Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   searchnu.com/406 als Startseite (https://www.trojaner-board.de/114321-searchnu-com-406-startseite.html)

l.kirch 29.04.2012 15:05
searchnu.com/406 als Startseite
 
Hallo,

nachdem meine Freundin einen Trojaner von irgend einer Ausländischen Seite runtergeladen und auf ihrem Laptop installiert hat :stirn:,
wurde statt Google immer ...searchnu.com/406 angezeigt. Jegliche Versuche eine andere Startseite einzustellen ist fehlgeschlagen.

Ich habe mich hier im Board umgesehen und vor einiger Zeit mit folgenden Tools erfolgreich (?) gescannt Malwarebytes, OTL und SUPERAntiSpyware (logs s.u.).
Anschließend konnte ich zwar wieder eine andere Startseite einstellen, aber das Laptop läuft seitdem eher schlecht als recht.
Entweder habe ich was beschädigt, oder der/die Trojaner sind noch aktiv.
Das Gerät läuft extrem lahm und oft reagieren einzele Fenster (IE8, Win-Explorer, Firefox) nicht mehr. Beim Abspielen von Videos online stürzt der Flash-Player
sowohl bei IE8, als auch bei Firefox oft ab.

Was meint ihr, kann man noch was retten, oder muss ich die Kiste neu installieren?
Ich habe permanent eine aktuelle Vollversion von Kapersky drauf laufen. Eigentlich hatte ich den Eindruck, dass Kapersky gut ist, aber der prüft wohl nicht auf Malware?
Soll ich neben Kapersky noch was zusätzlich speziell gegen Malware installieren, und wenn Ja was?

So, das waren jetzt viele Fragen. Möchte mich vorab schon mal vorab bedanken, dass ihr eure Freizeit opfert, um anderen zu helfen! :applaus:


***************************************************************************
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.14.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
xxxxxx:: XXX-PC [Administrator]

Schutz: Aktiviert

14.04.2012 17:49:38
mbam-log-2012-04-14 (17-49-38).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 363210
Laufzeit: 2 Stunde(n), 37 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\xxxxxxx\Desktop\SoftonicDownloader_fuer_photo-slideshow-maker.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

***************************************************************************

OTL logfile created on: 15.04.2012 08:55:52 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\xxx\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,94% Memory free
3,99 Gb Paging File | 2,83 Gb Available in Paging File | 70,99% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 22,81 Gb Free Space | 22,81% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 0,59 Gb Free Space | 0,50% Space Free | Partition Type: NTFS
Drive E: | 15,10 Gb Total Space | 15,08 Gb Free Space | 99,82% Space Free | Partition Type: FAT32

Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe ()
PRC - C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (AsusTek Computer Inc.)
PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
PRC - C:\Program Files\EeePC\CapsHook\CapsHook.exe (ASUS)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.)
PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Program Files\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)


========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AxInterop.ShockwaveFlashObjects.dll ()
MOD - C:\PROGRA~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL ()
MOD - C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
MOD - C:\Program Files\WinRAR\rarext.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Guard.Mail.ru) -- C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe ()
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvpciflt) -- C:\Windows\System32\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (klbg) -- C:\Windows\System32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
IE - HKCU\..\SearchScopes,DefaultScope = {E88E0043-C9D4-4e33-8555-FEE4F5B63060}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{231D0CC4-941C-4625-B1EE-032B706854B5}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKCU\..\SearchScopes\{3AF41670-B64E-405C-81D9-F4F45E9881FF}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe ()
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O13 - gopher Prefix: missing
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/canvasx.cab (CanvasX Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{588BC8C4-65F4-486B-B06E-88C28F634390}: NameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.04.14 18:26:43 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.04.14 17:46:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2012.04.14 17:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.14 17:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.14 17:46:14 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012.04.14 17:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.14 17:28:08 | 000,000,000 | -H-D | C] -- C:\windows\AxInstSV
[2012.04.11 20:14:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.04.11 19:46:41 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2012.04.11 19:46:41 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2012.04.10 19:23:52 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012.04.10 19:23:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012.04.10 19:23:51 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012.04.10 19:23:51 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012.04.10 19:23:50 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012.04.07 18:03:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Formulare
[2012.04.05 14:25:42 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012.03.30 18:35:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\FernStudiumILS
[2012.03.28 10:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.03.28 10:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.03.28 10:05:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012.03.28 10:05:29 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012.03.28 10:05:28 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012.03.28 10:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.03.28 09:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.03.28 09:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.28 09:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.03.28 09:11:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Secunia PSI
[2012.03.28 08:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012.03.28 08:53:26 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012.03.28 08:53:23 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2012.03.28 08:52:02 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll
[2012.03.28 08:52:02 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll
[2012.03.28 08:52:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdrmemptylst.exe
[2012.03.28 08:51:58 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll
[4 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Users\xxx\Desktop\*.tmp files -> C:\Users\xxx\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.04.15 08:53:56 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.15 08:53:56 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.15 08:52:31 | 000,644,280 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.04.15 08:52:31 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.04.15 08:52:31 | 000,129,726 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.04.15 08:52:31 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.04.15 08:44:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.04.15 08:44:48 | 1602,740,224 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.14 22:58:33 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.04.14 21:59:55 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat
[2012.04.14 18:21:52 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.04.14 17:46:18 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.14 17:34:59 | 000,000,165 | ---- | M] () -- C:\Users\xxx\Desktop\searchnu hat sich als Startseite eingenistet - Trojaner-Board.url
[2012.04.07 17:50:57 | 000,000,017 | ---- | M] () -- C:\windows\System32\shortcut_ex.dat
[2012.04.05 14:25:42 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012.04.05 14:25:42 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012.03.30 18:54:22 | 000,000,162 | -H-- | M] () -- C:\Users\xxx\Desktop\~$fgabenblatt - TOUR 7.rtf
[2012.03.28 10:42:49 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.28 10:05:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2012.03.28 10:05:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012.03.28 10:05:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012.03.28 10:05:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012.03.28 09:58:02 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.03.28 09:53:55 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.28 09:35:33 | 000,267,008 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012.03.28 08:57:37 | 000,001,064 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[4 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Users\xxx\Desktop\*.tmp files -> C:\Users\xxx\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.04.14 21:59:55 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat
[2012.04.14 17:46:18 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.14 17:34:59 | 000,000,165 | ---- | C] () -- C:\Users\xxx\Desktop\searchnu hat sich als Startseite eingenistet - Trojaner-Board.url
[2012.04.07 17:50:57 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat
[2012.04.05 14:25:44 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.03.30 18:54:22 | 000,000,162 | -H-- | C] () -- C:\Users\xxx\Desktop\~$fgabenblatt - TOUR 7.rtf
[2012.03.28 10:42:49 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.28 09:58:02 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.03.28 09:53:55 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.28 08:57:37 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.03.28 08:57:37 | 000,001,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011.07.20 17:33:12 | 000,115,369 | ---- | C] () -- C:\windows\System32\drivers\klin.dat
[2011.07.20 17:33:12 | 000,097,961 | ---- | C] () -- C:\windows\System32\drivers\klick.dat
[2011.07.20 17:29:15 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2011.02.21 19:33:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.28 17:30:03 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010.09.28 01:34:14 | 000,000,852 | ---- | C] () -- C:\windows\System32\drivers\RTKHDRC.dat
[2010.09.28 01:34:14 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2010.09.28 01:33:37 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2010.09.28 01:33:37 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010.07.27 23:50:32 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe
[2010.07.27 23:44:04 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010.07.27 23:44:03 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010.07.27 23:41:06 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.07.27 23:39:18 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010.07.27 23:32:05 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2010.07.12 18:10:54 | 000,408,168 | ---- | C] () -- C:\windows\System32\easyUpdatusAPIU.dll
[2010.07.12 18:10:54 | 000,347,350 | ---- | C] () -- C:\windows\System32\nvcoproc.bin
[2010.07.06 04:50:14 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys

< End of report >

*******************************************************
OTL Extras logfile created on: 15.04.2012 08:55:52 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\xxx\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,94% Memory free
3,99 Gb Paging File | 2,83 Gb Available in Paging File | 70,99% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 22,81 Gb Free Space | 22,81% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 0,59 Gb Free Space | 0,50% Space Free | Partition Type: NTFS
Drive E: | 15,10 Gb Total Space | 15,08 Gb Free Space | 99,82% Space Free | Partition Type: FAT32

Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{13CD417D-F1F1-4AC4-945D-FDDEB884756F}" = Microsoft Baseline Security Analyzer 2.2
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{300A98D6-8DA2-45FF-9314-A6861D76A535}" = syncables desktop SE
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{946135EF-3A4C-494F-AE05-1312913DF880}" = Dr.Eee
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95E03739-5775-4D41-B0B9-D99DFDFE2DED}" = ALLNET Powerline Configuration Utility
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Catan - Staedte und Ritter" = Catan - Städte und Ritter
"CCleaner" = CCleaner
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Diashow XL_is1" = Diashow XL
"Eee Docking_is1" = Eee Docking 3.8.1
"Guard.Mail.ru" = Guard.Mail.ru
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{946135EF-3A4C-494F-AE05-1312913DF880}" = Dr.Eee
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"MailRuSputnik" = Mail.Ru Спутник 2.4.0.491
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA.Updatus" = NVIDIA Updatus
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OOBERegBackup_is1" = OOBERegBackup
"ScreenSaverPatch_is1" = ScreenSaverPatch
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

***********************************************************************************
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/15/2012 at 11:51 AM

Application Version : 5.0.1146

Core Rules Database Version : 8458
Trace Rules Database Version: 6270

Scan type : Complete Scan
Total Scan Time : 02:03:34

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 788
Memory threats detected : 0
Registry items scanned : 34151
Registry threats detected : 0
File items scanned : 68156
File threats detected : 80

