Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv. (https://www.trojaner-board.de/117959-avira-findet-versteckte-datei-immer-trojaner-tr-rogue-kdv.html)

Kickme 25.06.2012 16:52
Avira findet versteckte Datei und immer wieder Trojaner TR/Rogue.kdv.
 
Hallo,
Avira findet immer wieder 1 bis 2 versteckte Objekte wie folgt:
Versteckter Treiber
[HINWEIS] Eine Speicherveränderung wurde entdeckt, die möglicherweise zur versteckten Dateizugriffen missbraucht werden könnte.

zudem findet Avira immer wieder neue Trojaner wie diesen:
Beginne mit der Suche in 'C:\Users\Kicky\AppData\Roaming\AcroIEHelpe148.dll'
C:\Users\Kicky\AppData\Roaming\AcroIEHelpe148.dll
[FUND] Ist das Trojanische Pferd TR/Rogue.kdv.657604
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '54c92941.qua' verschoben!

Habe Malwarebytes Anti-Malware scannen lassen:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.25.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kicky :: KICKY-PC [Administrator]

Schutz: Aktiviert

25.06.2012 13:39:02
mbam-log-2012-06-25 (13-39-02).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 374535
Laufzeit: 1 Stunde(n), 19 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Backdoor.Agent) -> Daten: C:\Users\Kicky\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\$Recycle.Bin\S-1-5-21-3390966134-1382135305-2836735314-1000\$R8EER90.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\mozjs.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\nsldap32v60.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\nsldappr32v60.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\nsldif32v60.dll (Spyware.OnlineGames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kicky\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Löschen bei Neustart.

(Ende)

Danach wurde neugestartet und Avira erneut gestartet:
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 25. Juni 2012 15:22

Es wird nach 3868291 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Kicky
Computername : KICKY-PC

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 01.05.2012 22:48:48
AVSCAN.DLL : 12.3.0.15 66256 Bytes 02.05.2012 00:02:50
LUKE.DLL : 12.3.0.15 68304 Bytes 01.05.2012 23:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 01.05.2012 22:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 23.06.2012 14:28:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 10:43:53
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 14:28:36
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 14:28:36
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 14:28:36
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 14:28:36
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 14:28:36
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 14:28:36
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 14:28:36
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 14:28:36
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 14:28:36
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 14:28:37
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 14:28:37
VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 14:28:38
VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 14:28:38
VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 14:28:39
VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 14:28:39
VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 14:28:40
VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 14:28:40
VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 14:28:40
VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 14:28:41
VBASE024.VDF : 7.11.32.133 127488 Bytes 11.06.2012 14:28:41
VBASE025.VDF : 7.11.32.171 182784 Bytes 12.06.2012 14:28:42
VBASE026.VDF : 7.11.32.251 119296 Bytes 14.06.2012 14:28:42
VBASE027.VDF : 7.11.33.83 159232 Bytes 18.06.2012 14:28:42
VBASE028.VDF : 7.11.33.195 200192 Bytes 22.06.2012 14:28:43
VBASE029.VDF : 7.11.33.196 2048 Bytes 22.06.2012 14:28:43
VBASE030.VDF : 7.11.33.197 2048 Bytes 22.06.2012 14:28:43
VBASE031.VDF : 7.11.33.234 84480 Bytes 25.06.2012 11:24:50
Engineversion : 8.2.10.96
AEVDF.DLL : 8.1.2.8 106867 Bytes 23.06.2012 14:28:51
AESCRIPT.DLL : 8.1.4.28 455035 Bytes 23.06.2012 14:28:51
AESCN.DLL : 8.1.8.2 131444 Bytes 16.02.2012 16:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 23.06.2012 14:28:52
AERDL.DLL : 8.1.9.15 639348 Bytes 20.01.2012 23:21:32
AEPACK.DLL : 8.2.16.22 807288 Bytes 23.06.2012 14:28:51
AEOFFICE.DLL : 8.1.2.38 201083 Bytes 23.06.2012 14:28:49
AEHEUR.DLL : 8.1.4.52 4923767 Bytes 23.06.2012 14:28:49
AEHELP.DLL : 8.1.21.0 254326 Bytes 23.06.2012 14:28:45
AEGEN.DLL : 8.1.5.30 422261 Bytes 23.06.2012 14:28:44
AEEXP.DLL : 8.1.0.54 82293 Bytes 23.06.2012 14:28:52
AEEMU.DLL : 8.1.3.0 393589 Bytes 20.01.2012 23:21:29
AECORE.DLL : 8.1.25.10 201080 Bytes 23.06.2012 14:28:44
AEBB.DLL : 8.1.1.0 53618 Bytes 20.01.2012 23:21:28
AVWINLL.DLL : 12.3.0.15 27344 Bytes 01.05.2012 22:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 01.05.2012 22:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 01.05.2012 22:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 01.05.2012 22:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 01.05.2012 22:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 16.04.2012 21:11:02
AVSMTP.DLL : 12.3.0.15 63440 Bytes 01.05.2012 22:51:35
NETNT.DLL : 12.3.0.15 17104 Bytes 01.05.2012 23:33:29
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 02.05.2012 00:03:51
RCTEXT.DLL : 12.3.0.15 98512 Bytes 02.05.2012 00:03:51

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Festplatten
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\alldiscs.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Montag, 25. Juni 2012 15:22

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RunDll32.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winampa.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mini_WMCore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PsiService_2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\Windows\Sysnative\drivers\sptd.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
Die Registry wurde durchsucht ( '1734' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\alter rechner\Music\hörbuch\***\JAd-OlS.part1.rar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Music\hörbuch\***\JAd-OlS.part2.rar
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
C:\alter rechner\Music\hörbuch\***\JAd-OlS.part3.rar
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
C:\alter rechner\Music\hörbuch\***\JAd-OlS.part4.rar
[WARNUNG] Aus diesem Archiv können keine weiteren Dateien ausgepackt werden. Das Archiv wird geschlossen.
C:\alter rechner\Music\hörbuch\***\JKDR.part1.rar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Music\hörbuch\***\JKDR.part2.rar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Music\hörbuch\***\JKDR.part3.rar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Music\hörbuch\***\JKDR.part4.rar
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Software\office\FILES\OSP\1033\IE5\EN\IENT_S1.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Software\office\FILES\OSP\1033\IE5\EN\IENT_S2.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Software\office\FILES\OSP\1033\IE5\EN\IENT_S3.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Software\office\FILES\OSP\1033\IE5\EN\IENT_S4.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Software\office\FILES\OSP\1033\IE5\EN\IE_S1.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Software\office\FILES\OSP\1033\IE5\EN\IE_S2.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\alter rechner\Software\office\FILES\OSP\1033\IE5\EN\IE_S3.CAB
[WARNUNG] Einige Dateien dieses Archives sind auf mehrere Teilarchive verteilt (multiple volume)
C:\Users\Kicky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9CWRXVDZ\theme[1].zip
[WARNUNG] Unerwartetes Dateiende erreicht


Ende des Suchlaufs: Montag, 25. Juni 2012 16:34
Benötigte Zeit: 1:11:38 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

34731 Verzeichnisse wurden überprüft
835513 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
1 Dateien konnten nicht durchsucht werden
835512 Dateien ohne Befall
19618 Archive wurden durchsucht
17 Warnungen
0 Hinweise


Als nächstes habe ich defogger benutzt:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:11 on 25/06/2012 (Kicky)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

Neustart wurde durchgeführt, danach hab ich habe ich Schritt 2 der Anleitung für Hilfesuchende befolgt:
OTL.txt:OTL Logfile:
Code:
OTL logfile created on: 25.06.2012 17:57:00 - Run 1
OTL by OldTimer - Version 3.2.53.0    Folder = C:\Users\Kicky\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 67,58% Memory free
7,60 Gb Paging File | 5,96 Gb Available in Paging File | 78,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,56 Gb Total Space | 93,11 Gb Free Space | 41,65% Space Free | Partition Type: NTFS
 
Computer Name: KICKY-PC | User Name: Kicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.25 17:55:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Kicky\Desktop\OTL.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.11 23:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.01.28 15:53:54 | 000,453,120 | R--- | M] () -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
PRC - [2009.07.24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 15:42:54 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll
MOD - [2012.06.14 12:27:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 12:27:45 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.15 08:39:46 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012.05.15 08:37:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.15 08:37:04 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.15 08:36:59 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.15 08:36:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.15 08:36:54 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.15 08:36:49 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.08.25 13:49:58 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.07.22 03:19:24 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.07.19 19:08:30 | 001,429,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010.07.19 18:46:54 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010.06.29 16:12:20 | 000,158,720 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.28 15:53:54 | 000,453,120 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2010.01.10 13:01:38 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009.07.24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.06.21 11:55:00 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2012.06.21 11:55:00 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.06.21 11:55:00 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.06.21 11:55:00 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.06.21 11:55:00 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 18:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.05.26 10:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.01 22:18:40 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2010.12.01 19:09:30 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.15 08:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.03 10:40:24 | 000,104,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2010.07.22 03:19:24 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.07.14 05:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.27 00:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.18 08:56:26 | 000,026,160 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010.01.18 08:56:26 | 000,021,040 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdfltn.sys -- (stdflt)
DRV:64bit: - [2009.12.03 17:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 7E CF 19 4A 51 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {0552F62B-0DC6-4AFC-9C33-005511CA711E}
IE - HKCU\..\SearchScopes\{0552F62B-0DC6-4AFC-9C33-005511CA711E}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php"
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:2.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 16:36:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\components [2011.07.01 11:57:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\plugins [2012.06.23 18:08:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Kicky\AppData\Roaming\13001.011 [2012.06.25 15:03:48 | 000,000,000 | ---D | M]
 
