416 4656        WebClient      (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
18:22:05.0459 4656        WebClient - ok
18:22:05.0494 4656        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
18:22:05.0536 4656        Wecsvc - ok
18:22:05.0585 4656        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
18:22:05.0636 4656        wercplsupport - ok
18:22:05.0739 4656        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
18:22:05.0779 4656        WerSvc - ok
18:22:05.0849 4656        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:22:05.0885 4656        WfpLwf - ok
18:22:05.0944 4656        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:22:05.0961 4656        WIMMount - ok
18:22:06.0029 4656        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
18:22:06.0082 4656        WinDefend - ok
18:22:06.0094 4656        WinHttpAutoProxySvc - ok
18:22:06.0203 4656        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
18:22:06.0250 4656        Winmgmt - ok
18:22:06.0320 4656        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
18:22:06.0407 4656        WinRM - ok
18:22:06.0530 4656        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
18:22:06.0559 4656        WinUsb - ok
18:22:06.0609 4656        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
18:22:06.0659 4656        Wlansvc - ok
18:22:06.0772 4656        wlidsvc        (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:22:06.0838 4656        wlidsvc - ok
18:22:06.0934 4656        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:22:06.0954 4656        WmiAcpi - ok
18:22:07.0036 4656        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
18:22:07.0056 4656        wmiApSrv - ok
18:22:07.0143 4656        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:22:07.0208 4656        WMPNetworkSvc - ok
18:22:07.0271 4656        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
18:22:07.0300 4656        WPCSvc - ok
18:22:07.0341 4656        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
18:22:07.0378 4656        WPDBusEnum - ok
18:22:07.0477 4656        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:22:07.0526 4656        ws2ifsl - ok
18:22:07.0584 4656        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
18:22:07.0623 4656        wscsvc - ok
18:22:07.0635 4656        WSearch - ok
18:22:07.0724 4656        wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
18:22:07.0821 4656        wuauserv - ok
18:22:07.0871 4656        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:22:07.0909 4656        WudfPf - ok
18:22:08.0011 4656        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:22:08.0047 4656        WUDFRd - ok
18:22:08.0125 4656        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
18:22:08.0164 4656        wudfsvc - ok
18:22:08.0213 4656        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
18:22:08.0254 4656        WwanSvc - ok
18:22:08.0316 4656        xusb21          (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys
18:22:08.0344 4656        xusb21 - ok
18:22:08.0379 4656        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:22:08.0517 4656        \Device\Harddisk0\DR0 - ok
18:22:08.0523 4656        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
18:22:08.0627 4656        \Device\Harddisk1\DR1 - ok
18:22:08.0649 4656        Boot (0x1200)  (2161ede224ba40d5a38958512178ff54) \Device\Harddisk0\DR0\Partition0
18:22:08.0650 4656        \Device\Harddisk0\DR0\Partition0 - ok
18:22:08.0655 4656        Boot (0x1200)  (b9709801f07bfef5ac160c75a705b7c0) \Device\Harddisk0\DR0\Partition1
18:22:08.0657 4656        \Device\Harddisk0\DR0\Partition1 - ok
18:22:08.0665 4656        Boot (0x1200)  (f55078df5ffb4d1cc2922c6214e153e6) \Device\Harddisk1\DR1\Partition0
18:22:08.0666 4656        \Device\Harddisk1\DR1\Partition0 - ok
18:22:08.0668 4656        ============================================================
18:22:08.0668 4656        Scan finished
18:22:08.0668 4656        ============================================================
18:22:08.0697 2512        Detected object count: 10
18:22:08.0697 2512        Actual detected object count: 10
18:25:15.0099 2512        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:25:15.0100 2512        FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:25:15.0102 2512        Freemake Improver ( UnsignedFile.Multi.Generic ) - skipped by user
18:25:15.0102 2512        Freemake Improver ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:25:15.0105 2512        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
18:25:15.0105 2512        FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:25:15.0108 2512        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:25:15.0108 2512        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:25:15.0110 2512        NovacomD ( UnsignedFile.Multi.Generic ) - skipped by user
18:25:15.0111 2512        NovacomD ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:25:15.0116 2512        pfc ( UnsignedFile.Multi.Generic ) - skipped by user
18:25:15.0116 2512        pfc ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:25:15.0118 2512        PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
18:25:15.0118 2512        PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:25:15.0120 2512        SCM_Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:25:15.0121 2512        SCM_Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:25:15.0123 2512        SrvCDEject ( UnsignedFile.Multi.Generic ) - skipped by user
18:25:15.0123 2512        SrvCDEject ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:25:15.0125 2512        stllssvr ( UnsignedFile.Multi.Generic ) - skipped by user
18:25:15.0125 2512        stllssvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:25:19.0692 2696        Deinitialize success