Adware.Tracking Cookie
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@adx.chip[1].txt [ /adx.chip ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@content.yieldmanager[1].txt [ /content.yieldmanager ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@smartadserver[1].txt [ /smartadserver ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\6CYWLSF9.txt [ /oracle.112.2o7.net ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\8GCSFJF1.txt [ /partypoker.com ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\9NGMIKBL.txt [ /apmebf.com ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\AAO8IUL9.txt [ /yadro.ru ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\T4MFWIHQ.txt [ /doubleclick.net ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@rambler[2].txt [ /rambler.ru ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@www.rambler[2].txt [ /www.rambler.ru ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\7JIJUOZ5.txt [ Cookie:xxx@media.gan-online.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\N1C2X7Q3.txt [ Cookie:xxx@zanox.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\TGQIAIT1.txt [ Cookie:xxx@ru4.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\0O44QGWP.txt [ Cookie:xxx@ad2.adfarm1.adition.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\CJ9SALUI.txt [ Cookie:xxx@apmebf.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\TO4DEG5L.txt [ Cookie:xxx@ww251.smartadserver.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y2ZF1XGS.txt [ Cookie:xxx@dyntracker.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\PE0U3OF9.txt [ Cookie:xxx@invitemedia.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\PJ1PIX8D.txt [ Cookie:xxx@specificclick.net/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\8B0CVIXG.txt [ Cookie:xxx@webmasterplan.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\7R3BELP4.txt [ Cookie:xxx@yadro.ru/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\63UWFZNI.txt [ Cookie:xxx@s4.trafficmaxx.de/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\WS3HK8M4.txt [ Cookie:xxx@www.googleadservices.com/pagead/conversion/1066329064/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\4WFCTKA3.txt [ Cookie:xxx@www.zanox-affiliate.de/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\3QVLZQNJ.txt [ Cookie:xxx@spylog.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\60SU4UMG.txt [ Cookie:xxx@urbia.wwe-media.de/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\TQPB23N2.txt [ Cookie:xxx@tns-counter.ru/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\YTZ5SH6X.txt [ Cookie:xxx@loyaltypartner.122.2o7.net/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\KTIUF68G.txt [ Cookie:xxx@www.googleadservices.com/pagead/conversion/949381375/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\MEB9JHFJ.txt [ Cookie:xxx@smartadserver.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\QYP6PVSB.txt [ Cookie:xxx@www.googleadservices.com/pagead/conversion/985119181/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\8VME6JXM.txt [ Cookie:xxx@directadvert.ru/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\0K1UZ9I5.txt [ Cookie:xxx@c.atdmt.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\VRPVURIW.txt [ Cookie:xxx@cunda.122.2o7.net/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\LLGQ7KK9.txt [ Cookie:xxx@doubleclick.net/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\E2KBXRLU.txt [ Cookie:xxx@hightraffic.hugoboss.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\TRT1219B.txt [ Cookie:xxx@zbox.zanox.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\T0LYWNYF.txt [ Cookie:xxx@quartermedia.de/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\0WS96SOF.txt [ Cookie:xxx@ad.zanox.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\4JX1UHW2.txt [ Cookie:xxx@revsci.net/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\GDM568CB.txt [ Cookie:xxx@data.coremetrics.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\00NQXIBY.txt [ Cookie:xxx@clickfuse.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\ERW47DCZ.txt [ Cookie:xxx@ad3.adfarm1.adition.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\T80RRPAP.txt [ Cookie:xxx@adtech.de/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q0NZ5HBV.txt [ Cookie:xxx@ad.dyntracker.de/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\EUXQCWYM.txt [ Cookie:xxx@statcounter.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\YX6OH6BM.txt [ Cookie:xxx@atdmt.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\2X761QGE.txt [ Cookie:xxx@fl01.ct2.comclick.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\0YSO4WXW.txt [ Cookie:xxx@tradedoubler.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\GCJEOE0J.txt [ Cookie:xxx@tracking.quisma.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\R30O10HL.txt [ Cookie:xxx@questionmarket.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\VV3UO376.txt [ Cookie:xxx@www.directadvert.ru/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\ALJJZF59.txt [ Cookie:xxx@www.etracker.de/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\YT9V7Y07.txt [ Cookie:xxx@zanox-affiliate.de/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\05ICXGAZ.txt [ Cookie:xxx@traffictrack.de/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\H9YNF6C5.txt [ Cookie:xxx@adsyst.biz/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\QQXLD10I.txt [ Cookie:xxx@in.getclicky.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\OG0R27IV.txt [ Cookie:xxx@bs.serving-sys.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\D2VZ8XTJ.txt [ Cookie:xxx@ad1.adfarm1.adition.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\KJ9SAQMG.txt [ Cookie:xxx@track.webtrekk.de/390100023909110/ ]
C:\USERS\xxx\Cookies\6CYWLSF9.txt [ Cookie:xxx@oracle.112.2o7.net/ ]
C:\USERS\xxx\Cookies\8GCSFJF1.txt [ Cookie:xxx@partypoker.com/ ]
C:\USERS\xxx\Cookies\9NGMIKBL.txt [ Cookie:xxx@apmebf.com/ ]
C:\USERS\xxx\Cookies\AAO8IUL9.txt [ Cookie:xxx@yadro.ru/ ]
C:\USERS\xxx\Cookies\xxx@smartadserver[1].txt [ Cookie:xxx@smartadserver.com/ ]
C:\USERS\xxx\Cookies\xxx@adx.chip[1].txt [ Cookie:xxx@adx.chip.de/ ]
C:\USERS\xxx\Cookies\T4MFWIHQ.txt [ Cookie:xxx@doubleclick.net/ ]
C:\USERS\xxx\Cookies\xxx@content.yieldmanager[1].txt [ Cookie:xxx@content.yieldmanager.com/ ]
C:\USERS\xxx\Cookies\xxx@www.rambler[2].txt [ Cookie:xxx@www.rambler.ru/ ]
C:\USERS\xxx\APPDATA\LOCAL\TEMP\LOW\COOKIES\xxx@TNS-COUNTER[1].TXT [ /TNS-COUNTER ]
aka-cdn-ns.adtech.de [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ]
allserials.tv [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ]
delivery.ibanner.de [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ]
media.kyte.tv [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ]
s0.2mdn.net [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ]
vht.tradedoubler.com [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ]
www.secmedia.de [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ]
www.sexsmotri.com [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ]
wwwstatic.megaporn.com [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ]

ENDE
____________________________________________

cosinus 30.04.2012 18:50
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

l.kirch 01.05.2012 18:07
Hallo,

die logs der beiden Scans die ich gemacht habe sind angehängt.

Gruß, L

cosinus 01.05.2012 18:12
Zitat:
C:\Users\xxxxxxx\Desktop\SoftonicDownloader_fuer_photo-slideshow-maker.exe
Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen


Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


l.kirch 03.05.2012 22:07
Zwei Dateien hat er gefunden, siehe Anhang.

Gruß, L

cosinus 04.05.2012 10:45
Die Logs bitte beim nächsten Mal in CODE-Tags posten!!

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

l.kirch 04.05.2012 16:02
log.txt:

Code:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=275622e38c289545b696f9cab33a6cfb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-03 08:27:01
# local_time=2012-05-03 10:27:01 (+0100, Mitteleuropдische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1280 16777215 100 0 24883411 24883411 0 0
# compatibility_mode=5893 16776574 66 85 32504576 87690521 0 0
# compatibility_mode=8192 67108863 100 0 543 543 0 0
# scanned=113710
# found=2
# cleaned=0
# scan_time=17491
D:\***-PC\Backup Set 2012-01-01 190006\Backup Files 2012-01-08 193133\Backup files 1.zip        Win32/SoftonicDownloader application (unable to clean)        00000000000000000000000000000000        I
D:\***-PC\Backup Set 2012-01-22 190005\Backup Files 2012-01-22 190005\Backup files 1.zip        Win32/SoftonicDownloader application (unable to clean)        00000000000000000000000000000000        I
1. Der normale Modus läuft ohne Fehler oder Auffälligkeiten, wenn auch etwas langsamer als früher

