Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU Trojaner mit Kamera (https://www.trojaner-board.de/120085-gvu-trojaner-kamera.html)

JoeCool 23.07.2012 06:50
Guten Morgen,

hier schonmal der neue Report von ADW. Emisoft läuft noch...

Code:
# AdwCleaner v1.703 - Logfile created 07/23/2012 at 07:29:35
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : JoeCool - ACER-NETBOOK
# Running from : C:\Users\JoeCool\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\JoeCool\AppData\Local\Conduit
Folder Deleted : C:\Users\JoeCool\AppData\Local\OpenCandy
Folder Deleted : C:\Users\JoeCool\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\JoeCool\AppData\Roaming\OpenCandy
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Softonic
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2548838[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Description
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Deleted : HKLM\SOFTWARE\Web Assistant

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\ohbo7nap.default\prefs.js

C:\Users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\ohbo7nap.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "MyStart Search");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Search the Web");
Deleted : user_pref("browser.startup.homepage", "hxxp://Mystart.incredibar.com/mb124");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=119998");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "9a65cef7000000000000001e64348cf3");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "9a65cef7000000000000001e64348cf3");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15422");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=119998&babsrc=NT_s[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:00:45");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.Softonic.admin", false);
Deleted : user_pref("extensions.Softonic.aflt", "orgnl");
Deleted : user_pref("extensions.Softonic.autoRvrt", "false");
Deleted : user_pref("extensions.Softonic.dfltLng", "");
Deleted : user_pref("extensions.Softonic.excTlbr", false);
Deleted : user_pref("extensions.Softonic.id", "9a65cef7000000000000001e64348cf3");
Deleted : user_pref("extensions.Softonic.instlDay", "15479");
Deleted : user_pref("extensions.Softonic.instlRef", "MON00001");
Deleted : user_pref("extensions.Softonic.prdct", "Softonic");
Deleted : user_pref("extensions.Softonic.prtnrId", "softonic");
Deleted : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...]
Deleted : user_pref("extensions.Softonic.tlbrId", "base");
Deleted : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[...]
Deleted : user_pref("extensions.Softonic.vrsn", "1.5.21.0");
Deleted : user_pref("extensions.Softonic.vrsni", "1.5.21.0");
Deleted : user_pref("extensions.Softonic_i.newTab", false);
Deleted : user_pref("extensions.Softonic_i.smplGrp", "none");
Deleted : user_pref("extensions.Softonic_i.vrsnTs", "1.5.21.011:51:49");
Deleted : user_pref("extensions.enabledAddons", "ffxtlbr@incredibar.com:1.5.0,googlebar@google.com:1.0,{972ce4[...]
Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1339484352821");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Deleted : user_pref("extensions.incredibar.cntry", "DE");
Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.dfltlng", "EN");
Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Deleted : user_pref("extensions.incredibar.did", "10657");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "0A3A46359486F678F6583F5DB39F58FF");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.hrdid", "0");
Deleted : user_pref("extensions.incredibar.id", "9a65cef7000000000000001e64348cf3");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15503");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.instlday", "15503");
Deleted : user_pref("extensions.incredibar.instlref", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);
Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Deleted : user_pref("extensions.incredibar.keywordurl", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.148:15:03");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.newtab", "false");
Deleted : user_pref("extensions.incredibar.newtaburl", "");
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.propectorlck", 78067074);
Deleted : user_pref("extensions.incredibar.prtkHmpg", 1);
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.smplgrp", "none");
Deleted : user_pref("extensions.incredibar.srch", "");
Deleted : user_pref("extensions.incredibar.srchprvdr", "");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyEHkzSSo&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.tlbrid", "base");
Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyEHkzSSo&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6OyEHkzSSo");
Deleted : user_pref("extensions.incredibar.upn2n", "92261571160651468");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.148:15:03");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.148:15:03");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10657");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "9a65cef7000000000000001e64348cf3");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15503");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyEHkzSSo&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6OyEHkzSSo");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92261571160651468");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.148:15:03");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb155/?loc=IB_DS&a=6OyEHkzSSo&&i=26&search="[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

Profile name : default-1339507078693 [Profil par défaut]
File : C:\Users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\JoeCool\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [18599 octets] - [22/07/2012 21:54:00]
AdwCleaner[S1].txt - [276 octets] - [23/07/2012 07:29:06]
AdwCleaner[S2].txt - [16850 octets] - [23/07/2012 07:29:35]

########## EOF - C:\AdwCleaner[S2].txt - [16979 octets] ##########
Hier noch die Adw S1:

Code:
# AdwCleaner v1.703 - Logfile created 07/23/2012 at 07:29:06
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : JoeCool - ACER-NETBOOK
# Running from : C:\Users\JoeCool\Desktop\adwcleaner.exe
# Option [Delete]
Emisoft nährt sich dem Ende...

So, hier nun der Bericht von Emisoft. Das meiste ist wohl recht harmlos, aber am Ende finden sich dann doch ein Paar Kracher :-(
Hab noch nichts gelöscht.


Code:
Emsisoft Anti-Malware - Version 6.6
Letztes Update: 23.07.2012 07:41:21

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:        23.07.2012 07:41:45

c:\users\joecool\appdata\roaming\microsoft\windows\start menu\programs\partypoker        gefunden: Trace.File.partypoker!E1
c:\program files (x86)\ascentive\performance center        gefunden: Trace.File.spyware striker pro!E1
c:\users\joecool\appdata\roaming\pacificpoker\        gefunden: Trace.File.pacificpoker!E1
Value: hkey_current_user\software\pokerinstaller --> fullpath        gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 1        gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 2        gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 4        gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 5        gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 6        gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 7        gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 9        gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> adslastknownstate        gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> apppath        gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> id        gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> initialport        gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> installstate        gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> mucklosinghand        gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> sl        gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> tabletype        gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming\partypoker --> usecount        gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> autologintoothergames        gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> cfdialogshown        gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> freshinstall        gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\partygaming --> oldcfformat        gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> buttontext        gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> clsid        gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> default visible        gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> exec        gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> hoticon        gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> icon        gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> menustatusbar        gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> menutext        gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\internet explorer\extensions\{b7fe5d70-9aa2-40f1-9c6b-12a255f085e1} --> path        gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> displayicon        gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> displayname        gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> displayversion        gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installdate        gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installlocation        gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installsource        gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> installsourcefile        gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> publisher        gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> silentsettings        gefunden: Trace.Registry.partypoker!E1
Value: hkey_local_machine\software\microsoft\windows\currentversion\uninstall\partypoker --> uninstallstring        gefunden: Trace.Registry.partypoker!E1
Value: hkey_current_user\software\pokerinstaller --> installer_guid        gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\pokerinstaller --> url_casino_2        gefunden: Trace.Registry.pacific poker!E1
Value: hkey_current_user\software\partygaming\partypoker --> 10        gefunden: Trace.Registry.partypoker!E1
Key: hkey_current_user\software\pacificpoker        gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pacificpoker\poker        gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pacificpoker\poker\init        gefunden: Trace.Registry.pacificpoker!E1
Key: hkey_current_user\software\pokerinstaller        gefunden: Trace.Registry.pacificpoker!E1
C:\Users\JoeCool\Downloads\backups\backup-20111202-113817-403.dll        gefunden: Adware.Win32.Toolbar.Dealio.AMN!E1
C:\Program Files (x86)\SecurityXploded\SXPasswordSuite\BrowserPasswordDecryptor.exe        gefunden: Riskware.PSWTool.Win32.PasswordRecovery.AMN!E1
C:\Program Files (x86)\SecurityXploded\SXPasswordSuite\NetworkPasswordDecryptor.exe        gefunden: Trojan.Win32.SecurityXploded.AMN!E1
C:\Program Files (x86)\SecurityXploded\SXPasswordSuite\YahooPasswordDecryptor.exe        gefunden: Trojan.Win32.SecurityXploded.AMN!E1

Gescannt        637126
Gefunden        54

Scan Ende:        23.07.2012 10:06:47
Scan Zeit:        2:25:02

JoeCool 23.07.2012 09:13
Hier nochmal Adw und Emisoft als Zip

t'john 23.07.2012 10:08
Du brauchst die Logs nicht anhaengen, wenn du sie gepostet hast. Also entweder - oder. :)


Lasse die Funde loeschen, dann:

Deinstalliere:
Emsisoft Anti-Malware

ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

JoeCool 23.07.2012 13:52
So, hat ne Ewigkeit gedauert und 2 Viren gefunden...

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2795bedf0453a1419da4152ec4bfcd29
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-23 12:47:36
# local_time=2012-07-23 02:47:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 2258176 2258176 0 0
# compatibility_mode=5893 16776574 100 94 40164986 94666108 0 0
# compatibility_mode=8192 67108863 100 0 103 103 0 0
# scanned=208708
# found=2
# cleaned=2
# scan_time=11398
C:\Users\JoeCool\AppData\Roaming\13001.025\components\AcroFFe.dll        a variant of Win32/Spy.Banker.YCR trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\JoeCool\AppData\Roaming\13001.026\components\AcroFF026.dll        a variant of Win32/Spy.Banker.YCR trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

t'john 23.07.2012 17:30
Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

  • Windows XP (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)



Vorbereitung und wichtige Hinweise

  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte fragen.




  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.




  • Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
  • Während des Laufs von Combofix nichts anderes am Computer machen!
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".



  • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
  • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
  • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
  • Bitte nicht in dieses Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es wird ein Backup Deiner Registry erstellt.
  • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.



  • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
  • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
  • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.



  • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
  • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.



Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

JoeCool 23.07.2012 19:37
Also ich hab kein IE Icon bekommen. Dafür waren dann die Fierefox icons plötzlich alle kaputt (liefen ins leere und wurden gelöscht...).
Nach neustart läuft Firefox jetzt aber wieder. Hier die Logs:

[CODE]
Combofix Logfile:
Code:
ComboFix 12-07-21.01 - JoeCool 23.07.2012  19:55:57.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.1979.782 [GMT 2:00]
ausgeführt von:: c:\users\JoeCool\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Cannonnt
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
c:\programdata\1&1
c:\programdata\1&1\1&1 Office-Drive Manager\ULMSettings.xml
c:\programdata\Roaming
c:\users\JoeCool\AppData\Local\assembly\tmp
c:\users\JoeCool\AppData\Roaming\.#
c:\users\JoeCool\AppData\Roaming\1&1
c:\users\JoeCool\AppData\Roaming\1&1\1&1 Office-Drive Manager\ULMSettings.xml
c:\users\JoeCool\AppData\Roaming\AcroIEHelpe.txt
c:\users\JoeCool\AppData\Roaming\srvblck5.tmp
c:\windows\dwatson.dll
c:\windows\IsUn0407.exe
c:\windows\ntcore.dll
c:\windows\NTVDLL.dll
c:\windows\refsdm.dll
c:\windows\SysWow64\c.dll
c:\windows\winclfile.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-23 bis 2012-07-23  ))))))))))))))))))))))))))))))
.
.
2012-07-23 18:06 . 2012-07-23 18:06        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-23 05:37 . 2012-07-23 09:29        --------        d-----w-        c:\program files (x86)\Emsisoft Anti-Malware
2012-07-22 16:22 . 2012-06-12 03:08        3148800        ----a-w-        c:\windows\system32\win32k.sys
2012-07-22 14:40 . 2012-07-22 14:40        --------        d-sh--w-        c:\windows\system32\%APPDATA%
2012-07-22 14:22 . 2012-07-22 14:22        --------        d-sh--w-        c:\windows\SysWow64\%APPDATA%
2012-07-22 14:20 . 2012-06-09 05:43        14172672        ----a-w-        c:\windows\system32\shell32.dll
2012-07-22 14:20 . 2012-03-03 06:35        1544704        ----a-w-        c:\windows\system32\DWrite.dll
2012-07-22 14:20 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-07-22 14:20 . 2012-06-06 06:06        2004480        ----a-w-        c:\windows\system32\msxml6.dll
2012-07-22 14:20 . 2012-06-06 06:06        1881600        ----a-w-        c:\windows\system32\msxml3.dll
2012-07-22 14:20 . 2012-06-06 05:05        1390080        ----a-w-        c:\windows\SysWow64\msxml6.dll
2012-07-22 14:20 . 2012-06-06 05:05        1236992        ----a-w-        c:\windows\SysWow64\msxml3.dll
2012-07-22 14:20 . 2010-06-26 03:55        2048        ----a-w-        c:\windows\system32\msxml3r.dll
2012-07-22 14:20 . 2010-06-26 03:24        2048        ----a-w-        c:\windows\SysWow64\msxml3r.dll
2012-07-22 14:19 . 2012-06-02 05:50        458704        ----a-w-        c:\windows\system32\drivers\cng.sys
2012-07-22 14:19 . 2012-06-02 05:48        95600        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-07-22 14:19 . 2012-06-02 05:48        151920        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2012-07-22 14:19 . 2012-06-02 05:45        340992        ----a-w-        c:\windows\system32\schannel.dll
2012-07-22 14:19 . 2012-06-02 05:44        307200        ----a-w-        c:\windows\system32\ncrypt.dll
2012-07-22 14:19 . 2012-06-02 04:40        225280        ----a-w-        c:\windows\SysWow64\schannel.dll
2012-07-22 14:19 . 2012-06-02 04:39        219136        ----a-w-        c:\windows\SysWow64\ncrypt.dll
2012-07-22 14:19 . 2012-06-02 04:40        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2012-07-22 14:19 . 2012-06-02 04:34        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2012-07-22 14:19 . 2012-03-17 07:58        75120        ----a-w-        c:\windows\system32\drivers\partmgr.sys
2012-07-22 14:17 . 2012-04-26 05:41        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-07-22 14:17 . 2012-04-26 05:41        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-07-22 14:17 . 2012-04-26 05:34        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-07-22 14:17 . 2012-04-28 03:55        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-07-22 14:13 . 2012-03-31 05:42        1732096        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL
2012-07-22 14:13 . 2012-03-31 05:40        1367552        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-07-22 14:13 . 2012-03-31 05:40        1402880        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll
2012-07-22 14:13 . 2012-03-31 05:40        1393664        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll
2012-07-22 14:13 . 2012-03-31 04:29        936960        ----a-w-        c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-07-22 14:13 . 2012-06-06 06:05        1499136        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll
2012-07-22 14:13 . 2012-06-06 05:05        1019904        ----a-w-        c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-22 14:12 . 2012-06-06 06:05        466944        ----a-w-        c:\program files\Common Files\System\ado\msadomd.dll
2012-07-22 14:12 . 2012-06-06 06:05        258048        ----a-w-        c:\program files\Common Files\System\msadc\msadco.dll
2012-07-22 14:12 . 2012-06-06 05:03        805376        ----a-w-        c:\windows\SysWow64\cdosys.dll
2012-07-22 14:12 . 2012-06-06 06:05        495616        ----a-w-        c:\program files\Common Files\System\ado\msadox.dll
2012-07-22 14:12 . 2012-06-06 05:05        352256        ----a-w-        c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-22 14:12 . 2012-06-06 05:05        57344        ----a-w-        c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-22 14:12 . 2012-06-06 06:05        61440        ----a-w-        c:\program files\Common Files\System\ado\msador15.dll
2012-07-22 14:12 . 2012-06-06 05:05        212992        ----a-w-        c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-22 14:12 . 2012-06-06 06:02        1133568        ----a-w-        c:\windows\system32\cdosys.dll
2012-07-22 14:12 . 2012-06-06 05:05        143360        ----a-w-        c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-22 14:12 . 2012-06-06 05:05        372736        ----a-w-        c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-22 12:57 . 2012-07-22 12:57        --------        d-----w-        C:\_OTL
2012-07-22 12:44 . 2012-07-22 12:44        476976        ----a-w-        c:\windows\SysWow64\npdeployJava1.dll
2012-07-21 12:14 . 2012-07-21 13:45        --------        d-----w-        c:\users\JoeCool\AppData\Local\adaware
2012-07-21 12:13 . 2011-12-19 10:44        60536        ----a-w-        c:\windows\system32\drivers\sbhips.sys
2012-07-21 12:13 . 2011-12-19 11:21        45936        ----a-w-        c:\windows\system32\sbbd.exe
2012-07-21 12:13 . 2012-07-21 12:20        --------        d-----w-        c:\program files (x86)\Ad-Aware Antivirus
2012-07-21 12:11 . 2012-07-23 09:31        --------        d-----w-        c:\programdata\Ad-Aware Browsing Protection
2012-07-21 12:10 . 2012-07-21 12:11        --------        d-----w-        c:\program files (x86)\adawaretb
2012-07-21 12:09 . 2012-07-22 10:03        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\Ad-Aware Antivirus
2012-07-17 16:00 . 2012-07-17 16:00        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\13001.026
2012-07-17 10:52 . 2012-07-22 12:44        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\Skype
2012-07-17 10:51 . 2012-07-17 10:51        --------        d-----r-        c:\program files (x86)\Skype
2012-07-17 10:51 . 2012-07-17 10:51        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2012-07-17 10:51 . 2012-07-17 10:52        --------        d-----w-        c:\programdata\Skype
2012-07-14 18:46 . 2012-07-15 07:54        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\13001.025
2012-07-13 15:08 . 2012-07-14 05:29        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\13001.024
2012-07-12 18:42 . 2012-07-12 18:42        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\13001.023
2012-07-12 12:04 . 2012-07-12 12:05        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\13001.022
2012-07-12 12:04 . 2012-07-17 10:54        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\xmldm
2012-07-12 12:04 . 2012-07-12 12:04        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\kock
2012-07-06 10:55 . 2012-07-06 10:55        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\EurekaLog
2012-06-27 06:27 . 2012-06-27 06:27        --------        d-----w-        c:\users\JoeCool\AppData\Roaming\Avira
2012-06-27 06:21 . 2012-05-02 13:24        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-06-27 06:21 . 2012-04-27 08:20        132832        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-06-27 06:21 . 2012-04-24 22:32        98848        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-06-27 06:21 . 2012-06-27 06:21        --------        d-----w-        c:\programdata\Avira
2012-06-27 06:21 . 2012-06-27 06:21        --------        d-----w-        c:\program files (x86)\Avira
2012-06-26 10:02 . 2011-06-02 05:47        177640        ----a-w-        c:\windows\system32\drivers\ssadmdm.sys
2012-06-26 10:02 . 2011-06-02 05:47        13800        ----a-w-        c:\windows\system32\drivers\ssadwhnt.sys
2012-06-26 10:02 . 2011-06-02 05:47        16872        ----a-w-        c:\windows\system32\drivers\ssadmdfl.sys
2012-06-26 10:02 . 2011-06-02 05:47        157672        ----a-w-        c:\windows\system32\drivers\ssadbus.sys
2012-06-26 10:02 . 2011-06-02 05:47        13288        ----a-w-        c:\windows\system32\drivers\ssadcmnt.sys
2012-06-26 09:33 . 2012-06-26 09:38        --------        d-----w-        C:\2c9c9d0d276235ed2517d9b428
2012-06-25 11:07 . 2012-06-25 11:07        --------        d-----w-        c:\program files (x86)\BMWi-Businessplaner
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-22 12:44 . 2010-06-27 13:02        472880        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-07-12 07:20 . 2012-04-18 10:39        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 07:20 . 2011-07-24 12:29        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2011-12-02 10:13        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-03 01:19 . 2009-12-25 13:09        59701280        ----a-w-        c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-19 10:22        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 10:22        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 10:22        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 10:22        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 10:22        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 10:22        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 10:22        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 10:21        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-19 10:21        36864        ----a-w-        c:\windows\system32\wuapp.exe
2012-05-29 07:38 . 2011-12-23 19:58        330240        ----a-w-        c:\windows\MASetupCaller.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-04-11 20:08        87440        ----a-w-        c:\program files (x86)\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\adawaretb\adawareDx.dll" [2012-04-11 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41        120104        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
"1&1_1&1 Office-Drive Manager"="c:\program files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE" [2011-08-03 964688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-09-24 825864]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"LGODDFU"="c:\program files (x86)\lg_fwupdate\lgfw.exe" [2012-07-16 27760]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 7 (0x7)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"LexwareInfoService"=c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2009-12-18 17864]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 135664]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
R3 NETw1v64;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 60536]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2011-07-23 15672]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-09-06 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R4 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2009-01-08 187456]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 57976]
S1 ui11drdr;ui11drdr;c:\windows\system32\DRIVERS\ui11drdr.sys [2011-08-03 199752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-07-12 1239952]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-31 1166848]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-09-06 119632]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 msftesql$COMBIT_CRM;SQL Server-Volltextsuche (COMBIT_CRM);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2010-03-26 91992]
S2 MSSQL$COMBIT_CRM;SQL Server (COMBIT_CRM);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 74872]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-05-26 40448]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-09-06 20552]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2000-01-01 76912]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-11-24 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44        137512        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-04-09 320000]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 11780712]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2726728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: {{0221703C-6E84-4915-9960-593A66B3D84E} - c:\program files (x86)\ELOoffice\EloArcConnect.exe
IE: {{39FC0E7F-84EA-4962-AB58-33913BC63CAB} - c:\program files (x86)\ELOoffice\EloInternetExplorer.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\
FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PhotoRecord - c:\windows\IsUn0407.exe
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
AddRemove-Video Player - c:\program files (x86)\FLVPlayer\Uninstall\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msftesql$COMBIT_CRM]
"ImagePath"="\"c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:COMBIT_CRM"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\programdata\TVersity\Media Server\MediaServer.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-23  20:19:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-23 18:19
.
Vor Suchlauf: 17 Verzeichnis(se), 163.354.742.784 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 163.112.054.784 Bytes frei
.
- - End Of File - - 402ACD80BEE4E1D04BF0F7606F36E357
--- --- ---


Code:

 Update for Microsoft Office 2007 (KB2508958)
1&1 Office-Drive Manager
6300
6300_Help
6300Trb
Acer Crystal Eye webcam Ver:1.1.95.714
Acer ePower Management
Acer eRecovery Management
Acer GameZone Console
Acer GridVista
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Acrobat.com
ActiveTrader 5.1.2_b2
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Ad-Aware Security Toolbar
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.1 MUI
Adobe Shockwave Player 11.5
Advanced Renamer
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Alcor Micro USB Card Reader
Alice Greenfingers
Amazonia
Apple Software Update
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Avira Free Antivirus
AVM FRITZ!Box Dokumentation
BGBlitz 2.7.0
BitTorrent
BMWi-Businessplaner Gründung
BufferChm
C:\Users\JoeCool\AppData\Local\Temp\Rar$EX00.762\SDSD DEMO CPEditor
C:\Users\JoeCool\VAIO\Joe Cool\Eigene Dateien\MariCon\SDL Complete\Charter Party Editor 32bit (2006)
Calculatem Pro
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG5200 series Benutzerregistrierung
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 4.0
Canon My Printer
Canon PhotoRecord
Canon Solution Menu EX
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CD-LabelPrint
Charter Party Viewer
Chicken Invaders 2
Compatibility Pack für 2007 Office System
CSS3 Menu
CyberLink PowerDVD 8
Dairy Dash
DATA BECKER TWIN 7 Tweaker
Dia (nur entfernen)
DocProc
Dream Day First Home
DSL-Speedtest
ELO Pdf Drucker
ELOoffice
ElsterFormular
Farm Frenzy 2
First Class Flurry
funScreenScraping Client Version
funScreenScraping Microsoft Systemdateien
Google Apps Migration For Microsoft Outlook® 2.3.12.34
Google Calendar Sync
Google Update Helper
GPL Ghostscript
Granny In Paradise
GSview 5.0
Haufe iDesk-Browser
Haufe iDesk-Service
Heroes of Hellas
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HPPhotoGadget
Identity Card
IKEA Home Planner
Inkscape 0.48.3.1
Intel PROSet Wireless
Intel(R) Rapid Storage Technology
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 33
Java(TM) SE Runtime Environment 6
JellyFish Light 3.5
julitecCRM 6.0
Junk Mail filter update
K-Lite Codec Pack 5.6.1 (Basic)
KompoZer 0.8b3
Launch Manager
Lexware Abschreibungsrechner
Lexware büro easy 2007
Lexware Info Service
Lexware online banking 4.80
LG CyberLink LabelPrint
LG CyberLink Power2Go
LG CyberLink PowerBackup
LG CyberLink YouCam
LG ODD Auto Firmware Update
LG Power Tools
LG United Mobile Drivers
LG USB Modem Drivers
LinkedIn Outlook Connector
Logitech Harmony Remote Software 7
Malwarebytes Anti-Malware Version 1.62.0.1300
Merriam Websters Spell Jam
Microsoft Choice Guard
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2007
Microsoft Office InfoPath MUI (German) 2007
Microsoft Office Language Pack 2007 - German/Deutsch
Microsoft Office Live Add-in 1.5
Microsoft Office O MUI (German) 2007
Microsoft Office OneNote MUI (German) 2007
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office SharePoint Designer MUI (German) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (German) 2007
Microsoft Office X MUI (German) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (COMBIT_CRM)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 13.0.1 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
Netpas Distance
Nvu 1.0
OutlookAddInNet3Setup
PC Inspector File Recovery
PDFCreator
Picasa 3
PNMD
Protect Disc License Helper 1.0.118
QuickSteuer 2010
QuickSteuer Wissens-Center 2010
QuickTime
Realtek High Definition Audio Driver
Remote Control USB Driver
Samsung Kies
Scan
Scribus 1.4.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Serif PagePlus Starter Edition
Servicepack Datumsaktualisierung
Skype™ 5.10
SopCast 3.5.0
Spybot - Search & Destroy
System Requirements Lab for Intel
Tinypic 3.18
Toolbox
Tools für Microsoft SQL Server 2005
TreeSize Free V2.5
TuneUp Utilities 2012
TuneUp Utilities Language Pack (de-DE)
TVersity Codec Pack 1.7
TVersity Media Server 1.9.7
UnloadSupport
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Video Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebCam
WebReg
Welcome Center
Windows Live-Uploadtool
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
WinRAR
WOW Slider
Xiph.Org Open Codecs 0.85.17777
xp-AntiSpy 3.97-7

t'john 23.07.2012 21:51
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.


Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

JoeCool 23.07.2012 22:46
Here we go...
Bin dann morgen wieder Online. Nähren wir uns dem Ende ? :crazy:


OTL Logfile:
Code:
OTL logfile created on: 23.07.2012 23:17:00 - Run 2
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Users\JoeCool\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 1,16 Gb Available Physical Memory | 59,80% Memory free
3,87 Gb Paging File | 2,40 Gb Available in Paging File | 62,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220,79 Gb Total Space | 152,07 Gb Free Space | 68,88% Space Free | Partition Type: NTFS
Drive D: | 7,51 Gb Total Space | 7,45 Gb Free Space | 99,18% Space Free | Partition Type: FAT32
 
Computer Name: ACER-NETBOOK | User Name: JoeCool | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\JoeCool\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
PRC - C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
PRC - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (dgdersvc) -- C:\Windows\SysNative\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe ()
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sbhips) -- C:\Windows\SysNative\drivers\sbhips.sys (GFI Software)
DRV:64bit: - (sbapifs) -- C:\Windows\SysNative\drivers\sbapifs.sys (GFI Software)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\sbredrv.sys (GFI Software)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (ui11drdr) -- C:\Windows\SysNative\drivers\ui11drdr.SYS (1&1 Internet AG)
DRV:64bit: - (SWDUMon) -- C:\Windows\SysNative\drivers\SWDUMon.sys ()
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (int15.sys) -- C:\Windows\SysNative\OEM\factory\int15.sys (Acer, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (SBRE) -- C:\Windows\SysWOW64\drivers\SBREDrv.sys (GFI Software)
DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810tz&r=273612090016l0333z125t4851a38n
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.21 14:11:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\googlebar@google.com: C:\Users\JoeCool\AppData\Roaming\Google_Toolbar\Google_Toolbar\1.0.0.0 [2012.06.12 14:47:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\JoeCool\AppData\Roaming\13001.026 [2012.07.17 18:00:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.21 14:11:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.04.22 07:17:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Extensions
[2012.07.21 14:11:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\ohbo7nap.default\extensions
[2012.07.21 14:11:05 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\ohbo7nap.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012.07.21 14:11:10 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\ohbo7nap.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012.07.21 14:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\extensions
[2012.07.21 14:11:05 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012.07.21 14:11:10 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\JoeCool\AppData\Roaming\mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012.07.22 14:44:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.22 14:44:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2011.07.19 11:45:01 | 000,000,000 | ---D | M] (Long Titles) -- C:\PROGRAM FILES (X86)\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}
[2012.06.20 20:59:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.11 16:45:42 | 000,002,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2012.02.18 08:35:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.18 08:35:09 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.18 08:35:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.18 08:35:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.18 08:35:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.18 08:35:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://www.google.com
CHR - Extension: No name found = C:\Users\JoeCool\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknkimpcfkpmmikggddpidpmaljigegp\3_0\
 