cosinus 23.04.2012 21:36
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Broid 24.04.2012 04:38
Okay, Combofix lief problemlos und ohne irgendwelche Meldungen durch. Hier die Textdatei:

Code:
ComboFix 12-04-23.03 - Matthias 24.04.2012  5:05.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3070.2303 [GMT 2:00]
ausgeführt von:: c:\users\Matthias\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.3\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.3\uninstall.exe
c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\avwfls0h.default\weave\toFetch
c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\avwfls0h.default\weave\toFetch\clients.json
c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\avwfls0h.default\weave\toFetch\tabs.json
c:\windows\system32\urttemp
c:\windows\system32\urttemp\regtlib.exe
L:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-03-24 bis 2012-04-24  ))))))))))))))))))))))))))))))
.
.
2016-03-23 16:11 . 2016-03-23 16:11        --------        d-----w-        c:\users\Matthias\AppData\Roaming\MAGIX
2016-03-23 16:08 . 2010-03-28 05:48        --------        d-----w-        c:\programdata\MAGIX
2016-03-23 16:07 . 2010-03-28 05:48        --------        d-----w-        c:\program files\MAGIX
2016-03-23 16:07 . 2007-04-27 09:43        120200        ----a-w-        c:\windows\system32\DLLDEV32i.dll
2016-03-23 16:06 . 2010-03-28 05:46        --------        d-----w-        c:\program files\Common Files\MAGIX Services
2012-04-24 03:33 . 2012-04-24 03:33        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-04-24 03:33 . 2012-04-24 03:33        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-04-23 16:29 . 2012-04-23 16:29        --------        d-----w-        c:\program files\Common Files\Skype
2012-04-23 15:42 . 2012-04-23 15:42        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{23D8129C-567F-4718-A857-9F886D57752B}\offreg.dll
2012-04-22 08:24 . 2012-04-22 08:25        --------        d-----w-        c:\program files\DVR-Studio HD 2
2012-04-20 15:10 . 2012-04-13 07:36        6734704        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{23D8129C-567F-4718-A857-9F886D57752B}\mpengine.dll
2012-04-12 20:11 . 2012-03-01 05:46        19824        ----a-w-        c:\windows\system32\drivers\fs_rec.sys
2012-04-12 20:11 . 2012-03-01 05:37        172544        ----a-w-        c:\windows\system32\wintrust.dll
2012-04-12 20:11 . 2012-03-01 05:33        159232        ----a-w-        c:\windows\system32\imagehlp.dll
2012-04-12 20:11 . 2012-03-01 05:29        5120        ----a-w-        c:\windows\system32\wmi.dll
2012-04-12 20:11 . 2012-03-06 05:59        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-04-12 20:11 . 2012-03-06 05:59        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-04-09 14:24 . 2012-04-09 14:24        --------        d-----w-        C:\_OTL
2012-04-08 04:52 . 2012-04-08 04:52        --------        d-----w-        c:\program files\ESET
2012-04-04 17:49 . 2012-04-04 17:49        --------        d-----w-        c:\users\Matthias\AppData\Roaming\Malwarebytes
2012-04-04 17:46 . 2012-04-04 17:46        --------        d-----w-        c:\programdata\Malwarebytes
2012-04-04 17:46 . 2012-04-04 17:46        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-04-04 17:46 . 2011-12-10 13:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-04-04 11:48 . 2012-04-13 18:44        418464        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-03-29 17:29 . 2012-03-29 17:29        --------        d-----w-        c:\program files\Common Files\Java
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 18:44 . 2011-05-22 07:44        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-29 17:25 . 2010-11-18 16:25        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2012-02-29 19:21 . 2012-02-29 19:21        42392        ----a-w-        c:\windows\system32\xfcodec.dll
2012-02-23 08:18 . 2009-11-13 08:07        237072        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-17 18:04 . 2012-01-02 10:22        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-02-17 05:34 . 2012-03-13 17:24        826880        ----a-w-        c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 17:24        183808        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 17:24        24576        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-02-15 10:01 . 2012-02-15 10:01        4547944        ----a-w-        c:\windows\system32\usbaaplrc.dll
2012-02-15 10:01 . 2012-02-15 10:01        43520        ----a-w-        c:\windows\system32\drivers\usbaapl.sys