2. Im Startmenü ist alles vorhanden. Keine leeren Ordner o.ä.

Gruß, L

cosinus 04.05.2012 18:54
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

l.kirch 06.05.2012 08:42
OTL Logfile:
Code:
OTL logfile created on: 06.05.2012 08:50:04 - Run 2
OTL by OldTimer - Version 3.2.42.2    Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,78% Memory free
3,99 Gb Paging File | 3,13 Gb Available in Paging File | 78,41% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 24,21 Gb Free Space | 24,21% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 5,22 Gb Free Space | 4,43% Space Free | Partition Type: NTFS
Drive E: | 15,10 Gb Total Space | 15,08 Gb Free Space | 99,82% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe (Kaspersky Lab)
PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.)
PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\PROGRA~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvpciflt) -- C:\Windows\System32\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (klbg) -- C:\Windows\System32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes,DefaultScope = {E88E0043-C9D4-4e33-8555-FEE4F5B63060}
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{231D0CC4-941C-4625-B1EE-032B706854B5}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{3AF41670-B64E-405C-81D9-F4F45E9881FF}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.29 17:54:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.04.17 19:28:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.05.02 16:40:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\k0393dc9.default\extensions
[2012.04.29 17:54:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.04.17 19:51:05 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {C44F9E21-D93F-490C-B41C-B3548BDD19FC} - No CLSID value found.
O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] FwebProt.exe File not found
O4 - HKU\S-1-5-18..\Run: [FRITZ!protect] FwebProt.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autorun.cmd ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{588BC8C4-65F4-486B-B06E-88C28F634390}: NameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig - StartUpReg: ASUSPRP - hkey= - key= - C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
MsConfig - StartUpReg: ASUSWebStorage - hkey= - key= - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
MsConfig - StartUpReg: CapsHook - hkey= - key= -  File not found
MsConfig - StartUpReg: Eee Docking - hkey= - key= - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
MsConfig - StartUpReg: HotkeyMon - hkey= - key= -  File not found
MsConfig - StartUpReg: HotkeyService - hkey= - key= -  File not found
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
MsConfig - StartUpReg: LiveUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SuperHybridEngine - hkey= - key= -  File not found
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.06 08:46:09 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.05.03 17:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.29 18:12:59 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012.04.29 18:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.04.29 18:01:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google
[2012.04.29 18:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.04.29 16:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.29 16:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.17 19:28:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla
[2012.04.17 19:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.04.15 09:38:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com
[2012.04.15 09:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.04.14 17:46:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.04.14 17:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.14 17:28:08 | 000,000,000 | -H-D | C] -- C:\windows\AxInstSV
[7 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.06 08:49:25 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.06 08:49:25 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.06 08:45:53 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.06 08:45:37 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.05.06 08:44:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.05.06 08:38:22 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.06 08:33:59 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.05.04 16:50:13 | 1602,740,224 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.03 14:31:47 | 000,000,017 | ---- | M] () -- C:\windows\System32\shortcut_ex.dat
[2012.05.01 17:26:51 | 000,644,280 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.05.01 17:26:51 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.05.01 17:26:51 | 000,129,726 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.05.01 17:26:51 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.04.29 18:04:22 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.29 17:54:32 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.17 19:46:37 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.04.15 09:34:57 | 000,266,352 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[7 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.03 17:18:23 | 000,001,409 | ---- | C] () -- C:\Users\***\Desktop\Internet Explorer.lnk
[2012.05.03 14:31:47 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat
[2012.04.29 18:02:51 | 000,001,098 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.29 18:02:46 | 000,001,094 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.17 19:23:13 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.17 19:23:12 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.07.20 17:33:12 | 000,115,369 | ---- | C] () -- C:\windows\System32\drivers\klin.dat
[2011.07.20 17:33:12 | 000,097,961 | ---- | C] () -- C:\windows\System32\drivers\klick.dat
[2011.07.20 17:29:15 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2011.02.21 19:33:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.28 17:30:03 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010.09.28 01:34:14 | 000,000,852 | ---- | C] () -- C:\windows\System32\drivers\RTKHDRC.dat
[2010.09.28 01:34:14 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2010.09.28 01:33:37 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2010.09.28 01:33:37 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010.07.27 23:50:32 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe
[2010.07.27 23:44:04 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010.07.27 23:44:03 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010.07.27 23:41:06 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.07.27 23:39:18 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010.07.27 23:32:05 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2010.07.12 18:10:54 | 000,408,168 | ---- | C] () -- C:\windows\System32\easyUpdatusAPIU.dll
[2010.07.12 18:10:54 | 000,347,350 | ---- | C] () -- C:\windows\System32\nvcoproc.bin
[2010.07.06 04:50:14 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
 
========== LOP Check ==========
 
[2010.07.27 23:50:05 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2010.07.27 23:50:05 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
[2012.04.29 18:09:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage
[2012.04.29 18:50:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.10.31 13:47:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EeeStorageUploader
[2011.04.03 17:48:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Firefly Studios
[2012.05.06 08:49:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2011.01.17 15:21:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.01.06 11:48:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IN-MEDIAKG
[2012.01.01 18:36:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.01.06 11:54:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mresreg
[2012.01.02 22:02:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SkyMonk
[2012.05.03 14:31:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2010.09.28 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SYBEX.eurofahrschule2010.DEA6744BBD64092B439DF6F6F66EE152DA36E9C6.1
[2010.12.25 12:48:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\temp
[2010.11.28 15:05:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2010.09.28 01:35:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VoiceCommand
[2012.02.03 10:56:26 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.20 19:33:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2012.04.29 18:09:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage
[2012.04.29 18:50:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.10.31 13:47:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EeeStorageUploader
[2011.04.03 17:48:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Firefly Studios
[2012.05.06 08:49:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2011.01.17 15:21:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2009.07.14 06:54:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2012.01.06 11:48:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IN-MEDIAKG
[2010.07.27 23:26:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2010.07.27 23:39:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.01.01 18:36:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.04.14 17:46:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.12.03 15:16:56 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.04.17 19:28:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.01.06 11:54:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mresreg
[2012.01.02 22:02:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SkyMonk
[2012.04.29 18:50:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2011.03.02 17:02:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2012.05.03 14:31:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2012.04.15 09:38:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com
[2010.09.28 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SYBEX.eurofahrschule2010.DEA6744BBD64092B439DF6F6F66EE152DA36E9C6.1
[2010.12.25 12:48:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\temp
[2010.11.28 15:05:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2012.04.11 22:31:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2010.09.28 01:35:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VoiceCommand
[2010.10.18 17:05:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[7 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
 
<          Schliesse bitte nun alle Programme. (Wichtig)  >
 
< Klicke nun bitte auf den Quick Scan Button.  >
 
< Klick auf .  >

< End of report >
--- --- ---


[/code]

cosinus 06.05.2012 18:53
Du hast das CustomScan-Script nicht 1:1 in das Fenster von OTL reinkopiert. Bitte wiederholen und sorgfätiger beim Kopieren und Einfügen sein

l.kirch 08.05.2012 18:40
OTL Logfile:
OTL Logfile:
Code:
OTL logfile created on: 08.05.2012 18:38:05 - Run 3
OTL by OldTimer - Version 3.2.42.2    Folder = C:\Users\***\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 65,26% Memory free
3,99 Gb Paging File | 3,04 Gb Available in Paging File | 76,29% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 25,84 Gb Free Space | 25,84% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 1,32 Gb Free Space | 1,12% Space Free | Partition Type: NTFS
Drive E: | 15,10 Gb Total Space | 15,08 Gb Free Space | 99,82% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe (Kaspersky Lab)
PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.)
PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\PROGRA~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL ()
MOD - C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()
MOD - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\LogicNP.PropSheetExtensionHelper.dll ()
MOD - C:\Program Files\WinRAR\rarext.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvpciflt) -- C:\Windows\System32\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (klbg) -- C:\Windows\System32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes,DefaultScope = {E88E0043-C9D4-4e33-8555-FEE4F5B63060}
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{231D0CC4-941C-4625-B1EE-032B706854B5}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{3AF41670-B64E-405C-81D9-F4F45E9881FF}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.29 17:54:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.04.17 19:28:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.05.02 16:40:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\k0393dc9.default\extensions
[2012.04.29 17:54:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.04.17 19:51:05 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {C44F9E21-D93F-490C-B41C-B3548BDD19FC} - No CLSID value found.
O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] FwebProt.exe File not found
O4 - HKU\S-1-5-18..\Run: [FRITZ!protect] FwebProt.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autorun.cmd ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{588BC8C4-65F4-486B-B06E-88C28F634390}: NameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig - StartUpReg: ASUSPRP - hkey= - key= - C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
MsConfig - StartUpReg: ASUSWebStorage - hkey= - key= - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
MsConfig - StartUpReg: CapsHook - hkey= - key= -  File not found
MsConfig - StartUpReg: Eee Docking - hkey= - key= - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
MsConfig - StartUpReg: HotkeyMon - hkey= - key= -  File not found
MsConfig - StartUpReg: HotkeyService - hkey= - key= -  File not found
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
MsConfig - StartUpReg: LiveUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SuperHybridEngine - hkey= - key= -  File not found
MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.06 17:06:47 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Rezepte
[2012.05.06 08:46:09 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.05.03 17:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.29 18:12:59 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012.04.29 18:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.04.29 18:01:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google
[2012.04.29 18:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012.04.29 16:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.04.29 16:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.04.17 19:28:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla
[2012.04.17 19:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.04.15 09:38:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com
[2012.04.15 09:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.04.14 17:46:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.04.14 17:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.14 17:28:08 | 000,000,000 | -H-D | C] -- C:\windows\AxInstSV
[7 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.08 18:40:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.05.08 18:38:11 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.08 18:36:01 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.08 18:26:59 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.05.06 09:43:11 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.06 09:43:11 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.06 09:35:24 | 1602,740,224 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.06 08:45:37 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.05.03 14:31:47 | 000,000,017 | ---- | M] () -- C:\windows\System32\shortcut_ex.dat
[2012.05.01 17:26:51 | 000,644,280 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.05.01 17:26:51 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.05.01 17:26:51 | 000,129,726 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.05.01 17:26:51 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.04.29 18:04:22 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.04.29 17:54:32 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.17 19:46:37 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.04.15 09:34:57 | 000,266,352 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[7 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.03 17:18:23 | 000,001,409 | ---- | C] () -- C:\Users\***\Desktop\Internet Explorer.lnk
[2012.05.03 14:31:47 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat
[2012.04.29 18:02:51 | 000,001,098 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.29 18:02:46 | 000,001,094 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.17 19:23:13 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.17 19:23:12 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.07.20 17:33:12 | 000,115,369 | ---- | C] () -- C:\windows\System32\drivers\klin.dat
[2011.07.20 17:33:12 | 000,097,961 | ---- | C] () -- C:\windows\System32\drivers\klick.dat
[2011.07.20 17:29:15 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2011.02.21 19:33:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.28 17:30:03 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010.09.28 01:34:14 | 000,000,852 | ---- | C] () -- C:\windows\System32\drivers\RTKHDRC.dat
[2010.09.28 01:34:14 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2010.09.28 01:33:37 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2010.09.28 01:33:37 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010.07.27 23:50:32 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe
[2010.07.27 23:44:04 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010.07.27 23:44:03 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010.07.27 23:41:06 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.07.27 23:39:18 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010.07.27 23:32:05 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2010.07.12 18:10:54 | 000,408,168 | ---- | C] () -- C:\windows\System32\easyUpdatusAPIU.dll
[2010.07.12 18:10:54 | 000,347,350 | ---- | C] () -- C:\windows\System32\nvcoproc.bin
[2010.07.06 04:50:14 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
 