O1 HOSTS File: ([2012.07.23 20:06:13 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\lgfw.exe (Bitleader)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001..\Run: [1&1_1&1 Office-Drive Manager] C:\Program Files (x86)\1&1\1&1 Office-Drive Manager\DAVSRV.EXE (1&1 Internet AG)
O4 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 7
O7 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra 'Tools' menuitem : ELO Konfiguration - {0221703C-6E84-4915-9960-593A66B3D84E} - C:\Program Files (x86)\ELOoffice\EloArcConnect.exe ()
O9:64bit: - Extra Button: ELO Archiv - {39FC0E7F-84EA-4962-AB58-33913BC63CAB} - C:\Program Files (x86)\ELOoffice\EloInternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : ELO Konfiguration - {0221703C-6E84-4915-9960-593A66B3D84E} - C:\Program Files (x86)\ELOoffice\EloArcConnect.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ELO Archiv - {39FC0E7F-84EA-4962-AB58-33913BC63CAB} - C:\Program Files (x86)\ELOoffice\EloInternetExplorer.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-3899731673-2456997713-1197237625-1001\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{209CAB17-3433-4606-BBA1-C77E5434E188}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DF772E7-62EB-4A1D-9BD0-AE5DDB4DECB3}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
MsConfig:64bit - StartUpReg: BlackBerryAutoUpdate - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: mwlDaemon - hkey= - key= - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
MsConfig:64bit - StartUpReg: RayV - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: swg - hkey= - key= -  File not found
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Ad-Aware Service - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SBAMSvc - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Ad-Aware Service - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SBAMSvc - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.23 20:28:06 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\1&1
[2012.07.23 20:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\1&1
[2012.07.23 20:10:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.07.23 19:53:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.07.23 19:53:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.07.23 19:53:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.07.23 19:52:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.23 19:52:15 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.07.23 19:46:10 | 004,582,474 | R--- | C] (Swearware) -- C:\Users\JoeCool\Desktop\ComboFix.exe
[2012.07.23 11:23:43 | 002,322,184 | ---- | C] (ESET) -- C:\Users\JoeCool\Desktop\esetsmartinstaller_enu.exe
[2012.07.23 07:37:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012.07.23 07:37:45 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\Documents\Anti-Malware
[2012.07.23 07:24:50 | 139,009,208 | ---- | C] (Emsisoft GmbH                                              ) -- C:\Users\JoeCool\Desktop\EmsisoftAntiMalwareSetup.exe
[2012.07.22 18:43:13 | 000,000,000 | R--D | C] -- C:\Users\JoeCool\Saved Games
[2012.07.22 18:43:12 | 000,000,000 | R--D | C] -- C:\Users\JoeCool\Contacts
[2012.07.22 16:40:51 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012.07.22 16:22:56 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.07.22 14:57:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.22 09:39:41 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\JoeCool\Desktop\OTL.exe
[2012.07.21 14:14:13 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Local\adaware
[2012.07.21 14:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012.07.21 14:13:38 | 000,060,536 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\sbhips.sys
[2012.07.21 14:13:37 | 000,045,936 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2012.07.21 14:13:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012.07.21 14:11:18 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Local\adawarebp
[2012.07.21 14:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012.07.21 14:10:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012.07.21 14:09:55 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Ad-Aware Antivirus
[2012.07.19 13:16:46 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\Desktop\MariCon
[2012.07.17 18:00:17 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.026
[2012.07.17 12:52:27 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Skype
[2012.07.17 12:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.07.17 12:51:53 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012.07.17 12:51:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.07.17 12:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.07.14 20:46:51 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.025
[2012.07.13 17:08:34 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.024
[2012.07.12 20:42:42 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.023
[2012.07.12 14:04:59 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\13001.022
[2012.07.12 14:04:34 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\xmldm
[2012.07.12 14:04:30 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\kock
[2012.07.06 12:55:11 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\EurekaLog
[2012.06.27 08:27:05 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Avira
[2012.06.27 08:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.27 08:21:27 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.06.27 08:21:27 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.06.27 08:21:27 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.06.27 08:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.27 08:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.06.26 12:15:07 | 000,000,000 | ---D | C] -- C:\Users\JoeCool\AppData\Roaming\Temp
[2012.06.26 12:02:02 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2012.06.26 12:02:02 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2012.06.26 12:02:01 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2012.06.26 12:02:01 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2012.06.26 12:02:01 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2012.06.26 11:33:00 | 000,000,000 | ---D | C] -- C:\2c9c9d0d276235ed2517d9b428
[2012.06.25 13:07:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BMWi-Businessplaner
[2012.06.25 13:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BMWi-Businessplaner
[2009.10.23 08:50:09 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.23 21:00:38 | 000,000,344 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012.07.23 20:36:07 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.23 20:36:07 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.23 20:32:59 | 001,867,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.23 20:32:59 | 000,797,892 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.23 20:32:59 | 000,735,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.23 20:32:59 | 000,185,634 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.23 20:32:59 | 000,148,698 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.23 20:28:25 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012.07.23 20:27:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.23 20:27:00 | 1556,279,296 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.23 20:06:13 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.23 19:46:14 | 004,582,474 | R--- | M] (Swearware) -- C:\Users\JoeCool\Desktop\ComboFix.exe
[2012.07.23 11:23:48 | 002,322,184 | ---- | M] (ESET) -- C:\Users\JoeCool\Desktop\esetsmartinstaller_enu.exe
[2012.07.23 10:11:51 | 000,005,064 | ---- | M] () -- C:\Users\JoeCool\Desktop\Desktop.zip
[2012.07.23 07:25:51 | 139,009,208 | ---- | M] (Emsisoft GmbH                                              ) -- C:\Users\JoeCool\Desktop\EmsisoftAntiMalwareSetup.exe
[2012.07.22 20:01:03 | 000,190,740 | ---- | M] () -- C:\Users\JoeCool\Desktop\Whisky.jpg
[2012.07.22 18:41:34 | 000,443,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.22 18:13:38 | 001,845,404 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.22 15:12:55 | 000,003,152 | ---- | M] () -- C:\Users\JoeCool\Desktop\07222012_145700.zip
[2012.07.22 11:02:56 | 000,036,665 | ---- | M] () -- C:\Users\JoeCool\Desktop\OTL_Logfiles.zip
[2012.07.22 10:39:25 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.22 09:50:32 | 000,632,049 | ---- | M] () -- C:\Users\JoeCool\Desktop\adwcleaner.exe
[2012.07.22 09:39:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\JoeCool\Desktop\OTL.exe
[2012.07.21 12:03:34 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.07.21 12:03:34 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.07.19 16:10:34 | 002,686,168 | ---- | M] () -- C:\Users\JoeCool\Desktop\Whisky.gif
[2012.07.17 18:10:48 | 000,000,051 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\blckdom.res
[2012.07.17 16:52:52 | 001,269,795 | ---- | M] () -- C:\Users\JoeCool\Desktop\Overwatch.pdf
[2012.07.17 12:51:54 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.14 16:09:00 | 000,000,011 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\urhtps.dat
[2012.07.13 23:00:55 | 000,007,030 | ---- | M] () -- C:\Users\JoeCool\Desktop\avatar-2910.jpg
[2012.07.05 23:03:34 | 000,028,648 | ---- | M] () -- C:\Users\JoeCool\Desktop\gj9jsfoy.jpg
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.27 08:21:39 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.25 13:07:29 | 000,001,356 | ---- | M] () -- C:\Users\Public\Desktop\BMWi-Businessplaner Gründung.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.23 19:53:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.23 19:53:07 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.23 19:53:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.23 19:53:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.23 19:53:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.23 10:11:51 | 000,005,064 | ---- | C] () -- C:\Users\JoeCool\Desktop\Desktop.zip
[2012.07.22 20:01:03 | 000,190,740 | ---- | C] () -- C:\Users\JoeCool\Desktop\Whisky.jpg
[2012.07.22 16:38:03 | 001,845,404 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.22 15:12:55 | 000,003,152 | ---- | C] () -- C:\Users\JoeCool\Desktop\07222012_145700.zip
[2012.07.22 11:02:56 | 000,036,665 | ---- | C] () -- C:\Users\JoeCool\Desktop\OTL_Logfiles.zip
[2012.07.22 09:50:26 | 000,632,049 | ---- | C] () -- C:\Users\JoeCool\Desktop\adwcleaner.exe
[2012.07.21 14:13:58 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012.07.19 16:10:33 | 002,686,168 | ---- | C] () -- C:\Users\JoeCool\Desktop\Whisky.gif
[2012.07.17 18:12:51 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.17 16:52:00 | 001,269,795 | ---- | C] () -- C:\Users\JoeCool\Desktop\Overwatch.pdf
[2012.07.17 12:51:54 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.07.14 16:09:00 | 000,000,011 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\urhtps.dat
[2012.07.13 23:00:51 | 000,007,030 | ---- | C] () -- C:\Users\JoeCool\Desktop\avatar-2910.jpg
[2012.07.12 14:04:50 | 000,000,051 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\blckdom.res
[2012.07.05 23:03:25 | 000,028,648 | ---- | C] () -- C:\Users\JoeCool\Desktop\gj9jsfoy.jpg
[2012.06.27 08:21:39 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.25 13:07:29 | 000,001,356 | ---- | C] () -- C:\Users\Public\Desktop\BMWi-Businessplaner Gründung.lnk
[2012.06.12 16:29:06 | 000,000,790 | ---- | C] () -- C:\Windows\slog.dll
[2012.06.10 12:17:44 | 000,007,469 | ---- | C] () -- C:\Users\JoeCool\AppData\Local\recently-used.xbel
[2012.06.02 10:45:11 | 000,001,650 | ---- | C] () -- C:\Windows\mozver.dat
[2012.05.28 10:40:39 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll
[2012.05.12 11:11:41 | 000,038,425 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2012.04.28 10:54:37 | 000,000,039 | ---- | C] () -- C:\Windows\combit.ini
[2012.04.24 14:01:04 | 000,000,277 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.04.24 13:49:28 | 000,350,208 | ---- | C] () -- C:\Windows\SysWow64\EloOpenOffice.dll
[2012.04.24 13:49:28 | 000,163,160 | ---- | C] () -- C:\Windows\SysWow64\ELOComRes.dll
[2012.04.24 13:49:22 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\fteh006n.dll
[2012.04.24 13:45:17 | 000,000,000 | ---- | C] () -- C:\Windows\FULINST.INI
[2012.03.04 12:10:42 | 000,000,782 | ---- | C] () -- C:\Windows\wininit.ini
[2012.01.25 14:49:20 | 000,000,000 | ---- | C] () -- C:\Windows\OPPRIN~1.INI
[2012.01.25 14:27:17 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.12.23 21:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.07.19 10:16:33 | 000,239,616 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2011.07.19 10:16:33 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2011.05.20 08:59:18 | 000,038,441 | ---- | C] () -- C:\Users\JoeCool\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.05.17 12:28:58 | 000,245,354 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.05.17 12:28:58 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.05.04 11:04:31 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.05.04 11:04:31 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.04.22 07:17:18 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.04.15 12:34:30 | 000,007,598 | ---- | C] () -- C:\Users\JoeCool\AppData\Local\Resmon.ResmonCfg
[2011.04.07 17:19:01 | 000,000,344 | ---- | C] () -- C:\Windows\lgfwup.ini
[2010.12.16 22:29:02 | 000,000,316 | ---- | C] () -- C:\Windows\Jelly.ini
[2010.11.07 11:54:25 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.09.06 09:19:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010.09.06 09:19:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010.09.06 09:19:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010.09.06 09:19:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2009.12.25 13:30:39 | 000,006,144 | ---- | C] () -- C:\Users\JoeCool\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2012.07.23 20:28:06 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\1&1
[2012.07.12 14:05:00 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.022
[2012.07.12 20:42:42 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.023
[2012.07.14 07:29:50 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.024
[2012.07.15 09:54:10 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.025
[2012.07.17 18:00:21 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.026
[2012.07.22 12:03:14 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Ad-Aware Antivirus
[2012.01.01 16:06:20 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\BitTorrent
[2011.12.03 14:00:09 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Canon
[2012.04.28 10:47:26 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\combit
[2012.05.11 17:22:02 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\DataDesign
[2012.06.07 08:17:20 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\DesktopIconForAmazon
[2011.07.19 09:25:03 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Easeware
[2012.05.15 12:18:16 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\elsterformular
[2012.07.06 12:55:11 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\EurekaLog
[2012.06.06 23:02:16 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\FileZilla
[2009.12.26 16:09:43 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\GameConsole
[2010.12.16 20:31:53 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\GetRightToGo
[2012.04.20 13:00:42 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\gtk-2.0
[2011.07.19 12:54:09 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Haufe
[2012.06.09 10:41:37 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Hulubulu
[2012.05.13 17:15:00 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\inkscape
[2010.03.07 22:14:18 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\innoPlus
[2012.07.21 11:59:43 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\IrfanView
[2011.04.16 09:03:12 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\JAM Software
[2012.04.24 10:13:46 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\julitec
[2012.07.12 14:04:30 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\kock
[2012.05.20 19:34:26 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\KompoZer
[2012.06.02 10:51:38 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\kompozer.net
[2010.04.01 09:10:16 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Lexware
[2011.04.02 09:51:58 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\LG Electronics
[2012.02.04 09:15:08 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Netpas
[2012.05.18 20:35:05 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Nvu
[2011.04.22 07:57:21 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Participatory Culture Foundation
[2011.04.22 07:59:13 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\PCF-VLC
[2009.12.25 12:58:37 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\PMS
[2011.07.19 09:11:55 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\ProtectDisc
[2011.02.13 08:20:43 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\RayV
[2012.01.24 16:36:11 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Samsung
[2012.05.13 16:50:54 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Scribus
[2012.06.10 12:30:58 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Serif
[2012.06.09 11:39:52 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\SmartTools
[2012.04.18 10:39:12 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\TeamViewer
[2012.06.26 12:22:56 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Temp
[2011.12.11 11:43:10 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\TuneUp Software
[2012.07.17 12:54:51 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\xmldm
[2012.05.31 14:56:55 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\XMLmind
[2011.12.14 08:32:04 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.07.23 20:28:06 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\1&1
[2012.07.12 14:05:00 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.022
[2012.07.12 20:42:42 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.023
[2012.07.14 07:29:50 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.024
[2012.07.15 09:54:10 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.025
[2012.07.17 18:00:21 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\13001.026
[2012.07.22 12:03:14 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Ad-Aware Antivirus
[2012.06.25 13:07:03 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Adobe
[2011.12.25 19:25:01 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Apple Computer
[2012.06.27 08:27:05 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Avira
[2012.01.01 16:06:20 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\BitTorrent
[2011.12.03 14:00:09 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Canon
[2012.04.28 10:47:26 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\combit
[2011.04.07 17:45:36 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\CyberLink
[2012.05.11 17:22:02 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\DataDesign
[2012.06.07 08:17:20 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\DesktopIconForAmazon
[2011.07.19 09:25:03 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Easeware
[2012.05.15 12:18:16 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\elsterformular
[2012.07.06 12:55:11 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\EurekaLog
[2012.06.06 23:02:16 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\FileZilla
[2009.12.26 16:09:43 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\GameConsole
[2010.12.16 20:31:53 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\GetRightToGo
[2009.12.09 20:14:46 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Google
[2012.06.12 11:18:33 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Google_Toolbar
[2012.04.20 13:00:42 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\gtk-2.0
[2011.07.19 12:54:09 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Haufe
[2011.05.17 12:54:54 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\HP
[2012.06.09 10:41:37 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Hulubulu
[2009.12.09 20:06:35 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Identities
[2012.05.13 17:15:00 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\inkscape
[2010.03.07 22:14:18 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\innoPlus
[2010.04.01 09:07:41 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\InstallShield
[2010.02.22 19:57:46 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Intel
[2011.07.19 10:25:34 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Intel Corporation
[2012.07.21 11:59:43 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\IrfanView
[2011.04.16 09:03:12 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\JAM Software
[2012.04.24 10:13:46 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\julitec
[2012.07.12 14:04:30 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\kock
[2012.05.20 19:34:26 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\KompoZer
[2012.06.02 10:51:38 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\kompozer.net
[2010.04.01 09:10:16 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Lexware
[2011.04.02 09:51:58 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\LG Electronics
[2009.12.09 20:07:17 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Macromedia
[2011.12.02 12:13:57 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Media Center Programs
[2012.06.21 07:48:17 | 000,000,000 | --SD | M] -- C:\Users\JoeCool\AppData\Roaming\Microsoft
[2011.04.22 07:17:37 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Mozilla
[2010.08.15 12:19:32 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Mozilla-Cache
[2012.02.04 09:15:08 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Netpas
[2012.05.18 20:35:05 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Nvu
[2011.04.22 07:57:21 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Participatory Culture Foundation
[2011.04.22 07:59:13 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\PCF-VLC
[2009.12.25 12:58:37 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\PMS
[2011.07.19 09:11:55 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\ProtectDisc
[2011.02.13 08:20:43 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\RayV
[2012.01.24 16:36:11 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Samsung
[2012.05.13 16:50:54 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Scribus
[2012.06.10 12:30:58 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Serif
[2012.07.22 14:44:59 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Skype
[2012.06.09 11:39:52 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\SmartTools
[2012.04.18 10:39:12 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\TeamViewer
[2012.06.26 12:22:56 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\Temp
[2011.12.11 11:43:10 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\TuneUp Software
[2010.02.14 12:18:39 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\WinRAR
[2012.07.17 12:54:51 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\xmldm
[2012.05.31 14:56:55 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\XMLmind
[2012.01.25 14:59:24 | 000,000,000 | ---D | M] -- C:\Users\JoeCool\AppData\Roaming\ZoomBrowser EX
 