[2011.02.01 12:24:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kicky\AppData\Roaming\Mozilla\Extensions
[2010.12.11 11:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kicky\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.24 23:07:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kicky\AppData\Roaming\Mozilla\Firefox\Profiles\u80ghfrw.default\extensions
[2011.07.19 14:24:13 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Kicky\AppData\Roaming\Mozilla\Firefox\Profiles\u80ghfrw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.24 23:07:42 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Kicky\AppData\Roaming\Mozilla\Firefox\Profiles\u80ghfrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.06.23 16:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.06.25 15:03:48 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\KICKY\APPDATA\ROAMING\13001.011
[2012.02.15 10:39:30 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\KICKY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U80GHFRW.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll File not found
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll File not found
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0CC7E1D-6F22-44C9-8D54-C27011D13830}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\Shell\FDInfo\command - "" = write DOCS\INFO.TXT
O33 - MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\Shell\Installdoc\command - "" = write DOCS\INSTALL3.TXT
O33 - MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\Shell\InstReadme\command - "" = write DOCS\README.TXT
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.25 17:55:49 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Kicky\Desktop\OTL.exe
[2012.06.25 15:03:47 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\13001.011
[2012.06.25 13:38:02 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\Malwarebytes
[2012.06.25 13:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.25 13:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.25 13:37:39 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.25 13:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.24 23:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012.06.24 23:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.06.24 23:09:26 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\QuickScan
[2012.06.24 23:07:53 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\13001.009
[2012.06.23 21:49:11 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\13001.008
[2012.06.23 18:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.06.23 16:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.06.23 16:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.06.23 16:33:30 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\Avira
[2012.06.23 16:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.23 16:28:11 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.06.23 16:28:10 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.06.23 16:28:10 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.06.23 16:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.23 16:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.06.23 15:58:01 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12001.023
[2012.06.23 15:23:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kicky\Desktop\HiJackThis204.exe
[2012.06.23 15:17:43 | 000,000,000 | ---D | C] -- C:\79d2d89de1bf34f42e21
[2012.06.23 15:16:21 | 000,000,000 | ---D | C] -- C:\12ae3b4214f3964fe27868
[2012.06.22 09:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2012.06.22 09:18:48 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Local\PC_Drivers_Headquarters
[2012.06.22 09:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
[2012.06.22 09:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
[2012.06.21 11:40:47 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12022
[2012.06.15 10:33:00 | 000,000,000 | ---D | C] -- C:\Windows\{8D66B53E-07E4-45E0-B29F-D3285859C9EF}
[2012.06.14 15:25:50 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12016
[2012.06.13 11:29:47 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12015
[2012.06.12 15:17:50 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12014
[2012.06.12 15:17:31 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\xmldm
[2012.06.12 15:17:30 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\kock
[2012.05.28 21:15:21 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\dvdcss
[2012.05.28 09:57:18 | 000,000,000 | ---D | C] -- C:\Users\Kicky\Desktop\Filme
[2011.07.01 11:57:06 | 015,141,040 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xul.dll
[2011.07.01 11:57:06 | 000,399,536 | ---- | C] (Mozilla Messaging) -- C:\Program Files (x86)\thunderbird.exe
[2011.07.01 11:57:06 | 000,016,048 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\plugin-container.exe
[2011.07.01 11:57:05 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\D3DCompiler_42.dll
[2011.07.01 11:57:05 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\d3dx9_42.dll
[2011.07.01 11:57:05 | 000,514,224 | ---- | C] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll
[2011.07.01 11:57:05 | 000,469,168 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libGLESv2.dll
[2011.07.01 11:57:05 | 000,268,464 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\freebl3.dll
[2011.07.01 11:57:05 | 000,125,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\crashreporter.exe
[2011.07.01 11:57:05 | 000,092,336 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libEGL.dll
[2011.07.01 11:57:05 | 000,018,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\AccessibleMarshal.dll
[2011.07.01 11:57:05 | 000,015,024 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozalloc.dll
[2010.12.11 11:56:09 | 000,059,568 | ---- | C] (Mozilla.org) -- C:\Program Files (x86)\mozMapi32_InUse.dll
[2010.12.11 11:56:09 | 000,018,096 | ---- | C] (Mozilla.org) -- C:\Program Files (x86)\MapiProxy_InUse.dll
[2010.12.11 11:56:07 | 000,719,024 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozcpp19.dll
[2010.12.11 11:56:07 | 000,714,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozcrt19.dll
[2010.12.11 11:56:07 | 000,645,296 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nss3.dll
[2010.12.11 11:56:07 | 000,342,192 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssckbi.dll
[2010.12.11 11:56:07 | 000,174,256 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nspr4.dll
[2010.12.11 11:56:07 | 000,166,064 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\softokn3.dll
[2010.12.11 11:56:07 | 000,141,488 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\ssl3.dll
[2010.12.11 11:56:07 | 000,104,624 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\smime3.dll
[2010.12.11 11:56:07 | 000,104,624 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssdbm3.dll
[2010.12.11 11:56:07 | 000,088,240 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssutil3.dll
[2010.12.11 11:56:07 | 000,059,568 | ---- | C] (Mozilla.org) -- C:\Program Files (x86)\mozMapi32.dll
[2010.12.11 11:56:07 | 000,021,168 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plc4.dll
[2010.12.11 11:56:07 | 000,018,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xpcom.dll
[2010.12.11 11:56:07 | 000,018,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\WSEnable.exe
[2010.12.11 11:56:07 | 000,018,096 | ---- | C] (Mozilla.org) -- C:\Program Files (x86)\MapiProxy.dll
[2010.12.11 11:56:07 | 000,018,096 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plds4.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Kicky\AppData\Roaming\*.tmp files -> C:\Users\Kicky\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.25 17:55:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Kicky\Desktop\OTL.exe
[2012.06.25 17:19:48 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.25 17:19:48 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.25 17:16:32 | 001,505,390 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.25 17:16:32 | 000,656,528 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.25 17:16:32 | 000,618,370 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.25 17:16:32 | 000,131,268 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.25 17:16:32 | 000,107,650 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.25 17:12:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.25 17:11:58 | 3062,247,424 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.25 17:11:01 | 000,000,020 | ---- | M] () -- C:\Users\Kicky\defogger_reenable
[2012.06.25 17:09:19 | 000,050,477 | ---- | M] () -- C:\Users\Kicky\Desktop\Defogger.exe
[2012.06.25 15:03:43 | 000,000,032 | ---- | M] () -- C:\Users\Kicky\AppData\Roaming\blckdom.res
[2012.06.24 23:49:26 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.06.24 23:49:07 | 001,527,912 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.23 15:45:46 | 000,010,337 | ---- | M] () -- C:\Users\Kicky\Desktop\bookmarks-2012-06-23.json
[2012.06.23 15:23:02 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kicky\Desktop\HiJackThis204.exe
[2012.06.23 15:10:34 | 002,077,422 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012.06.22 09:18:01 | 000,002,455 | ---- | M] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2012.06.22 09:09:52 | 000,376,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.21 15:19:54 | 000,000,013 | ---- | M] () -- C:\Users\Kicky\AppData\Roaming\urhtps.dat
[2012.06.21 12:00:30 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Kicky\AppData\Roaming\*.tmp files -> C:\Users\Kicky\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.25 17:11:01 | 000,000,020 | ---- | C] () -- C:\Users\Kicky\defogger_reenable
[2012.06.25 17:09:18 | 000,050,477 | ---- | C] () -- C:\Users\Kicky\Desktop\Defogger.exe
[2012.06.24 23:49:26 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.06.24 23:49:15 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.06.24 23:49:07 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.23 18:08:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.06.23 16:36:34 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.23 15:45:46 | 000,010,337 | ---- | C] () -- C:\Users\Kicky\Desktop\bookmarks-2012-06-23.json
[2012.06.22 10:25:58 | 000,000,032 | ---- | C] () -- C:\Users\Kicky\AppData\Roaming\blckdom.res
[2012.06.22 09:18:01 | 000,002,455 | ---- | C] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2012.06.21 15:19:54 | 000,000,013 | ---- | C] () -- C:\Users\Kicky\AppData\Roaming\urhtps.dat
[2012.03.06 19:21:36 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll
[2011.08.09 18:22:10 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.08.09 18:22:09 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.08.09 18:22:09 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011.08.09 18:22:09 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.07.01 11:57:06 | 000,017,900 | ---- | C] () -- C:\Program Files (x86)\removed-files
[2011.07.01 11:57:06 | 000,001,664 | ---- | C] () -- C:\Program Files (x86)\precomplete
[2011.07.01 11:57:05 | 005,859,911 | ---- | C] () -- C:\Program Files (x86)\omni.jar
[2011.07.01 11:57:05 | 000,004,276 | ---- | C] () -- C:\Program Files (x86)\crashreporter.ini
[2011.07.01 11:57:05 | 000,003,518 | ---- | C] () -- C:\Program Files (x86)\blocklist.xml
[2011.07.01 11:57:05 | 000,002,056 | ---- | C] () -- C:\Program Files (x86)\application.ini
[2011.07.01 11:57:05 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\freebl3.chk
[2011.06.27 18:22:43 | 000,000,025 | ---- | C] () -- C:\Windows\CDED68PE.ini
[2010.12.11 11:56:09 | 000,000,709 | ---- | C] () -- C:\Program Files (x86)\updater.ini
[2010.12.11 11:56:09 | 000,000,003 | ---- | C] () -- C:\Program Files (x86)\update.locale
[2010.12.11 11:56:07 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\softokn3.chk
[2010.12.11 11:56:07 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\nssdbm3.chk
[2010.12.11 11:56:07 | 000,000,139 | ---- | C] () -- C:\Program Files (x86)\platform.ini
[2010.12.11 11:35:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.01 20:15:15 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.01 19:15:17 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0828.old
[2010.12.01 19:15:17 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.11.29 23:42:52 | 000,001,734 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== LOP Check ==========
 
[2012.06.23 15:58:02 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12001.023
[2012.06.12 15:17:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12014
[2012.06.13 11:29:47 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12015
[2012.06.14 15:25:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12016
[2012.06.21 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12022
[2012.06.23 21:49:13 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\13001.008
[2012.06.24 23:07:53 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\13001.009
[2012.06.25 15:03:48 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\13001.011
[2011.12.22 10:29:28 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Canneverbe Limited
[2012.03.08 17:45:09 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\DAEMON Tools Lite
[2011.09.13 14:55:14 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\DVDVideoSoft
[2011.07.19 14:24:13 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.03 14:53:22 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\EndNote
[2011.02.02 13:09:05 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\GHISLER
[2011.03.29 19:38:34 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\gnupg
[2012.06.12 15:17:30 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\kock
[2011.02.02 11:29:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Local
[2011.12.22 10:27:52 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\OpenCandy
[2010.11.29 23:23:09 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Opera
[2011.04.02 13:39:49 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\PlayFirst
[2012.06.24 23:09:30 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\QuickScan
[2010.12.11 11:56:31 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Thunderbird
[2010.11.29 23:48:04 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\WirelessManager
[2012.06.21 15:20:33 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\xmldm
[2012.03.11 21:32:18 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >
--- --- ---


Extra.txt:OTL Logfile:
Code:
OTL Extras logfile created on: 25.06.2012 17:57:00 - Run 1
OTL by OldTimer - Version 3.2.53.0    Folder = C:\Users\Kicky\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,57 Gb Available Physical Memory | 67,58% Memory free
7,60 Gb Paging File | 5,96 Gb Available in Paging File | 78,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,56 Gb Total Space | 93,11 Gb Free Space | 41,65% Space Free | Partition Type: NTFS
 
Computer Name: KICKY-PC | User Name: Kicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4CD5FA09-ED7A-413C-9CC3-2516C3B17C7B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{B1022CEB-3683-4532-8891-356EB4AF8BBD}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{45867D65-4937-40F2-BFBF-D7A66457ECEF}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{5786245E-48DB-4DFF-8D54-264D4CDF48FB}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{5CE56AB5-DBC9-4CB7-9574-15B191B2C2C1}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{0572BAA0-054B-4410-BF90-C6E8332A3BA2}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{848318AE-8639-4905-AB2D-8FACE13CFCFA}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{E3D931D1-315B-448E-87EB-3FDEAA187A19}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel(R) PROSet/Wireless WiFi-Software
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64973F6A-8754-43D1-BDD0-FC6F0546347B}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"_{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{0637819B-C154-4AAE-B4E4-07B89860C20E}" = Dell Backup and Recovery Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{368FCA18-C510-4F87-B60E-192B9BDBAE3D}" = CorelDRAW Graphics Suite X5
"{3839C2FF-2CD0-4601-91A8-B1E40A9BE8A8}" = Driver Detective
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}" = EndNote X4
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8F18CFF8-8259-4148-AD00-2EE572754E92}" = CorelDRAW Graphics Suite X5 - FR
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{94FA9FA6-5294-494D-A8F1-1E654CBB5736}" = Epson Easy Photo Print 2
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{BFE9A442-5D4B-4372-B994-FB4BCEA78662}" = CorelDRAW Graphics Suite X5 - NL
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D0291D38-D7AE-47B6-AD64-4FAB908FDB9F}" = CorelDRAW Graphics Suite X5 - Extra Content
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DC43FBD3-3E5D-419D-A981-519F1A3E6F53}" = CorelDRAW Graphics Suite X5 - IT
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FD8AE9E2-B61E-4826-9CE7-937E1E9A9EEC}" = CorelDRAW Graphics Suite X5 - BR
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"7-Zip" = 7-Zip 9.20
"Avira AntiVir Desktop" = Avira Free Antivirus
"Browser Defender_is1" = Browser Defender 3.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Studio_is1" = Free Studio version 5.1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Totalcmd" = Total Commander (Remove or Repair)
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 22.06.2012 03:53:17 | Computer Name = Kicky-PC | Source = MsiInstaller | ID = 11730
Description =
 