========== LOP Check ==========
 
[2010.07.27 23:50:05 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2010.07.27 23:50:05 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
[2012.04.29 18:09:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage
[2012.04.29 18:50:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.10.31 13:47:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EeeStorageUploader
[2011.04.03 17:48:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Firefly Studios
[2012.05.08 18:37:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2011.01.17 15:21:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2012.01.06 11:48:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IN-MEDIAKG
[2012.01.01 18:36:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.01.06 11:54:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mresreg
[2012.01.02 22:02:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SkyMonk
[2012.05.03 14:31:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2010.09.28 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SYBEX.eurofahrschule2010.DEA6744BBD64092B439DF6F6F66EE152DA36E9C6.1
[2010.12.25 12:48:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\temp
[2010.11.28 15:05:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2010.09.28 01:35:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VoiceCommand
[2012.02.03 10:56:26 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.20 19:33:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2012.04.29 18:09:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage
[2012.04.29 18:50:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.10.31 13:47:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EeeStorageUploader
[2011.04.03 17:48:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Firefly Studios
[2012.05.08 18:37:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!
[2011.01.17 15:21:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2009.07.14 06:54:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2012.01.06 11:48:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IN-MEDIAKG
[2010.07.27 23:26:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2010.07.27 23:39:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.01.01 18:36:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.04.14 17:46:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.12.03 15:16:56 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.04.17 19:28:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.01.06 11:54:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mresreg
[2012.01.02 22:02:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SkyMonk
[2012.04.29 18:50:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2011.03.02 17:02:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2012.05.03 14:31:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2012.04.15 09:38:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com
[2010.09.28 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SYBEX.eurofahrschule2010.DEA6744BBD64092B439DF6F6F66EE152DA36E9C6.1
[2010.12.25 12:48:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\temp
[2010.11.28 15:05:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2012.04.11 22:31:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc
[2010.09.28 01:35:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VoiceCommand
[2010.10.18 17:05:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[7 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< End of report >
--- --- ---


[/code]

cosinus 11.05.2012 08:19
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=iet
FF - user.js - File not found
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.
O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {C44F9E21-D93F-490C-B41C-B3548BDD19FC} - No CLSID value found.
O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] FwebProt.exe File not found
O4 - HKU\S-1-5-18..\Run: [FRITZ!protect] FwebProt.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autorun.cmd ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

l.kirch 11.05.2012 18:03
Code:


All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_USERS\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_USERS\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_USERS\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
Registry value HKEY_USERS\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{09900DE8-1DCA-443F-9243-26FF581438AF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}\ not found.
Registry value HKEY_USERS\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C44F9E21-D93F-490C-B41C-B3548BDD19FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C44F9E21-D93F-490C-B41C-B3548BDD19FC}\ not found.
Registry value HKEY_USERS\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\FRITZ!protect deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\FRITZ!protect not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autorun.cmd moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 321 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Polina
->Temp folder emptied: 2672106 bytes
->Temporary Internet Files folder emptied: 29262380 bytes
->Java cache emptied: 1005260 bytes
->FireFox cache emptied: 101662747 bytes
->Flash cache emptied: 1484 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26226380 bytes
RecycleBin emptied: 1309868153 bytes
 
Total Files Cleaned = 1.403,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: ***
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.2 log created on 05112012_185214

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 11.05.2012 21:03
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

l.kirch 12.05.2012 09:29
Code:


10:18:30.0163 6048        TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
10:18:32.0191 6048        ============================================================
10:18:32.0191 6048        Current date / time: 2012/05/12 10:18:32.0191
10:18:32.0191 6048        SystemInfo:
10:18:32.0191 6048       
10:18:32.0191 6048        OS Version: 6.1.7601 ServicePack: 1.0
10:18:32.0191 6048        Product type: Workstation
10:18:32.0191 6048        ComputerName: ***-PC
10:18:32.0191 6048        UserName: ***
10:18:32.0191 6048        Windows directory: C:\windows
10:18:32.0191 6048        System windows directory: C:\windows
10:18:32.0191 6048        Processor architecture: Intel x86
10:18:32.0191 6048        Number of processors: 4
10:18:32.0191 6048        Page size: 0x1000
10:18:32.0191 6048        Boot type: Normal boot
10:18:32.0191 6048        ============================================================
10:18:33.0470 6048        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:18:33.0470 6048        Drive \Device\Harddisk1\DR1 - Size: 0x3C7800000 (15.12 Gb), SectorSize: 0x200, Cylinders: 0x7B5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:18:33.0486 6048        ============================================================
10:18:33.0486 6048        \Device\Harddisk0\DR0:
10:18:33.0486 6048        MBR partitions:
10:18:33.0486 6048        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000
10:18:33.0486 6048        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE600800, BlocksNum 0xEBBB000
10:18:33.0486 6048        \Device\Harddisk1\DR1:
10:18:33.0486 6048        MBR partitions:
10:18:33.0486 6048        \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1E3BFE0
10:18:33.0486 6048        ============================================================
10:18:33.0517 6048        C: <-> \Device\Harddisk0\DR0\Partition0
10:18:33.0548 6048        D: <-> \Device\Harddisk0\DR0\Partition1
10:18:33.0548 6048        ============================================================
10:18:33.0548 6048        Initialize success
10:18:33.0548 6048        ============================================================
10:20:01.0252 5608        ============================================================
10:20:01.0252 5608        Scan started
10:20:01.0252 5608        Mode: Manual; SigCheck; TDLFS;
10:20:01.0252 5608        ============================================================
10:20:04.0028 5608        1394ohci        (d01e0b1cef9ee82100c2bb07294880ef) C:\windows\system32\drivers\1394ohci.sys
10:20:04.0294 5608        1394ohci - ok
10:20:04.0418 5608        ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
10:20:04.0465 5608        ACPI - ok
10:20:04.0543 5608        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
10:20:04.0637 5608        AcpiPmi - ok
10:20:04.0777 5608        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:20:04.0808 5608        AdobeARMservice - ok
10:20:04.0964 5608        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:20:04.0996 5608        AdobeFlashPlayerUpdateSvc - ok
10:20:05.0152 5608        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
10:20:05.0214 5608        adp94xx - ok
10:20:05.0308 5608        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
10:20:05.0354 5608        adpahci - ok
10:20:05.0401 5608        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
10:20:05.0432 5608        adpu320 - ok
10:20:05.0495 5608        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
10:20:05.0557 5608        AeLookupSvc - ok
10:20:05.0682 5608        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
10:20:05.0760 5608        AFD - ok
10:20:05.0822 5608        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
10:20:05.0854 5608        agp440 - ok
10:20:05.0916 5608        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
10:20:05.0963 5608        aic78xx - ok
10:20:06.0025 5608        ALG            (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
10:20:06.0103 5608        ALG - ok
10:20:06.0150 5608        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
10:20:06.0197 5608        aliide - ok
10:20:06.0244 5608        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
10:20:06.0290 5608        amdagp - ok
10:20:06.0306 5608        amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
10:20:06.0353 5608        amdide - ok
10:20:06.0400 5608        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
10:20:06.0478 5608        AmdK8 - ok
10:20:06.0493 5608        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
10:20:06.0556 5608        AmdPPM - ok
10:20:06.0618 5608        amdsata        (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
10:20:06.0665 5608        amdsata - ok
10:20:06.0758 5608        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
10:20:06.0805 5608        amdsbs - ok
10:20:06.0821 5608        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
10:20:06.0852 5608        amdxata - ok
10:20:06.0914 5608        AppID          (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
10:20:07.0117 5608        AppID - ok
10:20:07.0164 5608        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
10:20:07.0289 5608        AppIDSvc - ok
10:20:07.0351 5608        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
10:20:07.0429 5608        Appinfo - ok
10:20:07.0492 5608        arc            (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
10:20:07.0538 5608        arc - ok
10:20:07.0570 5608        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
10:20:07.0616 5608        arcsas - ok
10:20:07.0679 5608        AsUpIO          (561d6b76c045311691b870f6b3f19eab) C:\windows\system32\drivers\AsUpIO.sys
10:20:07.0757 5608        AsUpIO - ok
10:20:07.0835 5608        AsusService    (c4fb2613d3c75364bb159b9c23a00e7a) C:\Windows\System32\AsusService.exe
10:20:07.0866 5608        AsusService ( UnsignedFile.Multi.Generic ) - warning
10:20:07.0866 5608        AsusService - detected UnsignedFile.Multi.Generic (1)
10:20:07.0897 5608        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
10:20:08.0084 5608        AsyncMac - ok
10:20:08.0147 5608        atapi          (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
10:20:08.0178 5608        atapi - ok
10:20:08.0474 5608        athr            (76bab0c824e2d05b940c4dd40a9b08bf) C:\windows\system32\DRIVERS\athr.sys
10:20:08.0599 5608        athr - ok
10:20:08.0755 5608        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
10:20:08.0849 5608        AudioEndpointBuilder - ok
10:20:08.0864 5608        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
10:20:08.0942 5608        Audiosrv - ok
10:20:09.0161 5608        AVP            (4f1edda7039548f9fb9080efac1e2b8f) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
10:20:09.0208 5608        AVP - ok
10:20:09.0301 5608        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
10:20:09.0410 5608        AxInstSV - ok
10:20:09.0582 5608        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
10:20:09.0660 5608        b06bdrv - ok
10:20:09.0754 5608        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
10:20:09.0816 5608        b57nd60x - ok
10:20:09.0972 5608        BBSvc          (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
10:20:10.0019 5608        BBSvc - ok
10:20:10.0144 5608        BBUpdate        (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
10:20:10.0190 5608        BBUpdate - ok
10:20:10.0846 5608        BCM43XX        (2be0f23d494c301641c42ead2fdcd4f2) C:\windows\system32\DRIVERS\bcmwl6.sys
10:20:11.0017 5608        BCM43XX - ok
10:20:11.0314 5608        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
10:20:11.0407 5608        BDESVC - ok
10:20:11.0485 5608        Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
10:20:11.0563 5608        Beep - ok
10:20:11.0719 5608        BFE            (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
10:20:11.0813 5608        BFE - ok
10:20:11.0969 5608        BITS            (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll
10:20:12.0062 5608        BITS - ok
10:20:12.0094 5608        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
10:20:12.0140 5608        blbdrive - ok
10:20:12.0187 5608        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
10:20:12.0250 5608        bowser - ok
10:20:12.0281 5608        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
10:20:12.0328 5608        BrFiltLo - ok
10:20:12.0343 5608        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
10:20:12.0421 5608        BrFiltUp - ok
10:20:12.0468 5608        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
10:20:12.0577 5608        Browser - ok
10:20:12.0671 5608        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
10:20:12.0749 5608        Brserid - ok
10:20:12.0780 5608        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
10:20:12.0858 5608        BrSerWdm - ok
10:20:12.0874 5608        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
10:20:12.0920 5608        BrUsbMdm - ok
10:20:12.0952 5608        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
10:20:13.0014 5608        BrUsbSer - ok
10:20:13.0076 5608        BthEnum        (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
10:20:13.0154 5608        BthEnum - ok
10:20:13.0201 5608        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
10:20:13.0264 5608        BTHMODEM - ok
10:20:13.0310 5608        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
10:20:13.0373 5608        BthPan - ok
10:20:13.0529 5608        BTHPORT        (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
10:20:13.0607 5608        BTHPORT - ok
10:20:13.0669 5608        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
10:20:13.0763 5608        bthserv - ok
10:20:13.0794 5608        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
10:20:13.0856 5608        BTHUSB - ok
10:20:13.0950 5608        btwampfl        (d57641bf7e6af5c996eab931afadc271) C:\windows\system32\drivers\btwampfl.sys
10:20:14.0012 5608        btwampfl - ok
10:20:14.0059 5608        btwaudio        (81471a7d64d1fc014d47a4cf33cd701e) C:\windows\system32\drivers\btwaudio.sys
10:20:14.0106 5608        btwaudio - ok
10:20:14.0153 5608        btwavdt        (098af3559710fcec05b7aa5159f435f9) C:\windows\system32\drivers\btwavdt.sys
10:20:14.0200 5608        btwavdt - ok
10:20:14.0449 5608        btwdins        (8fcf8e276b5755db87c8b015cad1bc41) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:20:14.0496 5608        btwdins - ok
10:20:14.0512 5608        btwl2cap        (de53089f0678cb5f0afeb867acb0fb05) C:\windows\system32\DRIVERS\btwl2cap.sys
10:20:14.0558 5608        btwl2cap - ok
10:20:14.0574 5608        btwrchid        (e28ef3c4ef1849b876f850015066380b) C:\windows\system32\DRIVERS\btwrchid.sys
10:20:14.0621 5608        btwrchid - ok
10:20:14.0668 5608        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
10:20:14.0761 5608        cdfs - ok
10:20:14.0839 5608        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
10:20:14.0917 5608        cdrom - ok
10:20:14.0980 5608        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
10:20:15.0089 5608        CertPropSvc - ok
10:20:15.0136 5608        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
10:20:15.0198 5608        circlass - ok
10:20:15.0323 5608        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
10:20:15.0370 5608        CLFS - ok
10:20:15.0494 5608        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:20:15.0541 5608        clr_optimization_v2.0.50727_32 - ok
10:20:15.0635 5608        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:20:15.0682 5608        clr_optimization_v4.0.30319_32 - ok
10:20:15.0713 5608        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
10:20:15.0760 5608        CmBatt - ok
10:20:15.0791 5608        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
10:20:15.0822 5608        cmdide - ok
10:20:15.0947 5608        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
10:20:16.0009 5608        CNG - ok
10:20:16.0056 5608        Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
10:20:16.0087 5608        Compbatt - ok
10:20:16.0150 5608        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
10:20:16.0212 5608        CompositeBus - ok
10:20:16.0228 5608        COMSysApp - ok
10:20:16.0274 5608        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
10:20:16.0306 5608        crcdisk - ok
10:20:16.0399 5608        CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll
10:20:16.0477 5608        CryptSvc - ok
10:20:16.0805 5608        cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:20:16.0867 5608        cvhsvc - ok
10:20:17.0008 5608        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
10:20:17.0101 5608        DcomLaunch - ok
10:20:17.0195 5608        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
10:20:17.0288 5608        defragsvc - ok
10:20:17.0382 5608        DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
10:20:17.0460 5608        DfsC - ok
10:20:17.0569 5608        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
10:20:17.0663 5608        Dhcp - ok
10:20:17.0710 5608        discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
10:20:17.0803 5608        discache - ok
10:20:17.0850 5608        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
10:20:17.0881 5608        Disk - ok
10:20:17.0944 5608        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
10:20:18.0037 5608        Dnscache - ok
10:20:18.0115 5608        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
10:20:18.0193 5608        dot3svc - ok
10:20:18.0271 5608        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
10:20:18.0365 5608        DPS - ok
10:20:18.0412 5608        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
10:20:18.0474 5608        drmkaud - ok
10:20:18.0661 5608        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
10:20:18.0724 5608        DXGKrnl - ok
10:20:18.0771 5608        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
10:20:18.0849 5608        EapHost - ok
10:20:19.0597 5608        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
10:20:19.0769 5608        ebdrv - ok
10:20:20.0034 5608        EFS            (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