2012-02-10 05:38 . 2012-03-13 21:02        1077248        ----a-w-        c:\windows\system32\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02        1070352        ----a-w-        c:\windows\system32\MSCOMCTL.OCX
2012-02-03 03:54 . 2012-03-13 21:02        2343424        ----a-w-        c:\windows\system32\win32k.sys
2012-01-25 05:32 . 2012-03-13 17:24        58880        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-01-25 05:32 . 2012-03-13 17:24        129536        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-01-25 05:27 . 2012-03-13 17:24        8192        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-20 16:38 . 2011-04-12 16:15        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-20 228088]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Startcenter.lnk - c:\windows\Installer\{2457326B-C110-40C3-89B0-889CC913871A}\Icon2457326B4.exe [2009-11-12 29184]
Inhaltsmanager-Assistent für PlayStation(R).lnk - c:\program files\Sony\Content Manager Assistant\CMA.exe [2012-1-26 2520504]
NETGEAR WG111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v2\WG111v2.exe [2009-12-28 1261568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Matthias^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Partner]
c:\program files\WEB Partner\WEB Partner [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AirVideoServer]
2010-09-22 01:03        4923784        ----a-w-        c:\program files\AirVideoServer\AirVideoServer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18        133432        ----a-w-        c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09        421736        ----a-w-        c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 20:01        71216        ------w-        c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2011-12-02 74752]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 SrvCDEject;SrvCDEject;c:\program files\Packard Bell\SrvCDEject.exe [2006-07-25 613376]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 SCM_Service;SCM_Service;c:\windows\System32\WinService.exe [2007-07-17 180224]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 21728]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 36000]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2007-09-04 87344]
S2 NovacomD;Palm Novacom;c:\program files\Palm, Inc\novacomd\x86\novacomd.exe [2011-03-15 61440]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe [2012-02-09 531328]
S2 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [2012-03-15 370504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver;c:\windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520]
S3 MTSBDA;TechniSat CableStar HD2;c:\windows\system32\Drivers\MtsBda.sys [2009-07-15 265744]
S3 MtsHID;TechniSat Mantis BDA HID Driver;c:\windows\system32\drivers\MtsHID.sys [2009-07-15 23568]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-12-26 288768]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 79192321
*Deregistered* - 79192321
*Deregistered* - EraserUtilRebootDrv
*Deregistered* - hotcore3
*Deregistered* - IDSVix86
*Deregistered* - SPBBCDrv
*Deregistered* - SRTSPX
*Deregistered* - SYMDNS
*Deregistered* - SymEvent
*Deregistered* - SYMFW
*Deregistered* - SYMIDS
*Deregistered* - SYMNDISV
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-12-05 11:27        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:44]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Matthias\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Matthias\AppData\Roaming\Mozilla\Firefox\Profiles\avwfls0h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - hxxp://web.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
MSConfigStartUp-FVDSuite - c:\program files\FVD Suite\fvdbox.exe
MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\/\KiesTrayAgent.exe
MSConfigStartUp-Remote Control Editor - c:\program files\Common Files\TerraTec\Remote\TTTvRc.exe
AddRemove-AOL Deinstallation - c:\program files\Common Files\AOL\uninstaller.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.3\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-04-24  05:35:20
ComboFix-quarantined-files.txt  2012-04-24 03:35
.
Vor Suchlauf: 21 Verzeichnis(se), 18.051.694.592 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 17.872.465.920 Bytes frei
.
- - End Of File - - F10E3257F2B4036F19BE0D85AAB2B32F

cosinus 24.04.2012 12:54
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Broid 30.04.2012 11:49
Hallo,

hat ein bißl gedauert, hier nun aber die drei Scans:

GMER:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-30 10:12:47
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320820AS rev.3.AAD
Running: xdopzmku.exe; Driver: C:\Users\Matthias\AppData\Local\Temp\fxddqkow.sys


---- System - GMER 1.0.15 ----

SSDT            90DD0BA6                                                                                                                      ZwCreateSection
SSDT            90DD0BB0                                                                                                                      ZwRequestWaitReplyPort
SSDT            90DD0BAB                                                                                                                      ZwSetContextThread
SSDT            90DD0BB5                                                                                                                      ZwSetSecurityObject
SSDT            90DD0BBA                                                                                                                      ZwSystemDebugControl
SSDT            90DD0B47                                                                                                                      ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKey + 13C1                                                                                                82E48359 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                        82E81D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                          82E88ECC 4 Bytes  [A6, 0B, DD, 90] {CMPSB ; OR EBX, EBP; NOP }
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                          82E89228 4 Bytes  [B0, 0B, DD, 90]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                          82E8926C 4 Bytes  [AB, 0B, DD, 90] {STOSD ; OR EBX, EBP; NOP }
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                          82E892E8 4 Bytes  [B5, 0B, DD, 90]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                          82E8933C 4 Bytes  [BA, 0B, DD, 90]
.text          ...                                                                                                                         
.vmp2          C:\Windows\system32\drivers\acedrv11.sys                                                                                      entry point in ".vmp2" section [0x9D9E469D]
.text          C:\Windows\system32\DRIVERS\atksgt.sys                                                                                        section is writeable [0x9F800300, 0x3B6D8, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                        section is writeable [0x9F843300, 0x1BEE, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                              [73E02437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                          [73DE5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                        [73DE56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                [73E024B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                      [73DF8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                        [73DF4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                      [73DF506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                      [73DF5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP]                            [73DF6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                      [73DF826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                  [73DF87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                [73DF901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                      [73DFE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[1780] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                          [73DF4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004b                                                                                            halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume9                                                                                        fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                      fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ffwp\OpenWithProgids@Lucom GmbH.FormsForWeb\xae Filler 3.1 