Error - 23.06.2012 10:11:32 | Computer Name = Kicky-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000cea18  ID des fehlerhaften
 Prozesses: 0xc70  Startzeit der fehlerhaften Anwendung: 0x01cd514a1280849a  Pfad der
 fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 54dcc505-bd3d-11e1-a046-835c36c60e72
 
Error - 23.06.2012 12:40:49 | Computer Name = Kicky-PC | Source = VSS | ID = 12310
Description =
 
Error - 23.06.2012 12:40:50 | Computer Name = Kicky-PC | Source = VSS | ID = 12298
Description =
 
Error - 24.06.2012 16:18:12 | Computer Name = Kicky-PC | Source = Windows Backup | ID = 4103
Description =
 
Error - 24.06.2012 17:24:00 | Computer Name = Kicky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Kicky\Desktop\SoftonicDownloader_fuer_microsoft-security-essentials.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 24.06.2012 17:24:05 | Computer Name = Kicky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Kicky\Desktop\SoftonicDownloader_fuer_microsoft-security-essentials.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 24.06.2012 17:25:31 | Computer Name = Kicky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Kicky\Desktop\SoftonicDownloader_fuer_microsoft-security-essentials.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 24.06.2012 17:25:36 | Computer Name = Kicky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Kicky\Desktop\SoftonicDownloader_fuer_microsoft-security-essentials.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 24.06.2012 17:26:16 | Computer Name = Kicky-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Kicky\Desktop\SoftonicDownloader_fuer_microsoft-security-essentials.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
[ System Events ]
Error - 22.06.2012 04:13:27 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PC Tools Security Service" wurde unerwartet beendet. Dies
ist bereits 2 Mal passiert.
 
Error - 22.06.2012 04:19:13 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PC Tools Security Service" wurde unerwartet beendet. Dies
ist bereits 3 Mal passiert.
 
Error - 22.06.2012 04:25:00 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PC Tools Security Service" wurde unerwartet beendet. Dies
ist bereits 4 Mal passiert.
 
Error - 22.06.2012 04:30:46 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PC Tools Security Service" wurde unerwartet beendet. Dies
ist bereits 5 Mal passiert.
 
Error - 23.06.2012 09:06:24 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "PC Tools Security Service" wurde nicht richtig gestartet.
 
Error - 23.06.2012 09:11:35 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PC Tools Security Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
 
Error - 23.06.2012 09:59:13 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:  %%-2147467243
 
Error - 23.06.2012 10:05:00 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "PC Tools Security Service" wurde nicht richtig gestartet.
 
Error - 23.06.2012 10:07:19 | Computer Name = Kicky-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PC Tools Security Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
 
Error - 23.06.2012 15:49:34 | Computer Name = Kicky-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
--- --- ---

und jetzt weiß ich nicht wie ich weiter vorgehen soll? Muss/kann ich den defogger wieder aktivieren? Ist der fertig?

Lieben Dank im Voraus!
Schöne Grüße
Kickme

cosinus 28.06.2012 11:38
Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.

Kickme 28.06.2012 16:40
Danke für die Antwort, hier der log

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9cbc046c4bb0ae4595ae7835309ae646
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-28 10:52:28
# local_time=2012-06-28 12:52:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 419035 419035 0 0
# compatibility_mode=5893 16776574 100 94 421001 92510575 0 0
# compatibility_mode=8192 67108863 100 0 170 170 0 0
# scanned=1389
# found=0
# cleaned=0
# scan_time=22
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9cbc046c4bb0ae4595ae7835309ae646
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-28 10:53:56
# local_time=2012-06-28 12:53:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 419109 419109 0 0
# compatibility_mode=5893 16776574 100 94 421075 92510649 0 0
# compatibility_mode=8192 67108863 100 0 244 244 0 0
# scanned=2519
# found=0
# cleaned=0
# scan_time=37
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9cbc046c4bb0ae4595ae7835309ae646
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-28 03:35:11
# local_time=2012-06-28 05:35:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 419205 419205 0 0
# compatibility_mode=5893 16776574 100 94 421171 92510745 0 0
# compatibility_mode=8192 67108863 100 0 340 340 0 0
# scanned=179434
# found=1
# cleaned=0
# scan_time=16816
C:\Users\Kicky\AppData\Roaming\13001.009\components\AcroFF009.dll a variant of Win32/Spy.Banker.YAH trojan (unable to clean) 00000000000000000000000000000000 I

cosinus 02.07.2012 11:26
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Kickme 02.07.2012 14:17
hier der log. hätte ich bei dem programm nach dem scan bereinigen oder so klicken sollen?

Code:
OTL logfile created on: 02.07.2012 14:56:38 - Run 2
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\Kicky\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,28 Gb Available Physical Memory | 60,08% Memory free
7,60 Gb Paging File | 5,81 Gb Available in Paging File | 76,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,56 Gb Total Space | 93,90 Gb Free Space | 42,00% Space Free | Partition Type: NTFS
 
Computer Name: KICKY-PC | User Name: Kicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.02 14:53:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kicky\Desktop\OTL(1).exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.11 23:47:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.01.28 15:53:54 | 000,453,120 | R--- | M] () -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
PRC - [2009.07.24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 15:42:54 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll
MOD - [2012.06.14 12:27:53 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 12:27:45 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.15 08:39:46 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012.05.15 08:37:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.15 08:37:04 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.15 08:36:59 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.15 08:36:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.15 08:36:54 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.15 08:36:49 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 19:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.15 00:17:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.08.25 13:49:58 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.11.06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.07.22 03:19:24 | 000,263,168 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.07.19 19:08:30 | 001,429,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010.07.19 18:46:54 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010.06.29 16:12:20 | 000,158,720 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.28 15:53:54 | 000,453,120 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe -- (WMCoreService)
SRV - [2010.01.10 13:01:38 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009.07.24 20:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.06.21 11:55:00 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2012.06.21 11:55:00 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012.06.21 11:55:00 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012.06.21 11:55:00 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012.06.21 11:55:00 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 18:16:10 | 012,230,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.05.26 10:55:02 | 000,368,464 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.01 22:18:40 | 000,411,688 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2010.12.01 19:09:30 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.15 08:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.03 10:40:24 | 000,104,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2010.07.22 03:19:24 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.07.14 05:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.02.27 00:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.18 08:56:26 | 000,026,160 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010.01.18 08:56:26 | 000,021,040 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdfltn.sys -- (stdflt)
DRV:64bit: - [2009.12.03 17:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3390966134-1382135305-2836735314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3390966134-1382135305-2836735314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3390966134-1382135305-2836735314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 32 7E CF 19 4A 51 CD 01  [binary data]
IE - HKU\S-1-5-21-3390966134-1382135305-2836735314-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\InprocServer32 File not found
IE - HKU\S-1-5-21-3390966134-1382135305-2836735314-1000\..\SearchScopes,DefaultScope = {0552F62B-0DC6-4AFC-9C33-005511CA711E}
IE - HKU\S-1-5-21-3390966134-1382135305-2836735314-1000\..\SearchScopes\{0552F62B-0DC6-4AFC-9C33-005511CA711E}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-3390966134-1382135305-2836735314-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3390966134-1382135305-2836735314-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php"
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:2.0.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.23 16:36:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\components [2011.07.01 11:57:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\plugins [2012.06.23 18:08:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Kicky\AppData\Roaming\13001.011 [2012.06.25 15:03:48 | 000,000,000 | ---D | M]
 