10:20:20.0112 5608        EFS - ok
10:20:20.0299 5608        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
10:20:20.0377 5608        ehRecvr - ok
10:20:20.0424 5608        ehSched        (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
10:20:20.0487 5608        ehSched - ok
10:20:20.0705 5608        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
10:20:20.0752 5608        elxstor - ok
10:20:20.0799 5608        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
10:20:20.0861 5608        ErrDev - ok
10:20:20.0970 5608        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
10:20:21.0064 5608        EventSystem - ok
10:20:21.0126 5608        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
10:20:21.0220 5608        exfat - ok
10:20:21.0282 5608        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
10:20:21.0360 5608        fastfat - ok
10:20:21.0532 5608        Fax            (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
10:20:21.0610 5608        Fax - ok
10:20:21.0641 5608        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
10:20:21.0703 5608        fdc - ok
10:20:21.0735 5608        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
10:20:21.0828 5608        fdPHost - ok
10:20:21.0859 5608        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
10:20:21.0953 5608        FDResPub - ok
10:20:22.0000 5608        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
10:20:22.0031 5608        FileInfo - ok
10:20:22.0062 5608        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
10:20:22.0140 5608        Filetrace - ok
10:20:22.0390 5608        FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:20:22.0437 5608        FLEXnet Licensing Service - ok
10:20:22.0468 5608        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
10:20:22.0515 5608        flpydisk - ok
10:20:22.0593 5608        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
10:20:22.0624 5608        FltMgr - ok
10:20:22.0858 5608        FontCache      (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
10:20:22.0951 5608        FontCache - ok
10:20:23.0045 5608        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:20:23.0076 5608        FontCache3.0.0.0 - ok
10:20:23.0092 5608        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
10:20:23.0139 5608        FsDepends - ok
10:20:23.0185 5608        fssfltr        (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
10:20:23.0217 5608        fssfltr - ok
10:20:23.0482 5608        fsssvc          (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
10:20:23.0529 5608        fsssvc - ok
10:20:23.0575 5608        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
10:20:23.0607 5608        Fs_Rec - ok
10:20:23.0716 5608        fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
10:20:23.0763 5608        fvevol - ok
10:20:23.0825 5608        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
10:20:23.0872 5608        gagp30kx - ok
10:20:24.0028 5608        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
10:20:24.0137 5608        gpsvc - ok
10:20:24.0309 5608        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
10:20:24.0355 5608        gupdate - ok
10:20:24.0387 5608        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
10:20:24.0418 5608        gupdatem - ok
10:20:24.0449 5608        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
10:20:24.0527 5608        hcw85cir - ok
10:20:24.0652 5608        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
10:20:24.0714 5608        HdAudAddService - ok
10:20:24.0777 5608        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
10:20:24.0839 5608        HDAudBus - ok
10:20:24.0886 5608        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
10:20:24.0933 5608        HidBatt - ok
10:20:24.0979 5608        HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
10:20:25.0042 5608        HidBth - ok
10:20:25.0073 5608        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
10:20:25.0135 5608        HidIr - ok
10:20:25.0167 5608        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll
10:20:25.0276 5608        hidserv - ok
10:20:25.0323 5608        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\drivers\hidusb.sys
10:20:25.0369 5608        HidUsb - ok
10:20:25.0432 5608        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
10:20:25.0525 5608        hkmsvc - ok
10:20:25.0603 5608        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
10:20:25.0666 5608        HomeGroupListener - ok
10:20:25.0744 5608        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
10:20:25.0806 5608        HomeGroupProvider - ok
10:20:25.0869 5608        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
10:20:25.0915 5608        HpSAMD - ok
10:20:26.0071 5608        HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
10:20:26.0149 5608        HTTP - ok
10:20:26.0196 5608        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
10:20:26.0227 5608        hwpolicy - ok
10:20:26.0305 5608        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
10:20:26.0368 5608        i8042prt - ok
10:20:26.0555 5608        IAANTMON        (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
10:20:26.0602 5608        IAANTMON - ok
10:20:26.0711 5608        iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
10:20:26.0758 5608        iaStor - ok
10:20:26.0883 5608        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
10:20:26.0929 5608        iaStorV - ok
10:20:27.0226 5608        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:20:27.0288 5608        idsvc - ok
10:20:27.0397 5608        IGDCTRL        (506801c7d47be8cd1cf342bf28eb17ec) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
10:20:27.0429 5608        IGDCTRL - ok
10:20:28.0708 5608        igfx            (ba41e1bba410212ce6d30e0dac47972b) C:\windows\system32\DRIVERS\igdkmd32.sys
10:20:28.0973 5608        igfx - ok
10:20:29.0269 5608        iirsp          (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
10:20:29.0301 5608        iirsp - ok
10:20:29.0503 5608        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
10:20:29.0597 5608        IKEEXT - ok
10:20:30.0315 5608        IntcAzAudAddService (bf9866875edf86aae24dd8bd9418deff) C:\windows\system32\drivers\RTKVHDA.sys
10:20:30.0471 5608        IntcAzAudAddService - ok
10:20:30.0751 5608        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
10:20:30.0798 5608        intelide - ok
10:20:30.0845 5608        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
10:20:30.0892 5608        intelppm - ok
10:20:30.0939 5608        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
10:20:31.0032 5608        IPBusEnum - ok
10:20:31.0063 5608        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
10:20:31.0157 5608        IpFilterDriver - ok
10:20:31.0313 5608        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
10:20:31.0422 5608        iphlpsvc - ok
10:20:31.0485 5608        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
10:20:31.0531 5608        IPMIDRV - ok
10:20:31.0578 5608        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
10:20:31.0672 5608        IPNAT - ok
10:20:31.0703 5608        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
10:20:31.0797 5608        IRENUM - ok
10:20:31.0828 5608        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
10:20:31.0875 5608        isapnp - ok
10:20:31.0968 5608        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
10:20:31.0999 5608        iScsiPrt - ok
10:20:32.0062 5608        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
10:20:32.0093 5608        kbdclass - ok
10:20:32.0109 5608        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
10:20:32.0171 5608        kbdhid - ok
10:20:32.0218 5608        kbfiltr        (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
10:20:32.0265 5608        kbfiltr - ok
10:20:32.0311 5608        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
10:20:32.0358 5608        KeyIso - ok
10:20:32.0452 5608        kl1            (ce3958f58547454884e97bda78cd7040) C:\windows\system32\DRIVERS\kl1.sys
10:20:32.0499 5608        kl1 - ok
10:20:32.0530 5608        klbg            (53eedab3f0511321ac3ae8bc968b158c) C:\windows\system32\drivers\klbg.sys
10:20:32.0561 5608        klbg - ok
10:20:32.0717 5608        KLIF            (de6c14fb8438ef932d9f58f269a19b85) C:\windows\system32\DRIVERS\klif.sys
10:20:32.0764 5608        KLIF - ok
10:20:32.0842 5608        KLIM6          (892cc162dc88ab084c86485879526c59) C:\windows\system32\DRIVERS\klim6.sys
10:20:32.0873 5608        KLIM6 - ok
10:20:32.0889 5608        klmouflt        (aa63a815876a76987b5dbce6af7478e9) C:\windows\system32\DRIVERS\klmouflt.sys
10:20:32.0935 5608        klmouflt - ok
10:20:32.0982 5608        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
10:20:33.0029 5608        KSecDD - ok
10:20:33.0060 5608        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
10:20:33.0107 5608        KSecPkg - ok
10:20:33.0216 5608        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
10:20:33.0325 5608        KtmRm - ok
10:20:33.0388 5608        L1C            (d1f734d9a7aaf078d88ceb51900699a7) C:\windows\system32\DRIVERS\L1C62x86.sys
10:20:33.0435 5608        L1C - ok
10:20:33.0513 5608        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll
10:20:33.0606 5608        LanmanServer - ok
10:20:33.0669 5608        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
10:20:33.0762 5608        LanmanWorkstation - ok
10:20:33.0840 5608        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
10:20:33.0934 5608        lltdio - ok
10:20:34.0012 5608        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
10:20:34.0090 5608        lltdsvc - ok
10:20:34.0121 5608        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
10:20:34.0215 5608        lmhosts - ok
10:20:34.0277 5608        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
10:20:34.0324 5608        LSI_FC - ok
10:20:34.0371 5608        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
10:20:34.0402 5608        LSI_SAS - ok
10:20:34.0433 5608        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
10:20:34.0480 5608        LSI_SAS2 - ok
10:20:34.0511 5608        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
10:20:34.0542 5608        LSI_SCSI - ok
10:20:34.0605 5608        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
10:20:34.0683 5608        luafv - ok
10:20:34.0761 5608        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
10:20:34.0807 5608        Mcx2Svc - ok
10:20:34.0839 5608        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
10:20:34.0885 5608        megasas - ok
10:20:34.0963 5608        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
10:20:35.0010 5608        MegaSR - ok
10:20:35.0057 5608        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
10:20:35.0166 5608        MMCSS - ok
10:20:35.0197 5608        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
10:20:35.0275 5608        Modem - ok
10:20:35.0338 5608        monitor        (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
10:20:35.0400 5608        monitor - ok
10:20:35.0463 5608        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
10:20:35.0509 5608        mouclass - ok
10:20:35.0556 5608        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
10:20:35.0603 5608        mouhid - ok
10:20:35.0650 5608        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
10:20:35.0697 5608        mountmgr - ok
10:20:35.0853 5608        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:20:35.0884 5608        MozillaMaintenance - ok
10:20:35.0962 5608        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
10:20:35.0993 5608        mpio - ok
10:20:36.0055 5608        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
10:20:36.0133 5608        mpsdrv - ok
10:20:36.0289 5608        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
10:20:36.0399 5608        MpsSvc - ok
10:20:36.0461 5608        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
10:20:36.0523 5608        MRxDAV - ok
10:20:36.0617 5608        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
10:20:36.0679 5608        mrxsmb - ok
10:20:36.0773 5608        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
10:20:36.0835 5608        mrxsmb10 - ok
10:20:36.0898 5608        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
10:20:36.0960 5608        mrxsmb20 - ok
10:20:37.0007 5608        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
10:20:37.0038 5608        msahci - ok
10:20:37.0101 5608        msdsm          (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
10:20:37.0147 5608        msdsm - ok
10:20:37.0225 5608        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
10:20:37.0288 5608        MSDTC - ok
10:20:37.0335 5608        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
10:20:37.0428 5608        Msfs - ok
10:20:37.0444 5608        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
10:20:37.0537 5608        mshidkmdf - ok
10:20:37.0584 5608        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
10:20:37.0615 5608        msisadrv - ok
10:20:37.0693 5608        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
10:20:37.0771 5608        MSiSCSI - ok
10:20:37.0787 5608        msiserver - ok
10:20:37.0834 5608        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
10:20:37.0912 5608        MSKSSRV - ok
10:20:37.0943 5608        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
10:20:38.0037 5608        MSPCLOCK - ok
10:20:38.0052 5608        MSPQM          (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
10:20:38.0130 5608        MSPQM - ok
10:20:38.0193 5608        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
10:20:38.0239 5608        MsRPC - ok
10:20:38.0302 5608        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
10:20:38.0364 5608        mssmbios - ok
10:20:38.0427 5608        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
10:20:38.0536 5608        MSTEE - ok
10:20:38.0551 5608        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
10:20:38.0614 5608        MTConfig - ok
10:20:38.0645 5608        Mup            (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
10:20:38.0692 5608        Mup - ok