---- EOF - GMER 1.0.15 ----
OSAM:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:44:56 on 30.04.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Mozilla Corporation Firefox 11.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"SAT-1 30-04-2012 20-07-00 Der letzte Bulle.job" - ? - C:\Program Files\DVBViewer\Scheduler.exe
"SAT-1 30-04-2012 20-09-00 Der letzte Bulle.job" - ? - C:\Program Files\DVBViewer\Scheduler.exe
"ZDF (deu) 01-05-2012 01-43-00 Lewis.job" - ? - C:\Program Files\DVBViewer\Scheduler.exe
"ZDF (deu) 01-05-2012 01-45-00 Lewis.job" - ? - C:\Program Files\DVBViewer\Scheduler.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"CplMCDec.cpl" - "MainConcept AG" - C:\Windows\system32\CplMCDec.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
"RTSndMgr.cpl" - "Realtek Semiconductor Corp." - C:\Windows\system32\RTSndMgr.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Adobe Version Cue CS3" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.cpl
"CplMCDec" - "MainConcept AG" - C:\Windows\System32\CplMCDec.cpl
"CplMCDec_x86" - ? - C:\Windows\SysWOW64\CplMCDec.cpl  (File not found)
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"aswMBR" (aswMBR) - ? - C:\Users\Matthias\AppData\Local\Temp\aswMBR.sys  (Hidden registry entry, rootkit activity | File not found)
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Matthias\AppData\Local\Temp\catchme.sys  (File not found)
"dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys  (File not found)
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"fxddqkow" (fxddqkow) - ? - C:\Users\Matthias\AppData\Local\Temp\fxddqkow.sys  (Hidden registry entry, rootkit activity | File not found)
"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\Windows\System32\DRIVERS\ewusbmdm.sys  (File not found)
"Huawei DataCard USB PNP Device" (hwusbdev) - ? - C:\Windows\System32\DRIVERS\ewusbdev.sys  (File not found)
"HUAWEI USB-NDIS miniport" (ewusbnet) - ? - C:\Windows\System32\DRIVERS\ewusbnet.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"NetGroup Packet Filter Driver" (NPF) - "CACE Technologies, Inc." - C:\Windows\System32\drivers\npf.sys
"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\Windows\System32\drivers\pfc.sys
"PCCS Mode Change Filter Driver" (pccsmcfd) - ? - C:\Windows\System32\DRIVERS\pccsmcfd.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - "Realtek Semiconductor Corp." - C:\Windows\System32\drivers\RTKVHDA.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"TerraTec H5 Capture service" (USB28xxBGA) - "eMPIA Technology, Inc." - C:\Windows\System32\DRIVERS\emBDA.sys
"TerraTec H5 OEM service" (USB28xxOEM) - "eMPIA Technology, Inc." - C:\Windows\System32\DRIVERS\emOEM.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\DVR-Studio HD 2\Filters\mmfinfo.dll  (File found, but it contains no detailed information)
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} "Acrobat Elements Context Menu" - "Adobe Systems Inc." - C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{89C76D3A-6B6A-4CC5-A237-42D617C12896} "DVBViewer Recordings Property Handler" - "CM & V" - C:\PROGRA~1\COMMON~1\DVBVIE~1\DVBVPR~1.DLL
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{0561EC90-CE54-4f0c-9C55-E226110A740C} "Haali Column Provider" - ? - C:\Program Files\DVR-Studio HD 2\Filters\mmfinfo.dll  (File found, but it contains no detailed information)
{5574006C-28F5-4a65-A28C-74DE6BFBE0BB} "Haali Matroska Shell Property Page" - ? - C:\Program Files\DVR-Studio HD 2\Filters\mmfinfo.dll  (File found, but it contains no detailed information)
{327669A0-59A7-4be9-B99E-1C9F3A57611A} "Haali Matroska Thumbnail Extractor" - ? - C:\Program Files\DVR-Studio HD 2\Filters\mmfinfo.dll  (File found, but it contains no detailed information)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{7020EDF4-B454-4814-9AA4-1D604D3F1417} "TraXExCM" - ? - C:\PROGRA~1\TraXEx\INTEGR~1\TraXExCM.dll  (File not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
<binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Adobe PDF" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
<binary data> "Grab Pro" - ? - C:\Program Files\Orbitdownloader\GrabPro.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{AE7CD045-E861-484f-8273-0445EE161910} "Adobe PDF Conversion Toolbar Helper" - "Adobe Systems Incorporated" - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{000123B4-9B42-4900-B3F7-F4B073EFC214} "Octh Class" - "Orbitdownloader.com" - C:\Program Files\Orbitdownloader\orbitcth.dll
{2B171655-A69C-5c18-B693-6CB5DC269D44} "Open FVD Suite Toolbar" - "www.flashvideodownloader.org/fvd-suite/" - C:\Program Files\FVD Suite\addons\IE\FVDToolbar.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corporation" - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"FRITZ!DSL Startcenter.lnk" - "AVM Berlin" - C:\Program Files\FRITZ!DSL\StCenter.exe  (Shortcut exists | File exists)