[2011.02.01 12:24:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kicky\AppData\Roaming\Mozilla\Extensions
[2010.12.11 11:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kicky\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.24 23:07:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kicky\AppData\Roaming\Mozilla\Firefox\Profiles\u80ghfrw.default\extensions
[2011.07.19 14:24:13 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Kicky\AppData\Roaming\Mozilla\Firefox\Profiles\u80ghfrw.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.24 23:07:42 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Kicky\AppData\Roaming\Mozilla\Firefox\Profiles\u80ghfrw.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.06.23 16:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.06.25 15:03:48 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\KICKY\APPDATA\ROAMING\13001.011
[2012.02.15 10:39:30 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\KICKY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U80GHFRW.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.06.15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.15 00:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll File not found
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll File not found
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-3390966134-1382135305-2836735314-1000\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll File not found
O3 - HKU\S-1-5-21-3390966134-1382135305-2836735314-1000\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0CC7E1D-6F22-44C9-8D54-C27011D13830}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\Shell\FDInfo\command - "" = write DOCS\INFO.TXT
O33 - MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\Shell\Installdoc\command - "" = write DOCS\INSTALL3.TXT
O33 - MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\Shell\InstReadme\command - "" = write DOCS\README.TXT
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.02 14:53:46 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Kicky\Desktop\OTL(1).exe
[2012.06.28 12:49:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.28 12:48:03 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Kicky\Desktop\esetsmartinstaller_enu.exe
[2012.06.25 15:03:47 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\13001.011
[2012.06.25 13:38:02 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\Malwarebytes
[2012.06.25 13:37:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.25 13:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.25 13:37:39 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.25 13:37:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.24 23:49:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012.06.24 23:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.06.24 23:09:26 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\QuickScan
[2012.06.24 23:07:53 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\13001.009
[2012.06.23 21:49:11 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\13001.008
[2012.06.23 18:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.06.23 16:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.06.23 16:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.06.23 16:33:30 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\Avira
[2012.06.23 16:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.23 16:28:11 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.06.23 16:28:10 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.06.23 16:28:10 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.06.23 16:28:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.23 16:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.06.23 15:58:01 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12001.023
[2012.06.23 15:23:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kicky\Desktop\HiJackThis204.exe
[2012.06.23 15:17:43 | 000,000,000 | ---D | C] -- C:\79d2d89de1bf34f42e21
[2012.06.23 15:16:21 | 000,000,000 | ---D | C] -- C:\12ae3b4214f3964fe27868
[2012.06.22 09:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2012.06.22 09:18:48 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Local\PC_Drivers_Headquarters
[2012.06.22 09:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
[2012.06.22 09:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Drivers HeadQuarters
[2012.06.21 11:40:47 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12022
[2012.06.15 10:33:00 | 000,000,000 | ---D | C] -- C:\Windows\{8D66B53E-07E4-45E0-B29F-D3285859C9EF}
[2012.06.14 15:25:50 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12016
[2012.06.13 11:29:47 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12015
[2012.06.12 15:17:50 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12014
[2012.06.12 15:17:31 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\xmldm
[2012.06.12 15:17:30 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\kock
[2011.07.01 11:57:06 | 015,141,040 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xul.dll
[2011.07.01 11:57:06 | 000,399,536 | ---- | C] (Mozilla Messaging) -- C:\Program Files (x86)\thunderbird.exe
[2011.07.01 11:57:06 | 000,016,048 | ---- | C] (Mozilla Corporation) -- C:\Program Files (x86)\plugin-container.exe
[2011.07.01 11:57:05 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\D3DCompiler_42.dll
[2011.07.01 11:57:05 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\d3dx9_42.dll
[2011.07.01 11:57:05 | 000,514,224 | ---- | C] (sqlite.org) -- C:\Program Files (x86)\mozsqlite3.dll
[2011.07.01 11:57:05 | 000,469,168 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libGLESv2.dll
[2011.07.01 11:57:05 | 000,268,464 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\freebl3.dll
[2011.07.01 11:57:05 | 000,125,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\crashreporter.exe
[2011.07.01 11:57:05 | 000,092,336 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\libEGL.dll
[2011.07.01 11:57:05 | 000,018,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\AccessibleMarshal.dll
[2011.07.01 11:57:05 | 000,015,024 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozalloc.dll
[2010.12.11 11:56:09 | 000,059,568 | ---- | C] (Mozilla.org) -- C:\Program Files (x86)\mozMapi32_InUse.dll
[2010.12.11 11:56:09 | 000,018,096 | ---- | C] (Mozilla.org) -- C:\Program Files (x86)\MapiProxy_InUse.dll
[2010.12.11 11:56:07 | 000,719,024 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozcpp19.dll
[2010.12.11 11:56:07 | 000,714,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\mozcrt19.dll
[2010.12.11 11:56:07 | 000,645,296 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nss3.dll
[2010.12.11 11:56:07 | 000,342,192 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssckbi.dll
[2010.12.11 11:56:07 | 000,174,256 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nspr4.dll
[2010.12.11 11:56:07 | 000,166,064 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\softokn3.dll
[2010.12.11 11:56:07 | 000,141,488 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\ssl3.dll
[2010.12.11 11:56:07 | 000,104,624 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\smime3.dll
[2010.12.11 11:56:07 | 000,104,624 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssdbm3.dll
[2010.12.11 11:56:07 | 000,088,240 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\nssutil3.dll
[2010.12.11 11:56:07 | 000,059,568 | ---- | C] (Mozilla.org) -- C:\Program Files (x86)\mozMapi32.dll
[2010.12.11 11:56:07 | 000,021,168 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plc4.dll
[2010.12.11 11:56:07 | 000,018,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\xpcom.dll
[2010.12.11 11:56:07 | 000,018,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\WSEnable.exe
[2010.12.11 11:56:07 | 000,018,096 | ---- | C] (Mozilla.org) -- C:\Program Files (x86)\MapiProxy.dll
[2010.12.11 11:56:07 | 000,018,096 | ---- | C] (Mozilla Foundation) -- C:\Program Files (x86)\plds4.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Kicky\AppData\Roaming\*.tmp files -> C:\Users\Kicky\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.02 14:53:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Kicky\Desktop\OTL(1).exe
[2012.07.02 14:50:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.28 17:45:44 | 001,505,390 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.28 17:45:44 | 000,656,528 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.28 17:45:44 | 000,618,370 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.28 17:45:44 | 000,131,268 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.28 17:45:44 | 000,107,650 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.28 12:54:30 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 12:54:30 | 000,016,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.28 12:54:23 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Kicky\Desktop\esetsmartinstaller_enu.exe
[2012.06.28 12:45:17 | 3062,247,424 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.25 17:11:01 | 000,000,020 | ---- | M] () -- C:\Users\Kicky\defogger_reenable
[2012.06.25 17:09:19 | 000,050,477 | ---- | M] () -- C:\Users\Kicky\Desktop\Defogger.exe
[2012.06.25 15:03:43 | 000,000,032 | ---- | M] () -- C:\Users\Kicky\AppData\Roaming\blckdom.res
[2012.06.24 23:49:26 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.06.24 23:49:07 | 001,527,912 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.23 15:45:46 | 000,010,337 | ---- | M] () -- C:\Users\Kicky\Desktop\bookmarks-2012-06-23.json
[2012.06.23 15:23:02 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kicky\Desktop\HiJackThis204.exe
[2012.06.23 15:10:34 | 002,077,422 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012.06.22 09:18:01 | 000,002,455 | ---- | M] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2012.06.22 09:09:52 | 000,376,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.21 15:19:54 | 000,000,013 | ---- | M] () -- C:\Users\Kicky\AppData\Roaming\urhtps.dat
[2012.06.21 12:00:30 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Kicky\AppData\Roaming\*.tmp files -> C:\Users\Kicky\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.25 17:11:01 | 000,000,020 | ---- | C] () -- C:\Users\Kicky\defogger_reenable
[2012.06.25 17:09:18 | 000,050,477 | ---- | C] () -- C:\Users\Kicky\Desktop\Defogger.exe
[2012.06.24 23:49:26 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.06.24 23:49:15 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.06.24 23:49:07 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.23 18:08:46 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.06.23 16:36:34 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.23 15:45:46 | 000,010,337 | ---- | C] () -- C:\Users\Kicky\Desktop\bookmarks-2012-06-23.json
[2012.06.22 10:25:58 | 000,000,032 | ---- | C] () -- C:\Users\Kicky\AppData\Roaming\blckdom.res
[2012.06.22 09:18:01 | 000,002,455 | ---- | C] () -- C:\Users\Public\Desktop\Driver Detective.lnk
[2012.06.21 15:19:54 | 000,000,013 | ---- | C] () -- C:\Users\Kicky\AppData\Roaming\urhtps.dat
[2012.03.06 19:21:36 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll
[2011.08.09 18:22:10 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.08.09 18:22:09 | 013,906,944 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.08.09 18:22:09 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011.08.09 18:22:09 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.07.01 11:57:06 | 000,017,900 | ---- | C] () -- C:\Program Files (x86)\removed-files
[2011.07.01 11:57:06 | 000,001,664 | ---- | C] () -- C:\Program Files (x86)\precomplete
[2011.07.01 11:57:05 | 005,859,911 | ---- | C] () -- C:\Program Files (x86)\omni.jar
[2011.07.01 11:57:05 | 000,004,276 | ---- | C] () -- C:\Program Files (x86)\crashreporter.ini
[2011.07.01 11:57:05 | 000,003,518 | ---- | C] () -- C:\Program Files (x86)\blocklist.xml
[2011.07.01 11:57:05 | 000,002,056 | ---- | C] () -- C:\Program Files (x86)\application.ini
[2011.07.01 11:57:05 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\freebl3.chk
[2011.06.27 18:22:43 | 000,000,025 | ---- | C] () -- C:\Windows\CDED68PE.ini
[2010.12.11 11:56:09 | 000,000,709 | ---- | C] () -- C:\Program Files (x86)\updater.ini
[2010.12.11 11:56:09 | 000,000,003 | ---- | C] () -- C:\Program Files (x86)\update.locale
[2010.12.11 11:56:07 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\softokn3.chk
[2010.12.11 11:56:07 | 000,000,478 | ---- | C] () -- C:\Program Files (x86)\nssdbm3.chk
[2010.12.11 11:56:07 | 000,000,139 | ---- | C] () -- C:\Program Files (x86)\platform.ini
[2010.12.11 11:35:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.01 20:15:15 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.01 19:15:17 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0828.old
[2010.12.01 19:15:17 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.11.29 23:42:52 | 000,001,734 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
========== LOP Check ==========
 
[2012.06.23 15:58:02 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12001.023
[2012.06.12 15:17:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12014
[2012.06.13 11:29:47 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12015
[2012.06.14 15:25:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12016
[2012.06.21 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12022
[2012.06.23 21:49:13 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\13001.008
[2012.06.24 23:07:53 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\13001.009
[2012.06.25 15:03:48 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\13001.011
[2011.12.22 10:29:28 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Canneverbe Limited
[2012.03.08 17:45:09 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\DAEMON Tools Lite
[2011.09.13 14:55:14 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\DVDVideoSoft
[2011.07.19 14:24:13 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.03 14:53:22 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\EndNote
[2011.02.02 13:09:05 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\GHISLER
[2011.03.29 19:38:34 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\gnupg
[2012.06.12 15:17:30 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\kock
[2011.02.02 11:29:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Local
[2011.12.22 10:27:52 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\OpenCandy
[2010.11.29 23:23:09 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Opera
[2011.04.02 13:39:49 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\PlayFirst
[2012.06.24 23:09:30 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\QuickScan
[2010.12.11 11:56:31 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Thunderbird
[2010.11.29 23:48:04 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\WirelessManager
[2012.06.21 15:20:33 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\xmldm
[2012.03.11 21:32:18 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.06.23 15:58:02 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12001.023
[2012.06.12 15:17:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12014
[2012.06.13 11:29:47 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12015
[2012.06.14 15:25:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12016
[2012.06.21 11:40:47 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\12022
[2012.06.23 21:49:13 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\13001.008
[2012.06.24 23:07:53 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\13001.009
[2012.06.25 15:03:48 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\13001.011
[2010.12.12 12:18:44 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Adobe
[2012.06.23 16:33:30 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Avira
[2011.12.22 10:29:28 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Canneverbe Limited
[2011.08.09 11:37:25 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Corel
[2012.03.08 17:45:09 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\DAEMON Tools Lite
[2010.11.29 23:44:48 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Dell
[2012.05.28 21:15:21 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\dvdcss
[2011.09.13 14:55:14 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\DVDVideoSoft
[2011.07.19 14:24:13 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.03 14:53:22 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\EndNote
[2011.02.02 13:09:05 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\GHISLER
[2011.03.29 19:38:34 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\gnupg
[2010.11.29 21:29:03 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Identities
[2010.11.29 22:36:28 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\InstallShield
[2010.11.29 21:59:41 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Intel
[2010.11.30 00:04:46 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Intel Corporation
[2012.06.12 15:17:30 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\kock
[2011.02.02 11:29:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Local
[2010.12.01 20:41:33 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Macromedia
[2012.06.25 13:38:02 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:34 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Media Center Programs
[2011.11.18 12:02:31 | 000,000,000 | --SD | M] -- C:\Users\Kicky\AppData\Roaming\Microsoft
[2011.02.01 12:23:53 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Mozilla
[2011.12.22 10:27:52 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\OpenCandy
[2010.11.29 23:23:09 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Opera
[2011.04.02 13:39:49 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\PlayFirst
[2012.06.24 23:09:30 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\QuickScan
[2012.06.25 08:58:27 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Skype
[2011.01.11 20:43:45 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\skypePM
[2010.12.11 11:56:31 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Thunderbird
[2011.07.12 20:36:42 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\vlc
[2011.07.19 19:24:50 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\Winamp
[2010.11.29 23:48:04 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\WirelessManager
[2012.06.21 15:20:33 | 000,000,000 | ---D | M] -- C:\Users\Kicky\AppData\Roaming\xmldm
 
< %APPDATA%\*.exe /s >
[2011.12.13 02:33:00 | 036,965,680 | ---- | M] (Microsoft Corporation) -- C:\Users\Kicky\AppData\Roaming\OpenCandy\15BBAA40BD5E421DA87173AF69D7646F\IE9-Windows7-x64-deu.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C31F31E6

< End of report >

cosinus 02.07.2012 14:23
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O4:64bit: - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\Shell\FDInfo\command - "" = write DOCS\INFO.TXT
O33 - MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\Shell\Installdoc\command - "" = write DOCS\INSTALL3.TXT
O33 - MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\Shell\InstReadme\command - "" = write DOCS\README.TXT
[2012.06.25 15:03:47 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\13001.011
[2012.06.24 23:07:53 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\13001.009
[2012.06.23 21:49:11 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\13001.008
[2012.06.23 15:58:01 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12001.023
[2012.06.23 15:23:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Kicky\Desktop\HiJackThis204.exe
[2012.06.23 15:17:43 | 000,000,000 | ---D | C] -- C:\79d2d89de1bf34f42e21
[2012.06.23 15:16:21 | 000,000,000 | ---D | C] -- C:\12ae3b4214f3964fe27868
[2012.06.21 11:40:47 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12022
[2012.06.15 10:33:00 | 000,000,000 | ---D | C] -- C:\Windows\{8D66B53E-07E4-45E0-B29F-D3285859C9EF}
[2012.06.14 15:25:50 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12016
[2012.06.13 11:29:47 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12015
[2012.06.12 15:17:50 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\12014
[2012.06.12 15:17:31 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\xmldm
[2012.06.12 15:17:30 | 000,000,000 | ---D | C] -- C:\Users\Kicky\AppData\Roaming\kock
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:C31F31E6
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Kickme 02.07.2012 14:55
ich weiß ich soll nichts ohne anweisung löschen, aber avira hat eigenleben entwickelt und ließ sich nicht deaktivieren. hab es deinstalliert bevor ich OTL erneut gestartet habe.