10:20:38.0832 5608        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
10:20:38.0973 5608        napagent - ok
10:20:39.0113 5608        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
10:20:39.0207 5608        NativeWifiP - ok
10:20:39.0503 5608        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
10:20:39.0581 5608        NDIS - ok
10:20:39.0628 5608        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
10:20:39.0737 5608        NdisCap - ok
10:20:39.0768 5608        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
10:20:39.0862 5608        NdisTapi - ok
10:20:39.0940 5608        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
10:20:40.0033 5608        Ndisuio - ok
10:20:40.0096 5608        NdisWan        (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
10:20:40.0189 5608        NdisWan - ok
10:20:40.0236 5608        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
10:20:40.0314 5608        NDProxy - ok
10:20:40.0377 5608        Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\windows\system32\HPZinw12.dll
10:20:40.0392 5608        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:20:40.0392 5608        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:20:40.0439 5608        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
10:20:40.0517 5608        NetBIOS - ok
10:20:40.0611 5608        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
10:20:40.0689 5608        NetBT - ok
10:20:40.0735 5608        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
10:20:40.0782 5608        Netlogon - ok
10:20:40.0876 5608        Netman          (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
10:20:40.0985 5608        Netman - ok
10:20:41.0094 5608        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
10:20:41.0188 5608        netprofm - ok
10:20:41.0313 5608        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:20:41.0344 5608        NetTcpPortSharing - ok
10:20:41.0422 5608        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
10:20:41.0453 5608        nfrd960 - ok
10:20:41.0547 5608        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
10:20:41.0640 5608        NlaSvc - ok
10:20:41.0671 5608        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
10:20:41.0765 5608        Npfs - ok
10:20:41.0796 5608        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
10:20:41.0890 5608        nsi - ok
10:20:41.0921 5608        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
10:20:41.0983 5608        nsiproxy - ok
10:20:42.0311 5608        Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
10:20:42.0405 5608        Ntfs - ok
10:20:42.0701 5608        Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
10:20:42.0779 5608        Null - ok
10:20:42.0826 5608        NVHDA          (eae60baf21f6274ab537c87df0eccf9d) C:\windows\system32\drivers\nvhda32v.sys
10:20:42.0904 5608        NVHDA - ok
10:20:45.0415 5608        nvlddmkm        (4f089a4f4a1461f642a9fa1885cacceb) C:\windows\system32\DRIVERS\nvlddmkm.sys
10:20:45.0821 5608        nvlddmkm - ok
10:20:46.0133 5608        nvpciflt        (a20981caa36db75bc7b06620cbf7d636) C:\windows\system32\DRIVERS\nvpciflt.sys
10:20:46.0180 5608        nvpciflt - ok
10:20:46.0242 5608        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
10:20:46.0289 5608        nvraid - ok
10:20:46.0351 5608        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
10:20:46.0398 5608        nvstor - ok
10:20:46.0476 5608        nvsvc          (88700fd5dfb6b20ce7e1ad4ffd53b460) C:\windows\system32\nvvsvc.exe
10:20:46.0539 5608        nvsvc - ok
10:20:46.0617 5608        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
10:20:46.0663 5608        nv_agp - ok
10:20:46.0710 5608        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
10:20:46.0773 5608        ohci1394 - ok
10:20:46.0913 5608        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:20:46.0944 5608        ose - ok
10:20:48.0052 5608        osppsvc        (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:20:48.0239 5608        osppsvc - ok
10:20:48.0567 5608        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
10:20:48.0645 5608        p2pimsvc - ok
10:20:48.0738 5608        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
10:20:48.0801 5608        p2psvc - ok
10:20:48.0910 5608        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
10:20:48.0957 5608        Parport - ok
10:20:49.0003 5608        partmgr        (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
10:20:49.0050 5608        partmgr - ok
10:20:49.0081 5608        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
10:20:49.0113 5608        Parvdm - ok
10:20:49.0222 5608        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
10:20:49.0269 5608        PcaSvc - ok
10:20:49.0347 5608        pci            (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
10:20:49.0393 5608        pci - ok
10:20:49.0425 5608        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
10:20:49.0471 5608        pciide - ok
10:20:49.0565 5608        pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
10:20:49.0612 5608        pcmcia - ok
10:20:49.0643 5608        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
10:20:49.0690 5608        pcw - ok
10:20:49.0893 5608        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
10:20:49.0986 5608        PEAUTH - ok
10:20:50.0376 5608        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
10:20:50.0548 5608        pla - ok
10:20:50.0907 5608        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
10:20:50.0985 5608        PlugPlay - ok
10:20:51.0047 5608        Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\windows\system32\HPZipm12.dll
10:20:51.0078 5608        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
10:20:51.0078 5608        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
10:20:51.0109 5608        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
10:20:51.0172 5608        PNRPAutoReg - ok
10:20:51.0250 5608        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
10:20:51.0297 5608        PNRPsvc - ok
10:20:51.0406 5608        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
10:20:51.0499 5608        PolicyAgent - ok
10:20:51.0577 5608        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
10:20:51.0687 5608        Power - ok
10:20:51.0796 5608        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
10:20:51.0889 5608        PptpMiniport - ok
10:20:51.0921 5608        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
10:20:51.0983 5608        Processor - ok
10:20:52.0077 5608        ProfSvc        (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll
10:20:52.0155 5608        ProfSvc - ok
10:20:52.0186 5608        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
10:20:52.0233 5608        ProtectedStorage - ok
10:20:52.0295 5608        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
10:20:52.0373 5608        Psched - ok
10:20:52.0435 5608        PSI            (d24dfd16a1e2a76034df5aa18125c35d) C:\windows\system32\DRIVERS\psi_mf.sys
10:20:52.0467 5608        PSI - ok
10:20:52.0825 5608        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
10:20:52.0919 5608        ql2300 - ok
10:20:53.0247 5608        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
10:20:53.0278 5608        ql40xx - ok
10:20:53.0356 5608        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
10:20:53.0434 5608        QWAVE - ok
10:20:53.0449 5608        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
10:20:53.0496 5608        QWAVEdrv - ok
10:20:53.0543 5608        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
10:20:53.0637 5608        RasAcd - ok
10:20:53.0699 5608        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
10:20:53.0777 5608        RasAgileVpn - ok
10:20:53.0824 5608        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
10:20:53.0917 5608        RasAuto - ok
10:20:53.0949 5608        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
10:20:54.0042 5608        Rasl2tp - ok
10:20:54.0151 5608        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
10:20:54.0229 5608        RasMan - ok
10:20:54.0292 5608        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
10:20:54.0385 5608        RasPppoe - ok
10:20:54.0432 5608        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
10:20:54.0526 5608        RasSstp - ok
10:20:54.0619 5608        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
10:20:54.0697 5608        rdbss - ok
10:20:54.0729 5608        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
10:20:54.0775 5608        rdpbus - ok
10:20:54.0807 5608        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
10:20:54.0885 5608        RDPCDD - ok
10:20:54.0916 5608        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
10:20:54.0994 5608        RDPENCDD - ok
10:20:55.0025 5608        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
10:20:55.0087 5608        RDPREFMP - ok
10:20:55.0165 5608        RDPWD          (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys
10:20:55.0259 5608        RDPWD - ok
10:20:55.0368 5608        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
10:20:55.0415 5608        rdyboost - ok
10:20:55.0462 5608        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
10:20:55.0571 5608        RemoteAccess - ok
10:20:55.0633 5608        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
10:20:55.0727 5608        RemoteRegistry - ok
10:20:55.0805 5608        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
10:20:55.0852 5608        RFCOMM - ok
10:20:55.0899 5608        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
10:20:55.0992 5608        RpcEptMapper - ok
10:20:56.0023 5608        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
10:20:56.0086 5608        RpcLocator - ok
10:20:56.0195 5608        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
10:20:56.0289 5608        RpcSs - ok
10:20:56.0351 5608        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
10:20:56.0413 5608        rspndr - ok
10:20:56.0460 5608        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
10:20:56.0507 5608        SamSs - ok
10:20:56.0569 5608        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
10:20:56.0616 5608        sbp2port - ok
10:20:56.0679 5608        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
10:20:56.0772 5608        SCardSvr - ok
10:20:56.0819 5608        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
10:20:56.0897 5608        scfilter - ok
10:20:57.0100 5608        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
10:20:57.0209 5608        Schedule - ok
10:20:57.0271 5608        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
10:20:57.0334 5608        SCPolicySvc - ok
10:20:57.0396 5608        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
10:20:57.0474 5608        SDRSVC - ok
10:20:57.0521 5608        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
10:20:57.0615 5608        secdrv - ok
10:20:57.0661 5608        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
10:20:57.0755 5608        seclogon - ok
10:20:58.0114 5608        Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files\Secunia\PSI\PSIA.exe
10:20:58.0192 5608        Secunia PSI Agent - ok
10:20:58.0379 5608        Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files\Secunia\PSI\sua.exe
10:20:58.0473 5608        Secunia Update Agent - ok
10:20:58.0769 5608        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll
10:20:58.0863 5608        SENS - ok
10:20:58.0894 5608        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
10:20:58.0972 5608        SensrSvc - ok
10:20:59.0065 5608        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
10:20:59.0143 5608        Serenum - ok
10:20:59.0175 5608        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
10:20:59.0237 5608        Serial - ok
10:20:59.0268 5608        sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
10:20:59.0315 5608        sermouse - ok
10:20:59.0409 5608        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
10:20:59.0502 5608        SessionEnv - ok
10:20:59.0533 5608        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
10:20:59.0611 5608        sffdisk - ok
10:20:59.0627 5608        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
10:20:59.0674 5608        sffp_mmc - ok
10:20:59.0689 5608        sffp_sd        (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\drivers\sffp_sd.sys
10:20:59.0752 5608        sffp_sd - ok
10:20:59.0752 5608        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
10:20:59.0799 5608        sfloppy - ok
10:20:59.0986 5608        Sftfs          (d9b734638dd8dba9d59aad3189cd0fad) C:\windows\system32\DRIVERS\Sftfslh.sys
10:21:00.0033 5608        Sftfs - ok
10:21:00.0267 5608        sftlist        (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
10:21:00.0313 5608        sftlist - ok
10:21:00.0376 5608        Sftplay        (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\windows\system32\DRIVERS\Sftplaylh.sys
10:21:00.0407 5608        Sftplay - ok
10:21:00.0454 5608        Sftredir        (518bac0179f94304f422696b47c0ec12) C:\windows\system32\DRIVERS\Sftredirlh.sys
10:21:00.0485 5608        Sftredir - ok
10:21:00.0501 5608        Sftvol          (747325236d88b3f05ffd27ff9ec711c5) C:\windows\system32\DRIVERS\Sftvollh.sys
10:21:00.0532 5608        Sftvol - ok
10:21:00.0641 5608        sftvsa          (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
10:21:00.0672 5608        sftvsa - ok
10:21:00.0781 5608        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
10:21:00.0859 5608        SharedAccess - ok
10:21:00.0969 5608        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
10:21:01.0062 5608        ShellHWDetection - ok
10:21:01.0109 5608        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
10:21:01.0156 5608        sisagp - ok
10:21:01.0218 5608        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
10:21:01.0249 5608        SiSRaid2 - ok
10:21:01.0296 5608        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
10:21:01.0327 5608        SiSRaid4 - ok
10:21:01.0452 5608        SkypeUpdate    (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