"Inhaltsmanager-Assistent für PlayStation(R).lnk" - "Sony Computer Entertainment Inc." - C:\Program Files\Sony\Content Manager Assistant\CMA.exe  (Shortcut exists | File exists)
"NETGEAR WG111v2 Smart Wizard.lnk" - ? - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"MobileDocuments" - "Apple Inc." - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acrobat Assistant 8.0" - "Adobe Systems Inc." - "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LanguageShortcut" - ? - "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"RoxWatchTray" - "Sonic Solutions" - "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"RtHDVCpl" - "Realtek Semiconductor" - RtHDVCpl.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Adobe PDF Port" - "Adobe Systems Incorporated." - C:\Windows\system32\AdobePDF.dll
"KM Language Monitor" - "KYOCERA MITA Corporation" - C:\Windows\system32\KMPJLMN.DLL
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Adobe Version Cue CS3 {de_DE} " (Adobe Version Cue CS3) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
"AOL Connectivity Service" (AOL ACS) - "AOL LLC" - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Automatisches LiveUpdate - Scheduler" (Automatisches LiveUpdate - Scheduler) - ? - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"  (File not found)
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Freemake Improver" (Freemake Improver) - "Freemake" - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Palm Novacom" (NovacomD) - "Palm" - C:\Program Files\Palm, Inc\novacomd\x86\novacomd.exe
"Remote Packet Capture Protocol v.0 (experimental)" (rpcapd) - "CACE Technologies, Inc." - C:\Program Files\WinPcap\rpcapd.exe
"Roxio Hard Drive Watcher 9" (RoxWatch9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"Splashtop Software Updater Service" (SSUService) - "Splashtop Inc." - C:\Program Files\Splashtop\Splashtop Software Updater\SSUService.exe
"Splashtop® Remote Service" (SplashtopRemoteService) - "Splashtop Inc." - C:\Program Files\Splashtop\Splashtop Remote\Server\SRService.exe
"SrvCDEject" (SrvCDEject) - ? - C:\Program Files\Packard Bell\SrvCDEject.exe  (File found, but it contains no detailed information)
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswMBR
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-30 10:14:10
-----------------------------
10:14:10.482    OS Version: Windows 6.1.7601 Service Pack 1
10:14:10.482    Number of processors: 2 586 0xF02
10:14:10.483    ComputerName: MATTHIAS-PC  UserName: Matthias
10:14:11.039    Initialize success
10:15:14.772    AVAST engine defs: 12042901
10:16:08.327    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:16:08.327    Disk 0 Vendor: ST3320820AS 3.AAD Size: 305245MB BusType: 3
10:16:08.342    Disk 0 MBR read successfully
10:16:08.342    Disk 0 MBR scan
10:16:08.358    Disk 0 Windows 7 default MBR code
10:16:08.452    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        8192 MB offset 2048
10:16:08.467    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        73661 MB offset 16779264
10:16:08.483    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS      149388 MB offset 167638275
10:16:08.483    Disk 0 Partition - 00    0F Extended LBA            74000 MB offset 473587712
10:16:08.514    Disk 0 Partition - 00    05    Extended            73999 MB offset 473589759
10:16:08.530    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS        73999 MB offset 473589760
10:16:08.545    Disk 0 scanning sectors +625139712
10:16:08.827    Disk 0 scanning C:\Windows\system32\drivers
10:17:00.389    Service scanning
10:17:25.805    Modules scanning
10:18:33.080    Disk 0 trace - called modules:
10:18:33.095    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS viaide.sys PCIIDEX.SYS atapi.sys
10:18:33.095    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86580030]
10:18:33.111    3 CLASSPNP.SYS[8b5a259e] -> nt!IofCallDriver -> [0x864ae328]
10:18:33.111    5 ACPI.sys[83abc3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x857bd908]
10:18:33.470    AVAST engine scan C:\Windows
10:18:44.347    AVAST engine scan C:\Windows\system32
10:22:11.439    AVAST engine scan C:\Windows\system32\drivers
10:22:34.489    AVAST engine scan C:\Users\Matthias
10:50:42.749    AVAST engine scan C:\ProgramData
10:56:34.186    Scan finished successfully
12:18:00.308    Disk 0 MBR has been saved successfully to "C:\Users\Matthias\Desktop\MBR.dat"
12:18:00.308    The log file has been saved successfully to "C:\Users\Matthias\Desktop\aswMBR.txt"
Liebe Grüße,