Code:
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCTools FGuard deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
C:\Program Files (x86)\Winamp\winampa.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\ not found.
File write DOCS\INFO.TXT not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\ not found.
File write DOCS\INSTALL3.TXT not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e493eb2f-fbaf-11df-bfee-806e6f6e6963}\ not found.
File write DOCS\README.TXT not found.
C:\Users\Kicky\AppData\Roaming\13001.011\components folder moved successfully.
C:\Users\Kicky\AppData\Roaming\13001.011 folder moved successfully.
C:\Users\Kicky\AppData\Roaming\13001.009\components folder moved successfully.
C:\Users\Kicky\AppData\Roaming\13001.009 folder moved successfully.
C:\Users\Kicky\AppData\Roaming\13001.008\components folder moved successfully.
C:\Users\Kicky\AppData\Roaming\13001.008 folder moved successfully.
C:\Users\Kicky\AppData\Roaming\12001.023\components folder moved successfully.
C:\Users\Kicky\AppData\Roaming\12001.023 folder moved successfully.
C:\Users\Kicky\Desktop\HiJackThis204.exe moved successfully.
C:\79d2d89de1bf34f42e21 folder moved successfully.
C:\12ae3b4214f3964fe27868 folder moved successfully.
C:\Users\Kicky\AppData\Roaming\12022\components folder moved successfully.
C:\Users\Kicky\AppData\Roaming\12022 folder moved successfully.
C:\Windows\{8D66B53E-07E4-45E0-B29F-D3285859C9EF} folder moved successfully.
C:\Users\Kicky\AppData\Roaming\12016\components folder moved successfully.
C:\Users\Kicky\AppData\Roaming\12016 folder moved successfully.
C:\Users\Kicky\AppData\Roaming\12015\components folder moved successfully.
C:\Users\Kicky\AppData\Roaming\12015 folder moved successfully.
C:\Users\Kicky\AppData\Roaming\12014\components folder moved successfully.
C:\Users\Kicky\AppData\Roaming\12014 folder moved successfully.
C:\Users\Kicky\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Kicky\AppData\Roaming\kock folder moved successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:C31F31E6 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Kicky
->Temp folder emptied: 382873029 bytes
->Temporary Internet Files folder emptied: 59314232 bytes
->Java cache emptied: 1640925 bytes
->FireFox cache emptied: 680253155 bytes
->Flash cache emptied: 160448 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1533399 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1350892515 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85230 bytes
RecycleBin emptied: 59398824 bytes
 
Total Files Cleaned = 2.419,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Kicky
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07022012_154447

Files\Folders moved on Reboot...
C:\Users\Kicky\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Kicky\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

cosinus 02.07.2012 16:20
Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Kickme 02.07.2012 17:27
Hm, habe jetzt deine Angaben befolgt und die Zip-Datei hochgeladen. Müsste ich dann eine Benachrichtigung bekommen oder ist das jetzt einfach so drin, da ich wieder am Ausgangspunkt des Uploaders bin.

cosinus 03.07.2012 11:16
Ich seh die Datei dadrin leider nicht.
Wie groß ist deine ZIP?

Kickme 03.07.2012 12:01
die ist 14.414 kb groß

habs nochmal probiert. hats diesmal geklappt?

cosinus 03.07.2012 14:30
14 MB ist zuviel. Lad diese ZIP bitte hier hoch => File-Upload.net - Ihr kostenloser File Hoster!
und verlink die Datei hier

Kickme 03.07.2012 14:40
hxxp://www.file-upload.net/download-4505136/MovedFiles.zip.html

cosinus 03.07.2012 15:37
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Kickme 03.07.2012 18:24
Hier der Log:

Code:
17:28:00.0066 3796        TDSS rootkit removing tool 2.7.44.0 Jul  2 2012 20:01:08
17:28:00.0581 3796        ============================================================
17:28:00.0581 3796        Current date / time: 2012/07/03 17:28:00.0581
17:28:00.0581 3796        SystemInfo:
17:28:00.0581 3796       
17:28:00.0581 3796        OS Version: 6.1.7601 ServicePack: 1.0
17:28:00.0581 3796        Product type: Workstation
17:28:00.0581 3796        ComputerName: KICKY-PC
17:28:00.0581 3796        UserName: Kicky
17:28:00.0581 3796        Windows directory: C:\Windows
17:28:00.0581 3796        System windows directory: C:\Windows
17:28:00.0581 3796        Running under WOW64
17:28:00.0581 3796        Processor architecture: Intel x64
17:28:00.0581 3796        Number of processors: 4
17:28:00.0581 3796        Page size: 0x1000
17:28:00.0581 3796        Boot type: Normal boot
17:28:00.0581 3796        ============================================================
17:28:01.0330 3796        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:28:01.0408 3796        ============================================================
17:28:01.0408 3796        \Device\Harddisk0\DR0:
17:28:01.0408 3796        MBR partitions:
17:28:01.0408 3796        \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x14000, BlocksNum 0x94FB0B0
17:28:01.0408 3796        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x950F800, BlocksNum 0x1BF1E800
17:28:01.0408 3796        ============================================================
17:28:01.0454 3796        C: <-> \Device\Harddisk0\DR0\Partition1
17:28:01.0454 3796        ============================================================
17:28:01.0454 3796        Initialize success
17:28:01.0454 3796        ============================================================
17:28:26.0711 3296        ============================================================
17:28:26.0711 3296        Scan started
17:28:26.0711 3296        Mode: Manual; SigCheck; TDLFS;
17:28:26.0711 3296        ============================================================
17:28:27.0038 3296        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:28:27.0194 3296        1394ohci - ok
17:28:27.0226 3296        Acceler        (627371b2d48f64cecc4d019114fb140d) C:\Windows\system32\DRIVERS\Accelern.sys
17:28:27.0241 3296        Acceler - ok
17:28:27.0288 3296        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:28:27.0319 3296        ACPI - ok
17:28:27.0350 3296        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:28:27.0460 3296        AcpiPmi - ok
17:28:27.0600 3296        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:28:27.0616 3296        AdobeARMservice - ok
17:28:27.0678 3296        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:28:27.0756 3296        adp94xx - ok
17:28:27.0803 3296        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:28:27.0850 3296        adpahci - ok
17:28:27.0881 3296        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:28:27.0912 3296        adpu320 - ok
17:28:27.0943 3296        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:28:28.0084 3296        AeLookupSvc - ok
17:28:28.0130 3296        AESTFilters    (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
17:28:28.0177 3296        AESTFilters - ok
17:28:28.0255 3296        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:28:28.0349 3296        AFD - ok
17:28:28.0411 3296        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:28:28.0427 3296        agp440 - ok
17:28:28.0458 3296        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:28:28.0505 3296        ALG - ok
17:28:28.0536 3296        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:28:28.0552 3296        aliide - ok
17:28:28.0567 3296        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:28:28.0583 3296        amdide - ok
17:28:28.0598 3296        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:28:28.0676 3296        AmdK8 - ok
17:28:28.0692 3296        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:28:28.0754 3296        AmdPPM - ok
17:28:28.0770 3296        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
17:28:28.0786 3296        amdsata - ok
17:28:28.0817 3296        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:28:28.0848 3296        amdsbs - ok
17:28:28.0864 3296        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
17:28:28.0879 3296        amdxata - ok
17:28:28.0957 3296        ApfiltrService  (6d4cb1f46a0ac05326f834fd6b822479) C:\Windows\system32\DRIVERS\Apfiltr.sys
17:28:28.0988 3296        ApfiltrService - ok
17:28:29.0051 3296        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:28:29.0207 3296        AppID - ok
17:28:29.0238 3296        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:28:29.0285 3296        AppIDSvc - ok
17:28:29.0332 3296        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:28:29.0410 3296        Appinfo - ok
17:28:29.0456 3296        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:28:29.0503 3296        AppMgmt - ok
17:28:29.0550 3296        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:28:29.0566 3296        arc - ok
17:28:29.0597 3296        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:28:29.0612 3296        arcsas - ok
17:28:29.0659 3296        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:28:29.0737 3296        AsyncMac - ok
17:28:29.0784 3296        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:28:29.0784 3296        atapi - ok
17:28:29.0846 3296        ATSwpWDF        (ea512f43f4a28d18b52cafe8c93984fb) C:\Windows\system32\Drivers\ATSwpWDF.sys
17:28:29.0878 3296        ATSwpWDF - ok
17:28:29.0971 3296        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:28:30.0065 3296        AudioEndpointBuilder - ok
17:28:30.0080 3296        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:28:30.0112 3296        AudioSrv - ok
17:28:30.0174 3296        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:28:30.0268 3296        AxInstSV - ok
17:28:30.0346 3296        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:28:30.0408 3296        b06bdrv - ok
17:28:30.0502 3296        b57nd60a        (bfd70bea3f8398f6b8b44e5cded3249c) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:28:30.0533 3296        b57nd60a - ok
17:28:30.0564 3296        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:28:30.0626 3296        BDESVC - ok
17:28:30.0658 3296        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:28:30.0736 3296        Beep - ok
17:28:30.0829 3296        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
17:28:30.0907 3296        BFE - ok
17:28:31.0001 3296        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
17:28:31.0094 3296        BITS - ok
17:28:31.0141 3296        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:28:31.0172 3296        blbdrive - ok
17:28:31.0219 3296        Blfp            (228086f7ed08e8f1f8622e8f0ded7b6e) C:\Windows\system32\DRIVERS\basp.sys
17:28:31.0250 3296        Blfp - ok
17:28:31.0313 3296        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:28:31.0344 3296        bowser - ok
17:28:31.0453 3296        BrcmMgmtAgent  (96afb6d33247fe90421a5b2e76f4ed59) C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
17:28:31.0469 3296        BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - warning
17:28:31.0469 3296        BrcmMgmtAgent - detected UnsignedFile.Multi.Generic (1)
17:28:31.0500 3296        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:28:31.0594 3296        BrFiltLo - ok
17:28:31.0594 3296        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:28:31.0625 3296        BrFiltUp - ok
17:28:31.0672 3296        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:28:31.0765 3296        Browser - ok
17:28:31.0796 3296        Browser Defender Update Service - ok
17:28:31.0828 3296        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:28:31.0874 3296        Brserid - ok
17:28:31.0890 3296        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:28:31.0921 3296        BrSerWdm - ok
17:28:31.0937 3296        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:28:31.0968 3296        BrUsbMdm - ok
17:28:31.0984 3296        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:28:32.0015 3296        BrUsbSer - ok
17:28:32.0062 3296        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
17:28:32.0108 3296        BthEnum - ok
17:28:32.0140 3296        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:28:32.0171 3296        BTHMODEM - ok
17:28:32.0202 3296        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
17:28:32.0233 3296        BthPan - ok
17:28:32.0296 3296        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
17:28:32.0358 3296        BTHPORT - ok
17:28:32.0405 3296        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:28:32.0483 3296        bthserv - ok
17:28:32.0514 3296        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
17:28:32.0545 3296        BTHUSB - ok
17:28:32.0608 3296        BTWAMPFL        (a0dfb69ade3444c78b17636fcf28e898) C:\Windows\system32\DRIVERS\btwampfl.sys
17:28:32.0654 3296        BTWAMPFL - ok
17:28:32.0701 3296        btwaudio        (7cf028ce78696882b327ff13d2dfa534) C:\Windows\system32\drivers\btwaudio.sys
17:28:32.0717 3296        btwaudio - ok
17:28:32.0764 3296        btwavdt        (3def2370e414b4e299673558ba171a51) C:\Windows\system32\DRIVERS\btwavdt.sys
17:28:32.0779 3296        btwavdt - ok
17:28:32.0935 3296        btwdins        (ade88dfc9049b2842e7ec2f14b85fb79) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
17:28:32.0982 3296        btwdins - ok
17:28:32.0998 3296        btwl2cap        (346b4051b3d7ff70e8f027869b8eca6e) C:\Windows\system32\DRIVERS\btwl2cap.sys
17:28:33.0013 3296        btwl2cap - ok
17:28:33.0044 3296        btwrchid        (9937e0e4dfc0030560a6dfe9d3a94b39) C:\Windows\system32\DRIVERS\btwrchid.sys
17:28:33.0060 3296        btwrchid - ok
17:28:33.0091 3296        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:28:33.0138 3296        cdfs - ok
17:28:33.0200 3296        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:28:33.0247 3296        cdrom - ok
17:28:33.0310 3296        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:28:33.0388 3296        CertPropSvc - ok
17:28:33.0419 3296        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:28:33.0466 3296        circlass - ok
17:28:33.0528 3296        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:28:33.0575 3296        CLFS - ok
17:28:33.0622 3296        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:28:33.0637 3296        clr_optimization_v2.0.50727_32 - ok
17:28:33.0700 3296        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:28:33.0715 3296        clr_optimization_v2.0.50727_64 - ok
17:28:33.0793 3296        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:28:33.0809 3296        clr_optimization_v4.0.30319_32 - ok
17:28:33.0840 3296        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:28:33.0856 3296        clr_optimization_v4.0.30319_64 - ok
17:28:33.0887 3296        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:28:33.0902 3296        CmBatt - ok
17:28:33.0949 3296        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:28:33.0965 3296        cmdide - ok
17:28:34.0058 3296        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
17:28:34.0105 3296        CNG - ok
17:28:34.0121 3296        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:28:34.0136 3296        Compbatt - ok
17:28:34.0152 3296        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:28:34.0183 3296        CompositeBus - ok
17:28:34.0199 3296        COMSysApp - ok
17:28:34.0214 3296        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:28:34.0214 3296        crcdisk - ok
17:28:34.0277 3296        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
17:28:34.0324 3296        CryptSvc - ok
17:28:34.0386 3296        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:28:34.0464 3296        CSC - ok
17:28:34.0542 3296        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:28:34.0604 3296        CscService - ok
17:28:34.0651 3296        CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
17:28:34.0667 3296        CVirtA - ok
17:28:34.0807 3296        CVPND          (66257cb4e4fb69887cddc71663741435) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
17:28:35.0088 3296        CVPND - ok
17:28:35.0197 3296        CVPNDRVA        (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
17:28:35.0260 3296        CVPNDRVA - ok
17:28:35.0338 3296        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:28:35.0416 3296        DcomLaunch - ok
17:28:35.0462 3296        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:28:35.0540 3296        defragsvc - ok
17:28:35.0806 3296        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:28:35.0868 3296        DfsC - ok
17:28:35.0915 3296        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:28:36.0008 3296        Dhcp - ok
17:28:36.0024 3296        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:28:36.0071 3296        discache - ok
17:28:36.0102 3296        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:28:36.0133 3296        Disk - ok
17:28:36.0211 3296        DNE            (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
17:28:36.0227 3296        DNE - ok
17:28:36.0289 3296        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:28:36.0336 3296        Dnscache - ok
17:28:36.0398 3296        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:28:36.0476 3296        dot3svc - ok
17:28:36.0492 3296        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:28:36.0539 3296        DPS - ok
17:28:36.0570 3296        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:28:36.0601 3296        drmkaud - ok
17:28:36.0695 3296        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:28:36.0757 3296        DXGKrnl - ok
17:28:36.0788 3296        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:28:36.0851 3296        EapHost - ok
17:28:37.0069 3296        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:28:37.0178 3296        ebdrv - ok
17:28:37.0303 3296        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:28:37.0334 3296        EFS - ok
17:28:37.0397 3296        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:28:37.0444 3296        ehRecvr - ok
17:28:37.0475 3296        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:28:37.0522 3296        ehSched - ok
17:28:37.0600 3296        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:28:37.0646 3296        elxstor - ok
17:28:37.0693 3296        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:28:37.0724 3296        ErrDev - ok
17:28:37.0771 3296        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:28:37.0834 3296        EventSystem - ok
17:28:37.0990 3296        EvtEng          (bdfcb7e8c108d042b213957d2b044e7e) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
17:28:38.0021 3296        EvtEng - ok
17:28:38.0130 3296        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:28:38.0192 3296        exfat - ok
17:28:38.0224 3296        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:28:38.0270 3296        fastfat - ok
17:28:38.0380 3296        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:28:38.0442 3296        Fax - ok
17:28:38.0458 3296        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:28:38.0473 3296        fdc - ok
17:28:38.0504 3296        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:28:38.0567 3296        fdPHost - ok
17:28:38.0582 3296        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:28:38.0629 3296        FDResPub - ok
17:28:38.0645 3296        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:28:38.0660 3296        FileInfo - ok
17:28:38.0676 3296        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:28:38.0707 3296        Filetrace - ok
17:28:38.0723 3296        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:28:38.0738 3296        flpydisk - ok
17:28:38.0801 3296        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:28:38.0832 3296        FltMgr - ok
17:28:38.0941 3296        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
17:28:39.0004 3296        FontCache - ok
17:28:39.0082 3296        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:28:39.0097 3296        FontCache3.0.0.0 - ok
17:28:39.0128 3296        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:28:39.0160 3296        FsDepends - ok
17:28:39.0206 3296        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:28:39.0222 3296        Fs_Rec - ok
17:28:39.0253 3296        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:28:39.0300 3296        fvevol - ok
17:28:39.0316 3296        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:28:39.0331 3296        gagp30kx - ok
17:28:39.0409 3296        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:28:39.0503 3296        gpsvc - ok
17:28:39.0503 3296        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:28:39.0581 3296        hcw85cir - ok
17:28:39.0643 3296        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
17:28:39.0690 3296        HdAudAddService - ok
17:28:39.0721 3296        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:28:39.0737 3296        HDAudBus - ok
17:28:39.0752 3296        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:28:39.0784 3296        HidBatt - ok
17:28:39.0799 3296        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:28:39.0815 3296        HidBth - ok
17:28:39.0846 3296        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:28:39.0877 3296        HidIr - ok
17:28:39.0908 3296        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:28:39.0971 3296        hidserv - ok
17:28:40.0002 3296        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
17:28:40.0018 3296        HidUsb - ok
17:28:40.0064 3296        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:28:40.0142 3296        hkmsvc - ok