< %APPDATA%\*.exe /s >
[2012.01.25 14:27:14 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\JoeCool\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2011.07.19 09:28:17 | 001,488,632 | ---- | M] (Packard Bell B.V.                                          ) -- C:\Users\JoeCool\AppData\Roaming\Easeware\DriverEasy\drivers\zxn35q1l.mhb\NF750i_Chipset_Vista64_v9.60.exe
[2009.06.04 13:51:24 | 001,413,256 | R--- | M] () -- C:\Users\JoeCool\AppData\Roaming\Microsoft\Windows\Templates\D\USBAutoRun.exe
[2009.05.12 08:46:36 | 000,212,992 | R--- | M] () -- C:\Users\JoeCool\AppData\Roaming\Microsoft\Windows\Templates\D\tools\LGSetCDROMAutoRun.exe
[2012.04.11 22:08:20 | 000,255,376 | ---- | M] (Visicom Media Inc.) -- C:\Users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\ohbo7nap.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe
[2012.04.11 22:08:20 | 000,255,376 | ---- | M] (Visicom Media Inc.) -- C:\Users\JoeCool\AppData\Roaming\Mozilla\Firefox\Profiles\v2v7uv93.default-1339507078693\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\dtUser.exe
[2012.02.25 10:20:17 | 000,106,408 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe
[2012.02.25 10:20:17 | 000,101,288 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe
[2012.02.25 10:20:18 | 000,021,416 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe
[2012.02.22 07:57:00 | 000,943,504 | ---- | M] (Samsung) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2012.02.22 07:57:04 | 000,278,928 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2012.02.01 10:17:02 | 000,308,224 | ---- | M] (Samsung) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe
[2012.02.22 07:57:02 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2011.12.23 21:59:48 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe
[2012.01.31 11:16:12 | 000,290,816 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2012.01.31 11:16:12 | 000,693,248 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2012.02.22 07:57:06 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2012.02.25 10:20:17 | 000,106,408 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2012.02.25 10:20:17 | 000,101,288 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2012.02.22 07:57:10 | 000,131,984 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.02.25 10:20:18 | 000,021,416 | ---- | M] () -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2012.02.22 07:57:12 | 003,570,312 | ---- | M] (Freeware) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2011.12.23 21:58:10 | 024,123,656 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012.02.22 07:57:14 | 000,371,088 | ---- | M] (ml) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.06.08 13:02:14 | 000,371,128 | ---- | M] (ml) -- C:\Users\JoeCool\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Users\JoeCool\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20110719T081044360817\pci\ven_8086&dev_2929&cc_0106\iaStor.sys
[2010.09.13 18:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Users\JoeCool\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20110719T082719517489\pci\ven_8086&dev_2929&cc_0106\iaStor.sys
[2010.09.13 18:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.09.13 18:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2008.02.11 20:00:46 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=63B7838E9C272BAAA7B33A0CA4EBB748 -- C:\Drivers\Chipset_9.60\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\erdnt\cache64\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache86\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >
--- --- ---

t'john 23.07.2012 23:48
Ja, wir sind bald durch :)

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL

:Files

C:\Users\JoeCool\AppData\Roaming\kock

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

JoeCool 24.07.2012 06:56
Moin John,

Unten das neue Log.
Was mir aufgefallen ist:
- Rechner startet deutlich schneller
- Nach Neustart wollen "Aplle Applications (I-Tunes), LG (externes DVD) und Office Drive (Cloud Services) immer neue Treiber installieren. Hab das mal zugelassen, kommt aber nach jedem neustart wieder. Bzw. bei Apple kommt, das ich Itunes deinstallieren und dann neu installieren soll.

Code:
All processes killed
========== OTL ==========
========== FILES ==========
C:\Users\JoeCool\AppData\Roaming\kock folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\JoeCool\Desktop\cmd.bat deleted successfully.
C:\Users\JoeCool\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Hanni
->Temp folder emptied: 0 bytes
 
User: JoeCool
->Temp folder emptied: 184410 bytes
->Temporary Internet Files folder emptied: 65950 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 62093392 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1115 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2947 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 59,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Hanni
 
User: JoeCool
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.2.54.0 log created on 07242012_074645

Files\Folders moved on Reboot...
C:\Users\JoeCool\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\JoeCool\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
Moin John,
wie gehts denn weiter?

t'john 25.07.2012 00:54
Apple kannst du re-installieren.


TDSSKiller von Kaspersky
- Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
- Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
- deaktiviere vorübergehend dein AntiVirus-Programm
- Starte die TDSSKiller.exe durch Doppelklick.
- Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
- Bestätige das ggfs. mit Y(es).
- Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
- Poste den Inhalt von C:\TDSSKiller.txt hier in den Thread.
Hier findest Du eine ausführlichere TDSSKiller Anleitung.

JoeCool 25.07.2012 07:25
Moin!

also meine Screens bei TDSS sehen etwas anders aus als in der Anleitung und nach Neustart wurde ich auch nicht gefragt.

Hier das LOG:

Code:
08:19:27.0378 1964        TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
08:19:27.0596 1964        ============================================================
08:19:27.0596 1964        Current date / time: 2012/07/25 08:19:27.0596
08:19:27.0596 1964        SystemInfo:
08:19:27.0596 1964       
08:19:27.0596 1964        OS Version: 6.1.7601 ServicePack: 1.0
08:19:27.0596 1964        Product type: Workstation
08:19:27.0596 1964        ComputerName: ACER-NETBOOK
08:19:27.0596 1964        UserName: JoeCool
08:19:27.0596 1964        Windows directory: C:\Windows
08:19:27.0596 1964        System windows directory: C:\Windows
08:19:27.0596 1964        Running under WOW64
08:19:27.0596 1964        Processor architecture: Intel x64
08:19:27.0596 1964        Number of processors: 2
08:19:27.0596 1964        Page size: 0x1000
08:19:27.0596 1964        Boot type: Normal boot
08:19:27.0596 1964        ============================================================
08:19:29.0562 1964        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:19:29.0624 1964        Drive \Device\Harddisk1\DR1 - Size: 0x1E0F00000 (7.51 Gb), SectorSize: 0x200, Cylinders: 0x3D4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:19:29.0624 1964        ============================================================
08:19:29.0624 1964        \Device\Harddisk0\DR0:
08:19:29.0624 1964        MBR partitions:
08:19:29.0624 1964        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000
08:19:29.0624 1964        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x1B992800
08:19:29.0624 1964        \Device\Harddisk1\DR1:
08:19:29.0624 1964        MBR partitions:
08:19:29.0624 1964        \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xF05800
08:19:29.0624 1964        ============================================================
08:19:29.0734 1964        C: <-> \Device\Harddisk0\DR0\Partition1
08:19:29.0734 1964        ============================================================
08:19:29.0734 1964        Initialize success
08:19:29.0734 1964        ============================================================
08:19:58.0001 5428        ============================================================
08:19:58.0001 5428        Scan started
08:19:58.0001 5428        Mode: Manual;
08:19:58.0001 5428        ============================================================
08:20:00.0996 5428        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:20:01.0012 5428        1394ohci - ok
08:20:01.0074 5428        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:20:01.0090 5428        ACPI - ok
08:20:01.0136 5428        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:20:01.0136 5428        AcpiPmi - ok
08:20:01.0277 5428        Ad-Aware Service (af9658974154c3b6a333d86dc2e0aac8) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
08:20:01.0324 5428        Ad-Aware Service - ok
08:20:01.0495 5428        AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:20:01.0511 5428        AdobeFlashPlayerUpdateSvc - ok
08:20:01.0667 5428        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
08:20:01.0682 5428        adp94xx - ok
08:20:01.0745 5428        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
08:20:01.0745 5428        adpahci - ok
08:20:01.0792 5428        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
08:20:01.0792 5428        adpu320 - ok
08:20:01.0823 5428        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:20:01.0823 5428        AeLookupSvc - ok
08:20:01.0901 5428        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:20:01.0916 5428        AFD - ok
08:20:01.0979 5428        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:20:01.0979 5428        agp440 - ok
08:20:02.0010 5428        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:20:02.0026 5428        ALG - ok
08:20:02.0041 5428        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:20:02.0057 5428        aliide - ok
08:20:02.0057 5428        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:20:02.0072 5428        amdide - ok
08:20:02.0104 5428        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
08:20:02.0119 5428        AmdK8 - ok
08:20:02.0135 5428        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
08:20:02.0135 5428        AmdPPM - ok
08:20:02.0182 5428        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:20:02.0182 5428        amdsata - ok
08:20:02.0244 5428        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
08:20:02.0260 5428        amdsbs - ok
08:20:02.0275 5428        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:20:02.0275 5428        amdxata - ok
08:20:02.0338 5428        AMPPAL          (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\AMPPAL.sys
08:20:02.0353 5428        AMPPAL - ok
08:20:02.0369 5428        AMPPALP        (7d9e301ab3247765702d0b65e2e47e50) C:\Windows\system32\DRIVERS\amppal.sys
08:20:02.0369 5428        AMPPALP - ok
08:20:02.0587 5428        AMPPALR3        (576134e43169810b560f0bb6fdee13f5) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
08:20:02.0634 5428        AMPPALR3 - ok
08:20:02.0790 5428        AmUStor        (391887990cdaa83de5c56c3fde966da1) C:\Windows\system32\drivers\AmUStor.SYS
08:20:02.0790 5428        AmUStor - ok
08:20:02.0915 5428        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
08:20:02.0930 5428        AntiVirSchedulerService - ok
08:20:02.0977 5428        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
08:20:02.0977 5428        AntiVirService - ok
08:20:03.0040 5428        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:20:03.0040 5428        AppID - ok
08:20:03.0071 5428        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:20:03.0086 5428        AppIDSvc - ok
08:20:03.0118 5428        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:20:03.0118 5428        Appinfo - ok
08:20:03.0180 5428        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
08:20:03.0180 5428        arc - ok
08:20:03.0196 5428        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
08:20:03.0196 5428        arcsas - ok
08:20:03.0289 5428        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:20:03.0336 5428        aspnet_state - ok
08:20:03.0367 5428        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:20:03.0367 5428        AsyncMac - ok
08:20:03.0414 5428        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:20:03.0414 5428        atapi - ok
08:20:03.0508 5428        athr            (88a02b6046356e6be4e387faa7451439) C:\Windows\system32\DRIVERS\athrx.sys
08:20:03.0586 5428        athr - ok
08:20:03.0773 5428        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:20:03.0820 5428        AudioEndpointBuilder - ok
08:20:03.0835 5428        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:20:03.0835 5428        AudioSrv - ok
08:20:03.0913 5428        avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
08:20:03.0913 5428        avgntflt - ok
08:20:03.0960 5428        avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
08:20:03.0976 5428        avipbb - ok
08:20:03.0991 5428        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
08:20:03.0991 5428        avkmgr - ok
08:20:04.0054 5428        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:20:04.0069 5428        AxInstSV - ok
08:20:04.0132 5428        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
08:20:04.0163 5428        b06bdrv - ok
08:20:04.0225 5428        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:20:04.0241 5428        b57nd60a - ok
08:20:04.0272 5428        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:20:04.0272 5428        BDESVC - ok
08:20:04.0288 5428        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:20:04.0303 5428        Beep - ok
08:20:04.0381 5428        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:20:04.0412 5428        BFE - ok
08:20:04.0459 5428        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
08:20:04.0537 5428        BITS - ok
08:20:04.0600 5428        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:20:04.0600 5428        blbdrive - ok
08:20:04.0693 5428        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
08:20:04.0724 5428        Bonjour Service - ok
08:20:04.0771 5428        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:20:04.0771 5428        bowser - ok
08:20:04.0802 5428        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:20:04.0818 5428        BrFiltLo - ok
08:20:04.0834 5428        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:20:04.0834 5428        BrFiltUp - ok
08:20:04.0880 5428        BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:20:04.0880 5428        BridgeMP - ok
08:20:04.0927 5428        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:20:04.0927 5428        Browser - ok
08:20:04.0974 5428        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:20:04.0990 5428        Brserid - ok
08:20:05.0005 5428        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:20:05.0005 5428        BrSerWdm - ok
08:20:05.0021 5428        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:20:05.0036 5428        BrUsbMdm - ok
08:20:05.0036 5428        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:20:05.0052 5428        BrUsbSer - ok
08:20:05.0083 5428        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
08:20:05.0083 5428        BthEnum - ok
08:20:05.0114 5428        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
08:20:05.0114 5428        BTHMODEM - ok
08:20:05.0130 5428        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
08:20:05.0130 5428        BthPan - ok
08:20:05.0192 5428        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
08:20:05.0224 5428        BTHPORT - ok
08:20:05.0255 5428        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:20:05.0255 5428        bthserv - ok
08:20:05.0395 5428        BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
08:20:05.0395 5428        BTHSSecurityMgr - ok
08:20:05.0442 5428        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
08:20:05.0442 5428        BTHUSB - ok
08:20:05.0458 5428        catchme - ok
08:20:05.0489 5428        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:20:05.0489 5428        cdfs - ok
08:20:05.0551 5428        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:20:05.0551 5428        cdrom - ok
08:20:05.0582 5428        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:20:05.0598 5428        CertPropSvc - ok
08:20:05.0645 5428        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
08:20:05.0645 5428        circlass - ok
08:20:05.0676 5428        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:20:05.0692 5428        CLFS - ok
08:20:05.0770 5428        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:20:05.0770 5428        clr_optimization_v2.0.50727_32 - ok
08:20:05.0801 5428        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:20:05.0816 5428        clr_optimization_v2.0.50727_64 - ok
08:20:05.0894 5428        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:20:06.0066 5428        clr_optimization_v4.0.30319_32 - ok
08:20:06.0128 5428        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:20:06.0269 5428        clr_optimization_v4.0.30319_64 - ok
08:20:06.0300 5428        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
08:20:06.0316 5428        CmBatt - ok
08:20:06.0347 5428        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:20:06.0347 5428        cmdide - ok
08:20:06.0394 5428        CNG            (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
08:20:06.0409 5428        CNG - ok
08:20:06.0440 5428        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
08:20:06.0440 5428        Compbatt - ok
08:20:06.0487 5428        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:20:06.0487 5428        CompositeBus - ok
08:20:06.0503 5428        COMSysApp - ok
08:20:06.0596 5428        cpudrv64        (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
08:20:06.0596 5428        cpudrv64 - ok
08:20:06.0612 5428        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
08:20:06.0612 5428        crcdisk - ok
08:20:06.0674 5428        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
08:20:06.0674 5428        CryptSvc - ok
08:20:06.0737 5428        DBService      (48297bf3339bc56dd7d7524d7a1740aa) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
08:20:06.0752 5428        DBService - ok
08:20:06.0830 5428        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:20:06.0862 5428        DcomLaunch - ok
08:20:06.0908 5428        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:20:06.0924 5428        defragsvc - ok
08:20:06.0955 5428        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:20:06.0971 5428        DfsC - ok
08:20:07.0018 5428        dgderdrv        (def365f0f6e017888c4b869d3ba4b8e0) C:\Windows\system32\drivers\dgderdrv.sys
08:20:07.0018 5428        dgderdrv - ok
08:20:07.0049 5428        dgdersvc        (bc3c53000adcd440f1b23e46dac302ef) C:\Windows\system32\dgdersvc.exe
08:20:07.0049 5428        dgdersvc - ok
08:20:07.0127 5428        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:20:07.0142 5428        Dhcp - ok
08:20:07.0158 5428        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:20:07.0174 5428        discache - ok
08:20:07.0205 5428        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
08:20:07.0205 5428        Disk - ok
08:20:07.0330 5428        DKbFltr        (d5bcb77be83cf99f508943945d46343d) C:\Windows\syswow64\Drivers\DKbFltr.sys
08:20:07.0330 5428        DKbFltr - ok
08:20:07.0376 5428        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:20:07.0376 5428        Dnscache - ok
08:20:07.0439 5428        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:20:07.0454 5428        dot3svc - ok
08:20:07.0501 5428        Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
08:20:07.0501 5428        Dot4 - ok
08:20:07.0548 5428        Dot4Print      (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
08:20:07.0548 5428        Dot4Print - ok
08:20:07.0564 5428        dot4usb        (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
08:20:07.0579 5428        dot4usb - ok
08:20:07.0626 5428        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:20:07.0626 5428        DPS - ok
08:20:07.0657 5428        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:20:07.0673 5428        drmkaud - ok
08:20:07.0751 5428        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:20:07.0798 5428        DXGKrnl - ok
08:20:07.0829 5428        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:20:07.0829 5428        EapHost - ok
08:20:08.0000 5428        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
08:20:08.0110 5428        ebdrv - ok
08:20:08.0219 5428        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:20:08.0219 5428        EFS - ok
08:20:08.0297 5428        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:20:08.0328 5428        ehRecvr - ok
08:20:08.0359 5428        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:20:08.0359 5428        ehSched - ok
08:20:08.0437 5428        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
08:20:08.0453 5428        elxstor - ok