10:21:01.0483 5608        SkypeUpdate - ok
10:21:01.0530 5608        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
10:21:01.0608 5608        Smb - ok
10:21:01.0686 5608        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
10:21:01.0749 5608        SNMPTRAP - ok
10:21:01.0780 5608        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
10:21:01.0827 5608        spldr - ok
10:21:01.0936 5608        Spooler        (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
10:21:02.0029 5608        Spooler - ok
10:21:02.0763 5608        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
10:21:02.0919 5608        sppsvc - ok
10:21:03.0215 5608        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
10:21:03.0309 5608        sppuinotify - ok
10:21:03.0449 5608        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
10:21:03.0511 5608        srv - ok
10:21:03.0621 5608        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
10:21:03.0699 5608        srv2 - ok
10:21:03.0761 5608        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
10:21:03.0808 5608        srvnet - ok
10:21:03.0886 5608        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
10:21:03.0979 5608        SSDPSRV - ok
10:21:04.0026 5608        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
10:21:04.0120 5608        SstpSvc - ok
10:21:04.0167 5608        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
10:21:04.0198 5608        stexstor - ok
10:21:04.0323 5608        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
10:21:04.0401 5608        StiSvc - ok
10:21:04.0447 5608        swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
10:21:04.0494 5608        swenum - ok
10:21:04.0588 5608        swprv          (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
10:21:04.0697 5608        swprv - ok
10:21:04.0806 5608        SynTP          (bd8e7f87de409a745a132a8812de5a96) C:\windows\system32\DRIVERS\SynTP.sys
10:21:04.0853 5608        SynTP - ok
10:21:05.0149 5608        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
10:21:05.0259 5608        SysMain - ok
10:21:05.0305 5608        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
10:21:05.0368 5608        TabletInputService - ok
10:21:05.0461 5608        TapiSrv        (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
10:21:05.0555 5608        TapiSrv - ok
10:21:05.0602 5608        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
10:21:05.0695 5608        TBS - ok
10:21:06.0335 5608        Tcpip          (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
10:21:06.0429 5608        Tcpip - ok
10:21:07.0006 5608        TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
10:21:07.0084 5608        TCPIP6 - ok
10:21:07.0396 5608        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
10:21:07.0474 5608        tcpipreg - ok
10:21:07.0552 5608        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
10:21:07.0599 5608        TDPIPE - ok
10:21:07.0645 5608        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
10:21:07.0677 5608        TDTCP - ok
10:21:07.0739 5608        tdx            (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
10:21:07.0833 5608        tdx - ok
10:21:07.0879 5608        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
10:21:07.0911 5608        TermDD - ok
10:21:08.0067 5608        TermService    (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
10:21:08.0160 5608        TermService - ok
10:21:08.0191 5608        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
10:21:08.0269 5608        Themes - ok
10:21:08.0301 5608        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
10:21:08.0379 5608        THREADORDER - ok
10:21:08.0425 5608        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
10:21:08.0535 5608        TrkWks - ok
10:21:08.0628 5608        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
10:21:08.0722 5608        TrustedInstaller - ok
10:21:08.0769 5608        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
10:21:08.0847 5608        tssecsrv - ok
10:21:08.0925 5608        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
10:21:09.0003 5608        TsUsbFlt - ok
10:21:09.0081 5608        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
10:21:09.0143 5608        tunnel - ok
10:21:09.0190 5608        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
10:21:09.0237 5608        uagp35 - ok
10:21:09.0330 5608        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
10:21:09.0439 5608        udfs - ok
10:21:09.0486 5608        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
10:21:09.0549 5608        UI0Detect - ok
10:21:09.0627 5608        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
10:21:09.0658 5608        uliagpkx - ok
10:21:09.0720 5608        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
10:21:09.0767 5608        umbus - ok
10:21:09.0829 5608        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
10:21:09.0892 5608        UmPass - ok
10:21:09.0970 5608        upnphost        (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
10:21:10.0079 5608        upnphost - ok
10:21:10.0141 5608        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
10:21:10.0188 5608        usbccgp - ok
10:21:10.0282 5608        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
10:21:10.0344 5608        usbcir - ok
10:21:10.0375 5608        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
10:21:10.0422 5608        usbehci - ok
10:21:10.0516 5608        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
10:21:10.0578 5608        usbhub - ok
10:21:10.0609 5608        usbohci        (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\drivers\usbohci.sys
10:21:10.0687 5608        usbohci - ok
10:21:10.0703 5608        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
10:21:10.0765 5608        usbprint - ok
10:21:10.0812 5608        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
10:21:10.0890 5608        USBSTOR - ok
10:21:10.0921 5608        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
10:21:10.0984 5608        usbuhci - ok
10:21:11.0077 5608        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
10:21:11.0140 5608        usbvideo - ok
10:21:11.0171 5608        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
10:21:11.0265 5608        UxSms - ok
10:21:11.0311 5608        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
10:21:11.0358 5608        VaultSvc - ok
10:21:11.0389 5608        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
10:21:11.0436 5608        vdrvroot - ok
10:21:11.0577 5608        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
10:21:11.0655 5608        vds - ok
10:21:11.0717 5608        vga            (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
10:21:11.0764 5608        vga - ok
10:21:11.0795 5608        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
10:21:11.0873 5608        VgaSave - ok
10:21:11.0935 5608        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
10:21:11.0982 5608        vhdmp - ok
10:21:12.0029 5608        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
10:21:12.0076 5608        viaagp - ok
10:21:12.0091 5608        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
10:21:12.0154 5608        ViaC7 - ok
10:21:12.0201 5608        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
10:21:12.0247 5608        viaide - ok
10:21:12.0263 5608        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
10:21:12.0310 5608        volmgr - ok
10:21:12.0403 5608        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
10:21:12.0450 5608        volmgrx - ok
10:21:12.0528 5608        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
10:21:12.0575 5608        volsnap - ok
10:21:12.0653 5608        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
10:21:12.0684 5608        vsmraid - ok
10:21:12.0965 5608        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
10:21:13.0105 5608        VSS - ok
10:21:13.0137 5608        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
10:21:13.0199 5608        vwifibus - ok
10:21:13.0246 5608        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
10:21:13.0293 5608        vwififlt - ok
10:21:13.0386 5608        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
10:21:13.0480 5608        W32Time - ok
10:21:13.0527 5608        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
10:21:13.0589 5608        WacomPen - ok
10:21:13.0651 5608        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
10:21:13.0729 5608        WANARP - ok
10:21:13.0729 5608        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
10:21:13.0807 5608        Wanarpv6 - ok
10:21:14.0119 5608        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
10:21:14.0244 5608        wbengine - ok
10:21:14.0307 5608        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
10:21:14.0385 5608        WbioSrvc - ok
10:21:14.0478 5608        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
10:21:14.0541 5608        wcncsvc - ok
10:21:14.0572 5608        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
10:21:14.0665 5608        WcsPlugInService - ok
10:21:14.0759 5608        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
10:21:14.0806 5608        Wd - ok
10:21:14.0915 5608        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
10:21:14.0977 5608        Wdf01000 - ok
10:21:15.0024 5608        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
10:21:15.0133 5608        WdiServiceHost - ok
10:21:15.0133 5608        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
10:21:15.0196 5608        WdiSystemHost - ok
10:21:15.0289 5608        WebClient      (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
10:21:15.0352 5608        WebClient - ok
10:21:15.0414 5608        Wecsvc          (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
10:21:15.0492 5608        Wecsvc - ok
10:21:15.0539 5608        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
10:21:15.0633 5608        wercplsupport - ok
10:21:15.0711 5608        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
10:21:15.0804 5608        WerSvc - ok
10:21:15.0851 5608        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
10:21:15.0929 5608        WfpLwf - ok
10:21:15.0960 5608        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
10:21:15.0991 5608        WIMMount - ok
10:21:16.0179 5608        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
10:21:16.0257 5608        WinDefend - ok
10:21:16.0272 5608        WinHttpAutoProxySvc - ok
10:21:16.0366 5608        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
10:21:16.0444 5608        Winmgmt - ok
10:21:16.0756 5608        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
10:21:16.0896 5608        WinRM - ok
10:21:17.0021 5608        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
10:21:17.0083 5608        WinUsb - ok
10:21:17.0302 5608        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
10:21:17.0395 5608        Wlansvc - ok
10:21:17.0427 5608        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
10:21:17.0489 5608        WmiAcpi - ok
10:21:17.0614 5608        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
10:21:17.0676 5608        wmiApSrv - ok
10:21:18.0035 5608        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:21:18.0113 5608        WMPNetworkSvc - ok
10:21:18.0378 5608        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
10:21:18.0456 5608        WPCSvc - ok
10:21:18.0503 5608        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
10:21:18.0581 5608        WPDBusEnum - ok
10:21:18.0675 5608        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
10:21:18.0753 5608        ws2ifsl - ok
10:21:18.0815 5608        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll
10:21:18.0893 5608        wscsvc - ok
10:21:18.0893 5608        WSearch - ok
10:21:19.0361 5608        wuauserv        (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
10:21:19.0517 5608        wuauserv - ok
10:21:19.0845 5608        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
10:21:19.0923 5608        WudfPf - ok
10:21:19.0985 5608        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
10:21:20.0063 5608        WUDFRd - ok
10:21:20.0141 5608        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
10:21:20.0219 5608        wudfsvc - ok
10:21:20.0297 5608        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
10:21:20.0375 5608        WwanSvc - ok
10:21:20.0437 5608        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:21:20.0718 5608        \Device\Harddisk0\DR0 - ok
10:21:20.0718 5608        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
10:21:28.0050 5608        \Device\Harddisk1\DR1 - ok
10:21:28.0050 5608        Boot (0x1200)  (59d5c942acc4471a03a5718aada7527d) \Device\Harddisk0\DR0\Partition0
10:21:28.0066 5608        \Device\Harddisk0\DR0\Partition0 - ok
10:21:28.0097 5608        Boot (0x1200)  (e561d3855e7409f40c075f86402524ce) \Device\Harddisk0\DR0\Partition1
10:21:28.0097 5608        \Device\Harddisk0\DR0\Partition1 - ok
10:21:28.0113 5608        Boot (0x1200)  (a78753acb8f5a7ee53d0ea39b121860b) \Device\Harddisk1\DR1\Partition0
10:21:28.0113 5608        \Device\Harddisk1\DR1\Partition0 - ok
10:21:28.0113 5608        ============================================================
10:21:28.0113 5608        Scan finished
10:21:28.0113 5608        ============================================================
10:21:28.0144 5640        Detected object count: 3
10:21:28.0144 5640        Actual detected object count: 3
10:23:53.0895 5640        AsusService ( UnsignedFile.Multi.Generic ) - skipped by user
10:23:53.0895 5640        AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:23:53.0910 5640        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:23:53.0910 5640        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:23:53.0910 5640        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
10:23:53.0910 5640        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:25:39.0944 5884        Deinitialize success
Gruß, L.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:09 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131