17:28:40.0205 3296        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:28:40.0267 3296        HomeGroupListener - ok
17:28:40.0314 3296        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:28:40.0392 3296        HomeGroupProvider - ok
17:28:40.0423 3296        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:28:40.0439 3296        HpSAMD - ok
17:28:40.0517 3296        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:28:40.0579 3296        HTTP - ok
17:28:40.0626 3296        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:28:40.0626 3296        hwpolicy - ok
17:28:40.0766 3296        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
17:28:40.0782 3296        i8042prt - ok
17:28:41.0094 3296        iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
17:28:41.0110 3296        iaStor - ok
17:28:41.0219 3296        IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
17:28:41.0219 3296        IAStorDataMgrSvc - ok
17:28:41.0312 3296        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
17:28:41.0328 3296        iaStorV - ok
17:28:41.0437 3296        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:28:41.0468 3296        idsvc - ok
17:28:42.0170 3296        igfx            (9937600a1584ff00565d5379eb4c9edb) C:\Windows\system32\DRIVERS\igdkmd64.sys
17:28:42.0514 3296        igfx - ok
17:28:42.0623 3296        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:28:42.0654 3296        iirsp - ok
17:28:42.0732 3296        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:28:42.0826 3296        IKEEXT - ok
17:28:42.0872 3296        Impcd          (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
17:28:42.0919 3296        Impcd - ok
17:28:42.0982 3296        InstallFilterService (a4a87c2f228dd2ac93dae94e103792d3) C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
17:28:43.0013 3296        InstallFilterService ( UnsignedFile.Multi.Generic ) - warning
17:28:43.0013 3296        InstallFilterService - detected UnsignedFile.Multi.Generic (1)
17:28:43.0060 3296        IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
17:28:43.0122 3296        IntcDAud - ok
17:28:43.0169 3296        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:28:43.0184 3296        intelide - ok
17:28:43.0216 3296        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:28:43.0247 3296        intelppm - ok
17:28:43.0278 3296        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:28:43.0325 3296        IPBusEnum - ok
17:28:43.0372 3296        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:28:43.0418 3296        IpFilterDriver - ok
17:28:43.0496 3296        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
17:28:43.0574 3296        iphlpsvc - ok
17:28:43.0652 3296        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:28:43.0668 3296        IPMIDRV - ok
17:28:43.0730 3296        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:28:43.0793 3296        IPNAT - ok
17:28:43.0824 3296        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:28:43.0902 3296        IRENUM - ok
17:28:43.0918 3296        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:28:43.0933 3296        isapnp - ok
17:28:43.0949 3296        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:28:43.0980 3296        iScsiPrt - ok
17:28:44.0011 3296        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:28:44.0011 3296        kbdclass - ok
17:28:44.0042 3296        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:28:44.0074 3296        kbdhid - ok
17:28:44.0152 3296        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:28:44.0167 3296        KeyIso - ok
17:28:44.0183 3296        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
17:28:44.0214 3296        KSecDD - ok
17:28:44.0230 3296        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
17:28:44.0245 3296        KSecPkg - ok
17:28:44.0261 3296        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:28:44.0308 3296        ksthunk - ok
17:28:44.0354 3296        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:28:44.0432 3296        KtmRm - ok
17:28:44.0479 3296        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:28:44.0542 3296        LanmanServer - ok
17:28:44.0588 3296        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:28:44.0666 3296        LanmanWorkstation - ok
17:28:44.0713 3296        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:28:44.0776 3296        lltdio - ok
17:28:44.0822 3296        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:28:44.0916 3296        lltdsvc - ok
17:28:44.0947 3296        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:28:44.0978 3296        lmhosts - ok
17:28:45.0010 3296        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:28:45.0025 3296        LSI_FC - ok
17:28:45.0041 3296        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:28:45.0041 3296        LSI_SAS - ok
17:28:45.0072 3296        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:28:45.0088 3296        LSI_SAS2 - ok
17:28:45.0103 3296        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:28:45.0119 3296        LSI_SCSI - ok
17:28:45.0134 3296        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:28:45.0212 3296        luafv - ok
17:28:45.0275 3296        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
17:28:45.0337 3296        MBAMProtector - ok
17:28:45.0462 3296        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:28:45.0509 3296        MBAMService - ok
17:28:45.0556 3296        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:28:45.0602 3296        Mcx2Svc - ok
17:28:45.0618 3296        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:28:45.0634 3296        megasas - ok
17:28:45.0665 3296        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:28:45.0696 3296        MegaSR - ok
17:28:45.0727 3296        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:28:45.0790 3296        MMCSS - ok
17:28:45.0821 3296        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:28:45.0852 3296        Modem - ok
17:28:45.0883 3296        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:28:45.0899 3296        monitor - ok
17:28:45.0961 3296        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
17:28:45.0977 3296        mouclass - ok
17:28:46.0008 3296        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:28:46.0024 3296        mouhid - ok
17:28:46.0070 3296        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:28:46.0086 3296        mountmgr - ok
17:28:46.0180 3296        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:28:46.0195 3296        MozillaMaintenance - ok
17:28:46.0242 3296        MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
17:28:46.0273 3296        MpFilter - ok
17:28:46.0304 3296        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:28:46.0336 3296        mpio - ok
17:28:46.0351 3296        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:28:46.0382 3296        mpsdrv - ok
17:28:46.0460 3296        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
17:28:46.0554 3296        MpsSvc - ok
17:28:46.0616 3296        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:28:46.0648 3296        MRxDAV - ok
17:28:46.0694 3296        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:28:46.0741 3296        mrxsmb - ok
17:28:46.0804 3296        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:28:46.0850 3296        mrxsmb10 - ok
17:28:46.0866 3296        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:28:46.0882 3296        mrxsmb20 - ok
17:28:46.0928 3296        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:28:46.0944 3296        msahci - ok
17:28:46.0975 3296        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:28:46.0991 3296        msdsm - ok
17:28:47.0022 3296        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:28:47.0038 3296        MSDTC - ok
17:28:47.0084 3296        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:28:47.0131 3296        Msfs - ok
17:28:47.0147 3296        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:28:47.0178 3296        mshidkmdf - ok
17:28:47.0178 3296        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:28:47.0194 3296        msisadrv - ok
17:28:47.0240 3296        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:28:47.0287 3296        MSiSCSI - ok
17:28:47.0287 3296        msiserver - ok
17:28:47.0318 3296        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:28:47.0365 3296        MSKSSRV - ok
17:28:47.0459 3296        MsMpSvc        (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:28:47.0474 3296        MsMpSvc - ok
17:28:47.0490 3296        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:28:47.0552 3296        MSPCLOCK - ok
17:28:47.0584 3296        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:28:47.0615 3296        MSPQM - ok
17:28:47.0677 3296        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:28:47.0708 3296        MsRPC - ok
17:28:47.0771 3296        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:28:47.0786 3296        mssmbios - ok
17:28:47.0802 3296        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:28:47.0849 3296        MSTEE - ok
17:28:47.0864 3296        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:28:47.0880 3296        MTConfig - ok
17:28:47.0896 3296        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:28:47.0911 3296        Mup - ok
17:28:47.0974 3296        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:28:48.0052 3296        napagent - ok
17:28:48.0083 3296        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:28:48.0145 3296        NativeWifiP - ok
17:28:48.0223 3296        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:28:48.0286 3296        NDIS - ok
17:28:48.0301 3296        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:28:48.0332 3296        NdisCap - ok
17:28:48.0348 3296        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:28:48.0395 3296        NdisTapi - ok
17:28:48.0426 3296        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:28:48.0473 3296        Ndisuio - ok
17:28:48.0520 3296        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:28:48.0582 3296        NdisWan - ok
17:28:48.0629 3296        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:28:48.0707 3296        NDProxy - ok
17:28:48.0722 3296        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:28:48.0785 3296        NetBIOS - ok
17:28:48.0847 3296        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:28:48.0925 3296        NetBT - ok
17:28:48.0956 3296        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:28:48.0988 3296        Netlogon - ok
17:28:49.0019 3296        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:28:49.0097 3296        Netman - ok
17:28:49.0144 3296        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:28:49.0222 3296        netprofm - ok
17:28:49.0300 3296        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:28:49.0315 3296        NetTcpPortSharing - ok
17:28:49.0768 3296        NETwNs64        (eb43840babf5589e33186d094de7381d) C:\Windows\system32\DRIVERS\NETwNs64.sys
17:28:49.0986 3296        NETwNs64 - ok
17:28:50.0095 3296        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:28:50.0111 3296        nfrd960 - ok
17:28:50.0189 3296        NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:28:50.0204 3296        NisDrv - ok
17:28:50.0298 3296        NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
17:28:50.0345 3296        NisSrv - ok
17:28:50.0407 3296        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:28:50.0470 3296        NlaSvc - ok
17:28:50.0501 3296        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:28:50.0532 3296        Npfs - ok
17:28:50.0563 3296        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:28:50.0594 3296        nsi - ok
17:28:50.0610 3296        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:28:50.0657 3296        nsiproxy - ok
17:28:50.0782 3296        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
17:28:50.0875 3296        Ntfs - ok
17:28:50.0984 3296        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:28:51.0047 3296        Null - ok
17:28:51.0125 3296        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
17:28:51.0140 3296        nvraid - ok
17:28:51.0172 3296        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
17:28:51.0187 3296        nvstor - ok
17:28:51.0203 3296        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:28:51.0234 3296        nv_agp - ok
17:28:51.0250 3296        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:28:51.0281 3296        ohci1394 - ok
17:28:51.0359 3296        ose            (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:28:51.0374 3296        ose - ok
17:28:51.0421 3296        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:28:51.0484 3296        p2pimsvc - ok
17:28:51.0530 3296        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:28:51.0562 3296        p2psvc - ok
17:28:51.0593 3296        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:28:51.0624 3296        Parport - ok
17:28:51.0655 3296        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:28:51.0671 3296        partmgr - ok
17:28:51.0702 3296        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:28:51.0749 3296        PcaSvc - ok
17:28:51.0796 3296        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:28:51.0827 3296        pci - ok
17:28:51.0842 3296        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:28:51.0858 3296        pciide - ok
17:28:51.0889 3296        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:28:51.0920 3296        pcmcia - ok
17:28:51.0936 3296        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:28:51.0952 3296        pcw - ok
17:28:51.0998 3296        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:28:52.0092 3296        PEAUTH - ok
17:28:52.0186 3296        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:28:52.0264 3296        PeerDistSvc - ok
17:28:52.0326 3296        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:28:52.0357 3296        PerfHost - ok
17:28:52.0544 3296        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:28:52.0654 3296        pla - ok
17:28:52.0716 3296        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:28:52.0763 3296        PlugPlay - ok
17:28:52.0794 3296        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:28:52.0825 3296        PNRPAutoReg - ok
17:28:52.0872 3296        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:28:52.0903 3296        PNRPsvc - ok
17:28:52.0934 3296        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:28:52.0997 3296        PolicyAgent - ok
17:28:53.0028 3296        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
17:28:53.0090 3296        Power - ok
17:28:53.0153 3296        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:28:53.0215 3296        PptpMiniport - ok
17:28:53.0246 3296        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:28:53.0278 3296        Processor - ok
17:28:53.0324 3296        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
17:28:53.0371 3296        ProfSvc - ok
17:28:53.0402 3296        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:28:53.0434 3296        ProtectedStorage - ok
17:28:53.0480 3296        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:28:53.0558 3296        Psched - ok
17:28:53.0636 3296        PSI_SVC_2      (0b6dea0a1662cab8f2bf339dc0752ef4) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
17:28:53.0714 3296        PSI_SVC_2 - ok
17:28:53.0824 3296        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:28:53.0902 3296        ql2300 - ok
17:28:54.0011 3296        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:28:54.0042 3296        ql40xx - ok
17:28:54.0073 3296        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:28:54.0136 3296        QWAVE - ok
17:28:54.0151 3296        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:28:54.0167 3296        QWAVEdrv - ok
17:28:54.0182 3296        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:28:54.0229 3296        RasAcd - ok
17:28:54.0276 3296        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:28:54.0338 3296        RasAgileVpn - ok
17:28:54.0370 3296        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:28:54.0401 3296        RasAuto - ok
17:28:54.0432 3296        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:28:54.0479 3296        Rasl2tp - ok
17:28:54.0510 3296        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:28:54.0588 3296        RasMan - ok
17:28:54.0604 3296        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:28:54.0650 3296        RasPppoe - ok
17:28:54.0666 3296        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:28:54.0697 3296        RasSstp - ok
17:28:54.0791 3296        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:28:54.0853 3296        rdbss - ok
17:28:54.0884 3296        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:28:54.0900 3296        rdpbus - ok
17:28:54.0916 3296        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:28:54.0978 3296        RDPCDD - ok
17:28:55.0025 3296        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:28:55.0072 3296        RDPDR - ok
17:28:55.0103 3296        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:28:55.0165 3296        RDPENCDD - ok
17:28:55.0181 3296        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:28:55.0212 3296        RDPREFMP - ok
17:28:55.0259 3296        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
17:28:55.0306 3296        RDPWD - ok
17:28:55.0368 3296        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:28:55.0399 3296        rdyboost - ok
17:28:55.0508 3296        RegSrvc        (a6baea839cc888d4961ab5fe16bb8c4a) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