08:20:08.0578 5428        ePowerSvc      (fb67aa8ac61b9365add546139a21bed6) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
08:20:08.0609 5428        ePowerSvc - ok
08:20:08.0734 5428        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:20:08.0734 5428        ErrDev - ok
08:20:08.0812 5428        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:20:08.0843 5428        EventSystem - ok
08:20:09.0014 5428        EvtEng          (e3a96d5ae6e5c7b5472011ba77353368) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
08:20:09.0061 5428        EvtEng - ok
08:20:09.0170 5428        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:20:09.0170 5428        exfat - ok
08:20:09.0202 5428        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:20:09.0217 5428        fastfat - ok
08:20:09.0295 5428        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:20:09.0326 5428        Fax - ok
08:20:09.0358 5428        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
08:20:09.0358 5428        fdc - ok
08:20:09.0389 5428        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:20:09.0404 5428        fdPHost - ok
08:20:09.0420 5428        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:20:09.0420 5428        FDResPub - ok
08:20:09.0436 5428        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:20:09.0451 5428        FileInfo - ok
08:20:09.0467 5428        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:20:09.0467 5428        Filetrace - ok
08:20:09.0482 5428        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
08:20:09.0482 5428        flpydisk - ok
08:20:09.0545 5428        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:20:09.0560 5428        FltMgr - ok
08:20:09.0638 5428        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:20:09.0670 5428        FontCache - ok
08:20:09.0732 5428        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:20:09.0748 5428        FontCache3.0.0.0 - ok
08:20:09.0794 5428        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:20:09.0794 5428        FsDepends - ok
08:20:09.0841 5428        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:20:09.0841 5428        Fs_Rec - ok
08:20:09.0888 5428        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:20:09.0904 5428        fvevol - ok
08:20:09.0919 5428        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
08:20:09.0919 5428        gagp30kx - ok
08:20:09.0982 5428        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
08:20:09.0982 5428        GEARAspiWDM - ok
08:20:10.0044 5428        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:20:10.0091 5428        gpsvc - ok
08:20:10.0200 5428        Greg_Service    (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
08:20:10.0247 5428        Greg_Service - ok
08:20:10.0356 5428        gupdate        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:20:10.0356 5428        gupdate - ok
08:20:10.0372 5428        gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:20:10.0387 5428        gupdatem - ok
08:20:10.0434 5428        gusvc          (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:20:10.0450 5428        gusvc - ok
08:20:10.0590 5428        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:20:10.0590 5428        hcw85cir - ok
08:20:10.0652 5428        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:20:10.0684 5428        HdAudAddService - ok
08:20:10.0730 5428        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:20:10.0746 5428        HDAudBus - ok
08:20:10.0762 5428        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
08:20:10.0762 5428        HidBatt - ok
08:20:10.0777 5428        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
08:20:10.0793 5428        HidBth - ok
08:20:10.0793 5428        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
08:20:10.0808 5428        HidIr - ok
08:20:10.0824 5428        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
08:20:10.0824 5428        hidserv - ok
08:20:10.0902 5428        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:20:10.0902 5428        HidUsb - ok
08:20:10.0964 5428        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:20:10.0964 5428        hkmsvc - ok
08:20:11.0011 5428        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:20:11.0042 5428        HomeGroupListener - ok
08:20:11.0089 5428        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:20:11.0105 5428        HomeGroupProvider - ok
08:20:11.0152 5428        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:20:11.0152 5428        HpSAMD - ok
08:20:11.0323 5428        HPSLPSVC        (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
08:20:11.0370 5428        HPSLPSVC - ok
08:20:11.0448 5428        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:20:11.0479 5428        HTTP - ok
08:20:11.0526 5428        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:20:11.0526 5428        hwpolicy - ok
08:20:11.0589 5428        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:20:11.0589 5428        i8042prt - ok
08:20:11.0635 5428        iaStor          (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
08:20:11.0635 5428        iaStor - ok
08:20:11.0745 5428        IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
08:20:11.0745 5428        IAStorDataMgrSvc - ok
08:20:11.0807 5428        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:20:11.0823 5428        iaStorV - ok
08:20:11.0932 5428        IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
08:20:11.0932 5428        IDriverT - ok
08:20:12.0041 5428        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:20:12.0103 5428        idsvc - ok
08:20:12.0525 5428        igfx            (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
08:20:12.0712 5428        igfx - ok
08:20:12.0837 5428        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
08:20:12.0852 5428        iirsp - ok
08:20:12.0961 5428        IJPLMSVC        (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
08:20:12.0961 5428        IJPLMSVC - ok
08:20:13.0039 5428        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:20:13.0086 5428        IKEEXT - ok
08:20:13.0164 5428        int15.sys      (8c7fa71cb1ebcd3ede8958d27b1bf0b4) C:\Windows\System32\OEM\Factory\int15.sys
08:20:13.0180 5428        int15.sys - ok
08:20:13.0367 5428        IntcAzAudAddService (404561d4ee0cae109379a40247046b03) C:\Windows\system32\drivers\RTKVHD64.sys
08:20:13.0476 5428        IntcAzAudAddService - ok
08:20:13.0617 5428        IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
08:20:13.0617 5428        IntcHdmiAddService - ok
08:20:13.0663 5428        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:20:13.0663 5428        intelide - ok
08:20:13.0695 5428        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:20:13.0695 5428        intelppm - ok
08:20:13.0741 5428        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:20:13.0741 5428        IPBusEnum - ok
08:20:13.0773 5428        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:20:13.0788 5428        IpFilterDriver - ok
08:20:13.0835 5428        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:20:13.0866 5428        iphlpsvc - ok
08:20:13.0913 5428        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:20:13.0913 5428        IPMIDRV - ok
08:20:13.0944 5428        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:20:13.0960 5428        IPNAT - ok
08:20:14.0053 5428        iPod Service    (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
08:20:14.0100 5428        iPod Service - ok
08:20:14.0131 5428        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:20:14.0131 5428        IRENUM - ok
08:20:14.0163 5428        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:20:14.0163 5428        isapnp - ok
08:20:14.0225 5428        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:20:14.0241 5428        iScsiPrt - ok
08:20:14.0256 5428        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:20:14.0256 5428        kbdclass - ok
08:20:14.0287 5428        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:20:14.0287 5428        kbdhid - ok
08:20:14.0334 5428        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:20:14.0334 5428        KeyIso - ok
08:20:14.0350 5428        KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
08:20:14.0350 5428        KSecDD - ok
08:20:14.0381 5428        KSecPkg        (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
08:20:14.0381 5428        KSecPkg - ok
08:20:14.0428 5428        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:20:14.0428 5428        ksthunk - ok
08:20:14.0475 5428        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:20:14.0506 5428        KtmRm - ok
08:20:14.0537 5428        L1C            (0e154da6ca9105354a07d0c576804037) C:\Windows\system32\DRIVERS\L1C62x64.sys
08:20:14.0537 5428        L1C - ok
08:20:14.0599 5428        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
08:20:14.0615 5428        LanmanServer - ok
08:20:14.0662 5428        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:20:14.0677 5428        LanmanWorkstation - ok
08:20:14.0724 5428        Lbd - ok
08:20:14.0740 5428        LgBttPort - ok
08:20:14.0755 5428        lgbusenum - ok
08:20:14.0755 5428        LGVMODEM - ok
08:20:14.0802 5428        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:20:14.0818 5428        lltdio - ok
08:20:14.0849 5428        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:20:14.0865 5428        lltdsvc - ok
08:20:14.0896 5428        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:20:14.0896 5428        lmhosts - ok
08:20:14.0927 5428        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
08:20:14.0927 5428        LSI_FC - ok
08:20:14.0958 5428        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
08:20:14.0974 5428        LSI_SAS - ok
08:20:14.0989 5428        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:20:14.0989 5428        LSI_SAS2 - ok
08:20:15.0021 5428        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:20:15.0021 5428        LSI_SCSI - ok
08:20:15.0052 5428        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:20:15.0067 5428        luafv - ok
08:20:15.0099 5428        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:20:15.0099 5428        Mcx2Svc - ok
08:20:15.0145 5428        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
08:20:15.0145 5428        megasas - ok
08:20:15.0192 5428        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
08:20:15.0208 5428        MegaSR - ok
08:20:15.0286 5428        Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
08:20:15.0286 5428        Microsoft Office Groove Audit Service - ok
08:20:15.0317 5428        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:20:15.0317 5428        MMCSS - ok
08:20:15.0348 5428        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:20:15.0348 5428        Modem - ok
08:20:15.0379 5428        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:20:15.0395 5428        monitor - ok
08:20:15.0442 5428        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:20:15.0442 5428        mouclass - ok
08:20:15.0457 5428        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:20:15.0473 5428        mouhid - ok
08:20:15.0504 5428        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:20:15.0504 5428        mountmgr - ok
08:20:15.0598 5428        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:20:15.0598 5428        MozillaMaintenance - ok
08:20:15.0645 5428        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:20:15.0645 5428        mpio - ok
08:20:15.0676 5428        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:20:15.0676 5428        mpsdrv - ok
08:20:15.0754 5428        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:20:15.0785 5428        MpsSvc - ok
08:20:15.0832 5428        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:20:15.0832 5428        MRxDAV - ok
08:20:15.0879 5428        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:20:15.0894 5428        mrxsmb - ok
08:20:15.0941 5428        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:20:15.0957 5428        mrxsmb10 - ok
08:20:15.0972 5428        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:20:15.0972 5428        mrxsmb20 - ok
08:20:16.0003 5428        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:20:16.0019 5428        msahci - ok
08:20:16.0050 5428        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:20:16.0050 5428        msdsm - ok
08:20:16.0097 5428        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:20:16.0097 5428        MSDTC - ok
08:20:16.0159 5428        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:20:16.0159 5428        Msfs - ok
08:20:16.0253 5428        msftesql$COMBIT_CRM (54819fc5c79e4b2c6e896f9de440494d) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
08:20:16.0269 5428        msftesql$COMBIT_CRM - ok
08:20:16.0284 5428        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:20:16.0284 5428        mshidkmdf - ok
08:20:16.0331 5428        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:20:16.0331 5428        msisadrv - ok
08:20:16.0378 5428        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:20:16.0378 5428        MSiSCSI - ok
08:20:16.0393 5428        msiserver - ok
08:20:16.0440 5428        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:20:16.0440 5428        MSKSSRV - ok
08:20:16.0440 5428        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:20:16.0440 5428        MSPCLOCK - ok
08:20:16.0456 5428        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:20:16.0456 5428        MSPQM - ok
08:20:16.0518 5428        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:20:16.0534 5428        MsRPC - ok
08:20:16.0581 5428        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:20:16.0581 5428        mssmbios - ok
08:20:16.0596 5428        MSSQL$COMBIT_CRM - ok
08:20:16.0659 5428        MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
08:20:16.0659 5428        MSSQLServerADHelper - ok
08:20:16.0690 5428        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:20:16.0690 5428        MSTEE - ok
08:20:16.0705 5428        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
08:20:16.0705 5428        MTConfig - ok
08:20:16.0737 5428        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:20:16.0737 5428        Mup - ok
08:20:16.0768 5428        mwlPSDFilter    (6ffecc25b39dc7652a0cec0ada9db589) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
08:20:16.0768 5428        mwlPSDFilter - ok
08:20:16.0799 5428        mwlPSDNServ    (0befe32ca56d6ee89d58175725596a85) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
08:20:16.0799 5428        mwlPSDNServ - ok
08:20:16.0815 5428        mwlPSDVDisk    (d43bc633b8660463e446e28e14a51262) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
08:20:16.0815 5428        mwlPSDVDisk - ok
08:20:16.0893 5428        MWLService      (2f139207f618ec2933830227eeffddb4) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe
08:20:16.0908 5428        MWLService - ok
08:20:16.0971 5428        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:20:16.0986 5428        napagent - ok