Broid

cosinus 30.04.2012 12:51
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Broid 05.05.2012 10:38
So, geschafft. Endlich die Zeit gefunden, beide Scans durchzuführen. Hier die Ergebnisse:

Malewarebytes
Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.03.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Matthias :: MATTHIAS-PC [Administrator]

03.05.2012 19:13:58
mbam-log-2012-05-03 (19-13-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 428637
Laufzeit: 2 Stunde(n), 13 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
SuperAntiSpyware
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 05/05/2012 at 11:31 AM

Application Version : 5.0.1148

Core Rules Database Version : 8560
Trace Rules Database Version: 6372

Scan type      : Complete Scan
Total Scan Time : 01:48:24

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 780
Memory threats detected  : 0
Registry items scanned    : 39310
Registry threats detected : 0
File items scanned        : 189454
File threats detected    : 199

Adware.Tracking Cookie
        C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\7S1NSZKI.txt [ /mediaplex.com ]
        C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\5SSQV8OZ.txt [ /apmebf.com ]
        C:\Users\Matthias\AppData\Roaming\Microsoft\Windows\Cookies\G4RP6QW9.txt [ /tracking.quisma.com ]
        C:\USERS\MATTHIAS\Cookies\7S1NSZKI.txt [ Cookie:matthias@mediaplex.com/ ]
        C:\USERS\MATTHIAS\Cookies\5SSQV8OZ.txt [ Cookie:matthias@apmebf.com/ ]
        C:\USERS\MATTHIAS\Cookies\G4RP6QW9.txt [ Cookie:matthias@tracking.quisma.com/ ]
        delivery.ibanner.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\74FBR4VJ ]
        s0.2mdn.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\74FBR4VJ ]
        .questionmarket.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AVWFLS0H.DEFAULT\COOKIES.SQLITE ]
        .komtrack.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .richmedia.yahoo.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .ads.quartermedia.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .tto2.traffictrack.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .adinterax.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .adinterax.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .discount24.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        www9.discount24.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        a2.adserver01.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        fr.sitestat.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        fr.sitestat.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        advertiser.contextmatters.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        server.cpmstar.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        ads3.exp.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        ads.gamingmedia.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        adsrv.admediate.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        adsrv.admediate.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        free-toplisten.at [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        www.free-toplisten.at [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .4stats.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .stats.paypal.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        fr.sitestat.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        fr.sitestat.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .euros4click.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .euros4click.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .euros4click.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        adserver.mmoga.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .euroclick.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .adultadworld.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .adultadworld.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .shopica.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .chitika.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        ads2.tuningsuche.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .euros4click.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .euros4click.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        zbox.zanox.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        ads.gamingmedia.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .game-advertising-online.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .collective-media.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        ads3.net2day.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        ads3.net2day.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        ads3.net2day.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        www.highfi-stats.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        www.highfi-stats.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        adserver.xboxuser.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .discount24.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .discount24.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        www.performance-adserver.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .himedia.individuad.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        adsystem.netcomposer-nc04.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        optimize.indieclick.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        www.mynortonaccount.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        www.mynortonaccount.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .euros4click.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        eas4.emediate.eu [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        1xxx.cqcounter.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .euros4click.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .euros4click.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .webstats4u.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .tracking.3gnet.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        stats.sevenmac.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .4stats.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        keyword-advertising.web.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        keyword-advertising.web.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        keyword-advertising.web.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        a7.adserver01.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        eas.apm.emediate.eu [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        dfb.stats.yum.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        www.multimediaxis.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        www.multimediaxis.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        a6.adserver01.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        ads.gamingmedia.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .media.photobucket.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .4stats.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .euros4click.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .euros4click.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .medialand.ru [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .medialand.ru [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .medialand.ru [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        track.webtrekk.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        a3.adserver01.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .kalypsomedia.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .kalypsomedia.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        adserver.sevenload.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        adserver.yopi.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        a7.adserver01.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        a7.adserver01.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        keyword-advertising.web.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .pointroll.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .tracking.mindshare.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .adlegend.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .adviva.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        cdn5.specificclick.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        cdn5.specificclick.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .iacas.adbureau.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .iacas.adbureau.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .content.yieldmanager.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        media.adrevolver.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        banner.slashcam.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]
        adserver.traffictrack.de [ C:\USERS\MATTHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YJHXRHZA.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-ImageDocFake
        F:\ASGLOBE\AS120\BUECHER\PERSONEN\IMAGE789.JPG

Trojan.Agent/Gen-Bancos
        C:\DVBDREAM\DEVICES\BDA_ALL.DEV

cosinus 06.05.2012 18:10
Sieht ok aus, da wurden nur Cookies gefunden und zwei Fehlalarme waren bei SASW da noch
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Broid 07.05.2012 18:24
Ja, ich denke, es ist nun alles in Ordnung. Und nein, es gibt keine weiteren Probleme.

Danke sehr, für die sehr ausführliche Betreung. Wahnsinn!!

:)

LG,

Broid

cosinus 07.05.2012 19:31
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:48 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131