17:28:55.0540 3296        RegSrvc - ok
17:28:55.0571 3296        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:28:55.0633 3296        RemoteAccess - ok
17:28:55.0664 3296        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:28:55.0696 3296        RemoteRegistry - ok
17:28:55.0774 3296        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
17:28:55.0820 3296        RFCOMM - ok
17:28:55.0836 3296        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:28:55.0914 3296        RpcEptMapper - ok
17:28:55.0930 3296        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:28:55.0976 3296        RpcLocator - ok
17:28:56.0242 3296        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:28:56.0288 3296        RpcSs - ok
17:28:56.0320 3296        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:28:56.0382 3296        rspndr - ok
17:28:56.0413 3296        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:28:56.0460 3296        s3cap - ok
17:28:56.0507 3296        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:28:56.0522 3296        SamSs - ok
17:28:56.0554 3296        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:28:56.0569 3296        sbp2port - ok
17:28:56.0600 3296        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:28:56.0678 3296        SCardSvr - ok
17:28:56.0725 3296        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:28:56.0772 3296        scfilter - ok
17:28:56.0866 3296        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:28:56.0928 3296        Schedule - ok
17:28:56.0975 3296        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:28:57.0022 3296        SCPolicySvc - ok
17:28:57.0053 3296        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
17:28:57.0068 3296        sdbus - ok
17:28:57.0115 3296        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:28:57.0178 3296        SDRSVC - ok
17:28:57.0209 3296        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:28:57.0256 3296        secdrv - ok
17:28:57.0287 3296        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:28:57.0365 3296        seclogon - ok
17:28:57.0396 3296        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:28:57.0443 3296        SENS - ok
17:28:57.0443 3296        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:28:57.0474 3296        SensrSvc - ok
17:28:57.0490 3296        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:28:57.0505 3296        Serenum - ok
17:28:57.0552 3296        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:28:57.0599 3296        Serial - ok
17:28:57.0677 3296        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:28:57.0692 3296        sermouse - ok
17:28:57.0770 3296        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:28:57.0833 3296        SessionEnv - ok
17:28:57.0848 3296        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
17:28:57.0880 3296        sffdisk - ok
17:28:57.0895 3296        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:28:57.0926 3296        sffp_mmc - ok
17:28:57.0926 3296        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\DRIVERS\sffp_sd.sys
17:28:57.0973 3296        sffp_sd - ok
17:28:57.0973 3296        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:28:58.0004 3296        sfloppy - ok
17:28:58.0067 3296        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
17:28:58.0129 3296        SharedAccess - ok
17:28:58.0192 3296        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:28:58.0270 3296        ShellHWDetection - ok
17:28:58.0301 3296        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:28:58.0316 3296        SiSRaid2 - ok
17:28:58.0332 3296        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:28:58.0348 3296        SiSRaid4 - ok
17:28:58.0379 3296        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:28:58.0457 3296        Smb - ok
17:28:58.0504 3296        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:28:58.0535 3296        SNMPTRAP - ok
17:28:58.0550 3296        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:28:58.0582 3296        spldr - ok
17:28:58.0613 3296        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:28:58.0691 3296        Spooler - ok
17:28:58.0909 3296        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:28:59.0050 3296        sppsvc - ok
17:28:59.0143 3296        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:28:59.0221 3296        sppuinotify - ok
17:28:59.0315 3296        sptd            (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
17:28:59.0377 3296        sptd - ok
17:28:59.0440 3296        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:28:59.0486 3296        srv - ok
17:28:59.0518 3296        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:28:59.0564 3296        srv2 - ok
17:28:59.0596 3296        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:28:59.0627 3296        srvnet - ok
17:28:59.0642 3296        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:28:59.0736 3296        SSDPSRV - ok
17:28:59.0752 3296        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:28:59.0783 3296        SstpSvc - ok
17:28:59.0845 3296        STacSV          (b00068ba94f5f306911b14b425aaeb56) C:\Program Files\IDT\WDM\STacSV64.exe
17:28:59.0876 3296        STacSV - ok
17:28:59.0908 3296        stdflt          (c568fdb21ce77a44fd166f28f104ac46) C:\Windows\system32\DRIVERS\stdfltn.sys
17:28:59.0908 3296        stdflt - ok
17:28:59.0939 3296        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:28:59.0954 3296        stexstor - ok
17:29:00.0017 3296        STHDA          (da40d9c9ccb9836d6abd1706935a2277) C:\Windows\system32\DRIVERS\stwrt64.sys
17:29:00.0064 3296        STHDA - ok
17:29:00.0157 3296        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:29:00.0220 3296        stisvc - ok
17:29:00.0266 3296        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:29:00.0282 3296        storflt - ok
17:29:00.0298 3296        StorSvc        (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
17:29:00.0344 3296        StorSvc - ok
17:29:00.0360 3296        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:29:00.0376 3296        storvsc - ok
17:29:00.0391 3296        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:29:00.0407 3296        swenum - ok
17:29:00.0454 3296        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:29:00.0547 3296        swprv - ok
17:29:00.0672 3296        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:29:00.0766 3296        SysMain - ok
17:29:00.0875 3296        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:29:00.0906 3296        TabletInputService - ok
17:29:00.0953 3296        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:29:01.0031 3296        TapiSrv - ok
17:29:01.0046 3296        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:29:01.0078 3296        TBS - ok
17:29:01.0218 3296        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:29:01.0312 3296        Tcpip - ok
17:29:01.0468 3296        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:29:01.0514 3296        TCPIP6 - ok
17:29:01.0608 3296        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:29:01.0670 3296        tcpipreg - ok
17:29:01.0702 3296        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:29:01.0733 3296        TDPIPE - ok
17:29:01.0764 3296        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:29:01.0795 3296        TDTCP - ok
17:29:01.0842 3296        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:29:01.0904 3296        tdx - ok
17:29:01.0951 3296        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:29:01.0967 3296        TermDD - ok
17:29:02.0029 3296        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:29:02.0107 3296        TermService - ok
17:29:02.0138 3296        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:29:02.0170 3296        Themes - ok
17:29:02.0185 3296        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:29:02.0216 3296        THREADORDER - ok
17:29:02.0248 3296        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:29:02.0279 3296        TrkWks - ok
17:29:02.0341 3296        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:29:02.0404 3296        TrustedInstaller - ok
17:29:02.0435 3296        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:29:02.0466 3296        tssecsrv - ok
17:29:02.0528 3296        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:29:02.0560 3296        TsUsbFlt - ok
17:29:02.0622 3296        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:29:02.0684 3296        tunnel - ok
17:29:02.0716 3296        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:29:02.0731 3296        uagp35 - ok
17:29:02.0778 3296        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:29:02.0856 3296        udfs - ok
17:29:02.0887 3296        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:29:02.0918 3296        UI0Detect - ok
17:29:02.0965 3296        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:29:02.0996 3296        uliagpkx - ok
17:29:03.0012 3296        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
17:29:03.0043 3296        umbus - ok
17:29:03.0059 3296        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:29:03.0074 3296        UmPass - ok
17:29:03.0137 3296        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:29:03.0184 3296        UmRdpService - ok
17:29:03.0215 3296        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:29:03.0308 3296        upnphost - ok
17:29:03.0355 3296        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
17:29:03.0386 3296        usbccgp - ok
17:29:03.0418 3296        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:29:03.0449 3296        usbcir - ok
17:29:03.0464 3296        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
17:29:03.0480 3296        usbehci - ok
17:29:03.0527 3296        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
17:29:03.0574 3296        usbhub - ok
17:29:03.0605 3296        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
17:29:03.0620 3296        usbohci - ok
17:29:03.0667 3296        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:29:03.0698 3296        usbprint - ok
17:29:03.0730 3296        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
17:29:03.0745 3296        usbscan - ok
17:29:03.0776 3296        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:29:03.0808 3296        USBSTOR - ok
17:29:03.0808 3296        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
17:29:03.0839 3296        usbuhci - ok
17:29:03.0870 3296        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
17:29:03.0917 3296        usbvideo - ok
17:29:03.0948 3296        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:29:03.0995 3296        UxSms - ok
17:29:04.0042 3296        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:29:04.0042 3296        VaultSvc - ok
17:29:04.0073 3296        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:29:04.0088 3296        vdrvroot - ok
17:29:04.0135 3296        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:29:04.0229 3296        vds - ok
17:29:04.0276 3296        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:29:04.0291 3296        vga - ok
17:29:04.0307 3296        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:29:04.0354 3296        VgaSave - ok
17:29:04.0385 3296        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:29:04.0416 3296        vhdmp - ok
17:29:04.0432 3296        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:29:04.0432 3296        viaide - ok
17:29:04.0463 3296        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:29:04.0494 3296        vmbus - ok
17:29:04.0510 3296        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:29:04.0541 3296        VMBusHID - ok
17:29:04.0572 3296        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:29:04.0572 3296        volmgr - ok
17:29:04.0634 3296        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:29:04.0681 3296        volmgrx - ok
17:29:04.0712 3296        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:29:04.0744 3296        volsnap - ok
17:29:04.0790 3296        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:29:04.0806 3296        vsmraid - ok
17:29:04.0931 3296        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:29:05.0040 3296        VSS - ok
17:29:05.0180 3296        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
17:29:05.0212 3296        vwifibus - ok
17:29:05.0258 3296        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
17:29:05.0305 3296        vwififlt - ok
17:29:05.0336 3296        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
17:29:05.0368 3296        vwifimp - ok
17:29:05.0430 3296        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:29:05.0492 3296        W32Time - ok
17:29:05.0508 3296        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:29:05.0524 3296        WacomPen - ok
17:29:05.0586 3296        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:29:05.0648 3296        WANARP - ok
17:29:05.0648 3296        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:29:05.0680 3296        Wanarpv6 - ok
17:29:05.0789 3296        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:29:05.0867 3296        wbengine - ok
17:29:05.0976 3296        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:29:06.0023 3296        WbioSrvc - ok
17:29:06.0054 3296        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:29:06.0116 3296        wcncsvc - ok
17:29:06.0148 3296        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:29:06.0163 3296        WcsPlugInService - ok
17:29:06.0210 3296        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:29:06.0226 3296        Wd - ok
17:29:06.0288 3296        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:29:06.0335 3296        Wdf01000 - ok
17:29:06.0350 3296        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:29:06.0444 3296        WdiServiceHost - ok
17:29:06.0460 3296        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:29:06.0475 3296        WdiSystemHost - ok
17:29:06.0522 3296        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:29:06.0569 3296        WebClient - ok
17:29:06.0600 3296        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:29:06.0662 3296        Wecsvc - ok
17:29:06.0678 3296        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:29:06.0725 3296        wercplsupport - ok
17:29:06.0740 3296        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:29:06.0787 3296        WerSvc - ok
17:29:06.0834 3296        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:29:06.0881 3296        WfpLwf - ok
17:29:06.0896 3296        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:29:06.0912 3296        WIMMount - ok
17:29:06.0943 3296        WinDefend - ok
17:29:06.0943 3296        WinHttpAutoProxySvc - ok
17:29:07.0006 3296        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:29:07.0068 3296        Winmgmt - ok
17:29:07.0208 3296        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:29:07.0318 3296        WinRM - ok
17:29:07.0458 3296        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:29:07.0536 3296        Wlansvc - ok
17:29:07.0630 3296        WMCoreService - ok
17:29:07.0692 3296        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:29:07.0723 3296        WmiAcpi - ok
17:29:07.0801 3296        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:29:07.0848 3296        wmiApSrv - ok
17:29:07.0864 3296        WMPNetworkSvc - ok
17:29:07.0879 3296        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:29:07.0910 3296        WPCSvc - ok
17:29:07.0942 3296        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:29:08.0004 3296        WPDBusEnum - ok
17:29:08.0020 3296        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:29:08.0082 3296        ws2ifsl - ok
17:29:08.0098 3296        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
17:29:08.0129 3296        wscsvc - ok
17:29:08.0129 3296        WSearch - ok
17:29:08.0285 3296        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
17:29:08.0378 3296        wuauserv - ok
17:29:08.0519 3296        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:29:08.0581 3296        WudfPf - ok
17:29:08.0612 3296        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:29:08.0675 3296        WUDFRd - ok
17:29:08.0722 3296        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:29:08.0753 3296        wudfsvc - ok
17:29:08.0784 3296        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:29:08.0831 3296        WwanSvc - ok
17:29:08.0893 3296        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:29:09.0268 3296        \Device\Harddisk0\DR0 - ok
17:29:09.0268 3296        Boot (0x1200)  (ec4ad7cbe76347912db90620b58a2c5d) \Device\Harddisk0\DR0\Partition0
17:29:09.0268 3296        \Device\Harddisk0\DR0\Partition0 - ok
17:29:09.0299 3296        Boot (0x1200)  (51e9c250715d25a60c46509641b0c802) \Device\Harddisk0\DR0\Partition1
17:29:09.0299 3296        \Device\Harddisk0\DR0\Partition1 - ok
17:29:09.0299 3296        ============================================================
17:29:09.0299 3296        Scan finished
17:29:09.0299 3296        ============================================================
17:29:09.0314 3172        Detected object count: 2
17:29:09.0314 3172        Actual detected object count: 2
17:29:22.0684 3172        BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - skipped by user
17:29:22.0684 3172        BrcmMgmtAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:29:22.0684 3172        InstallFilterService ( UnsignedFile.Multi.Generic ) - skipped by user
17:29:22.0684 3172        InstallFilterService ( UnsignedFile.Multi.Generic ) - User select action: Skip


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:40 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131