08:20:17.0049 5428        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:20:17.0064 5428        NativeWifiP - ok
08:20:17.0158 5428        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:20:17.0205 5428        NDIS - ok
08:20:17.0251 5428        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:20:17.0251 5428        NdisCap - ok
08:20:17.0283 5428        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:20:17.0283 5428        NdisTapi - ok
08:20:17.0329 5428        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:20:17.0345 5428        Ndisuio - ok
08:20:17.0392 5428        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:20:17.0392 5428        NdisWan - ok
08:20:17.0423 5428        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:20:17.0439 5428        NDProxy - ok
08:20:17.0501 5428        Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
08:20:17.0501 5428        Net Driver HPZ12 - ok
08:20:17.0532 5428        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:20:17.0548 5428        NetBIOS - ok
08:20:17.0595 5428        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:20:17.0610 5428        NetBT - ok
08:20:17.0641 5428        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:20:17.0641 5428        Netlogon - ok
08:20:17.0688 5428        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:20:17.0719 5428        Netman - ok
08:20:17.0797 5428        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:20:17.0813 5428        NetMsmqActivator - ok
08:20:17.0829 5428        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:20:17.0829 5428        NetPipeActivator - ok
08:20:17.0875 5428        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:20:17.0907 5428        netprofm - ok
08:20:18.0016 5428        netr28ux        (618c55b392238b9467f9113e13525c49) C:\Windows\system32\DRIVERS\netr28ux.sys
08:20:18.0078 5428        netr28ux - ok
08:20:18.0156 5428        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:20:18.0156 5428        NetTcpActivator - ok
08:20:18.0156 5428        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:20:18.0156 5428        NetTcpPortSharing - ok
08:20:18.0187 5428        NETw1v64 - ok
08:20:18.0546 5428        NETw5s64        (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
08:20:18.0718 5428        NETw5s64 - ok
08:20:19.0264 5428        NETwNs64        (50ad7f7040c22bb7caa59a0880875a21) C:\Windows\system32\DRIVERS\NETwNs64.sys
08:20:19.0498 5428        NETwNs64 - ok
08:20:19.0623 5428        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
08:20:19.0638 5428        nfrd960 - ok
08:20:19.0685 5428        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:20:19.0701 5428        NlaSvc - ok
08:20:19.0716 5428        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:20:19.0732 5428        Npfs - ok
08:20:19.0747 5428        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:20:19.0747 5428        nsi - ok
08:20:19.0779 5428        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:20:19.0779 5428        nsiproxy - ok
08:20:19.0903 5428        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:20:19.0950 5428        Ntfs - ok
08:20:20.0059 5428        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:20:20.0059 5428        Null - ok
08:20:20.0091 5428        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:20:20.0091 5428        nvraid - ok
08:20:20.0122 5428        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:20:20.0122 5428        nvstor - ok
08:20:20.0169 5428        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:20:20.0184 5428        nv_agp - ok
08:20:20.0293 5428        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:20:20.0325 5428        odserv - ok
08:20:20.0356 5428        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:20:20.0356 5428        ohci1394 - ok
08:20:20.0434 5428        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:20:20.0434 5428        ose - ok
08:20:20.0496 5428        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:20:20.0512 5428        p2pimsvc - ok
08:20:20.0543 5428        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:20:20.0574 5428        p2psvc - ok
08:20:20.0621 5428        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
08:20:20.0621 5428        Parport - ok
08:20:20.0637 5428        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:20:20.0652 5428        partmgr - ok
08:20:20.0668 5428        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:20:20.0668 5428        PcaSvc - ok
08:20:20.0730 5428        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:20:20.0730 5428        pci - ok
08:20:20.0746 5428        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:20:20.0746 5428        pciide - ok
08:20:20.0793 5428        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
08:20:20.0808 5428        pcmcia - ok
08:20:20.0824 5428        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:20:20.0839 5428        pcw - ok
08:20:20.0871 5428        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:20:20.0902 5428        PEAUTH - ok
08:20:20.0964 5428        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:20:20.0964 5428        PerfHost - ok
08:20:21.0073 5428        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:20:21.0120 5428        pla - ok
08:20:21.0198 5428        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:20:21.0214 5428        PlugPlay - ok
08:20:21.0307 5428        Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
08:20:21.0307 5428        Pml Driver HPZ12 - ok
08:20:21.0339 5428        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:20:21.0339 5428        PNRPAutoReg - ok
08:20:21.0370 5428        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:20:21.0370 5428        PNRPsvc - ok
08:20:21.0432 5428        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:20:21.0463 5428        PolicyAgent - ok
08:20:21.0495 5428        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:20:21.0495 5428        Power - ok
08:20:21.0573 5428        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:20:21.0573 5428        PptpMiniport - ok
08:20:21.0604 5428        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
08:20:21.0604 5428        Processor - ok
08:20:21.0651 5428        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
08:20:21.0666 5428        ProfSvc - ok
08:20:21.0697 5428        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:20:21.0697 5428        ProtectedStorage - ok
08:20:21.0760 5428        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:20:21.0760 5428        Psched - ok
08:20:21.0853 5428        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
08:20:21.0916 5428        ql2300 - ok
08:20:22.0025 5428        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
08:20:22.0025 5428        ql40xx - ok
08:20:22.0072 5428        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:20:22.0087 5428        QWAVE - ok
08:20:22.0087 5428        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:20:22.0103 5428        QWAVEdrv - ok
08:20:22.0119 5428        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:20:22.0119 5428        RasAcd - ok
08:20:22.0150 5428        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:20:22.0165 5428        RasAgileVpn - ok
08:20:22.0290 5428        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:20:22.0290 5428        RasAuto - ok
08:20:22.0337 5428        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:20:22.0337 5428        Rasl2tp - ok
08:20:22.0399 5428        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:20:22.0431 5428        RasMan - ok
08:20:22.0462 5428        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:20:22.0462 5428        RasPppoe - ok
08:20:22.0477 5428        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:20:22.0477 5428        RasSstp - ok
08:20:22.0524 5428        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:20:22.0540 5428        rdbss - ok
08:20:22.0571 5428        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:20:22.0571 5428        rdpbus - ok
08:20:22.0587 5428        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:20:22.0587 5428        RDPCDD - ok
08:20:22.0633 5428        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:20:22.0633 5428        RDPENCDD - ok
08:20:22.0649 5428        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:20:22.0649 5428        RDPREFMP - ok
08:20:22.0680 5428        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
08:20:22.0680 5428        RDPWD - ok
08:20:22.0743 5428        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:20:22.0743 5428        rdyboost - ok
08:20:22.0914 5428        RegSrvc        (fd11c1287d38a46fb72353e14d50089c) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
08:20:22.0945 5428        RegSrvc - ok
08:20:22.0977 5428        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:20:22.0992 5428        RemoteAccess - ok
08:20:23.0008 5428        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:20:23.0023 5428        RemoteRegistry - ok
08:20:23.0101 5428        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
08:20:23.0101 5428        RFCOMM - ok
08:20:23.0133 5428        RimUsb - ok
08:20:23.0211 5428        RimVSerPort    (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
08:20:23.0211 5428        RimVSerPort - ok
08:20:23.0242 5428        ROOTMODEM      (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
08:20:23.0242 5428        ROOTMODEM - ok
08:20:23.0289 5428        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:20:23.0289 5428        RpcEptMapper - ok
08:20:23.0320 5428        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:20:23.0320 5428        RpcLocator - ok
08:20:23.0382 5428        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:20:23.0398 5428        RpcSs - ok
08:20:23.0429 5428        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:20:23.0429 5428        rspndr - ok
08:20:23.0523 5428        RS_Service      (b5a4b7d779cf4070df408de18bd33b02) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
08:20:23.0538 5428        RS_Service - ok
08:20:23.0585 5428        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:20:23.0585 5428        SamSs - ok
08:20:23.0803 5428        SBAMSvc        (bce943896289a91ad75cc5652620b1c6) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
08:20:23.0819 5428        SBAMSvc - ok
08:20:23.0975 5428        sbapifs        (6e342316e72f4b6fa39c99e06373a1a3) C:\Windows\system32\DRIVERS\sbapifs.sys
08:20:23.0975 5428        sbapifs - ok
08:20:24.0006 5428        sbhips          (b671eef468d13016b9286f5835a06ae1) C:\Windows\system32\drivers\sbhips.sys
08:20:24.0022 5428        sbhips - ok
08:20:24.0053 5428        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:20:24.0053 5428        sbp2port - ok
08:20:24.0100 5428        SBRE            (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
08:20:24.0100 5428        SBRE - ok
08:20:24.0271 5428        SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
08:20:24.0303 5428        SBSDWSCService - ok
08:20:24.0349 5428        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:20:24.0349 5428        SCardSvr - ok
08:20:24.0427 5428        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:20:24.0427 5428        scfilter - ok
08:20:24.0505 5428        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:20:24.0537 5428        Schedule - ok
08:20:24.0583 5428        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:20:24.0583 5428        SCPolicySvc - ok
08:20:24.0630 5428        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:20:24.0630 5428        SDRSVC - ok
08:20:24.0708 5428        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:20:24.0708 5428        secdrv - ok
08:20:24.0755 5428        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:20:24.0755 5428        seclogon - ok
08:20:24.0786 5428        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
08:20:24.0786 5428        SENS - ok
08:20:24.0817 5428        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:20:24.0817 5428        SensrSvc - ok
08:20:24.0849 5428        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
08:20:24.0849 5428        Serenum - ok
08:20:24.0880 5428        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
08:20:24.0880 5428        Serial - ok
08:20:24.0911 5428        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
08:20:24.0927 5428        sermouse - ok
08:20:24.0973 5428        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:20:24.0989 5428        SessionEnv - ok
08:20:25.0020 5428        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:20:25.0020 5428        sffdisk - ok
08:20:25.0051 5428        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:20:25.0051 5428        sffp_mmc - ok
08:20:25.0067 5428        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:20:25.0083 5428        sffp_sd - ok
08:20:25.0114 5428        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
08:20:25.0114 5428        sfloppy - ok
08:20:25.0207 5428        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:20:25.0223 5428        SharedAccess - ok
08:20:25.0285 5428        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:20:25.0317 5428        ShellHWDetection - ok
08:20:25.0332 5428        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:20:25.0348 5428        SiSRaid2 - ok
08:20:25.0379 5428        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
08:20:25.0379 5428        SiSRaid4 - ok
08:20:25.0441 5428        SkypeUpdate    (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
08:20:25.0457 5428        SkypeUpdate - ok
08:20:25.0488 5428        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:20:25.0488 5428        Smb - ok
08:20:25.0535 5428        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:20:25.0535 5428        SNMPTRAP - ok
08:20:25.0675 5428        SNP2UVC        (f9ee0c3088f7f5306ac6ee67b47e665d) C:\Windows\system32\DRIVERS\snp2uvc.sys
08:20:25.0722 5428        SNP2UVC - ok
08:20:25.0816 5428        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:20:25.0816 5428        spldr - ok
08:20:25.0894 5428        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:20:25.0909 5428        Spooler - ok
08:20:26.0112 5428        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:20:26.0190 5428        sppsvc - ok
08:20:26.0315 5428        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:20:26.0331 5428        sppuinotify - ok
08:20:26.0409 5428        SQLBrowser      (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
08:20:26.0409 5428        SQLBrowser - ok
08:20:26.0502 5428        SQLWriter      (3c432a96363097870995e2a3c8b66abd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
08:20:26.0502 5428        SQLWriter - ok
08:20:26.0580 5428        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:20:26.0611 5428        srv - ok
08:20:26.0643 5428        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:20:26.0658 5428        srv2 - ok
08:20:26.0689 5428        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:20:26.0689 5428        srvnet - ok
08:20:26.0736 5428        ssadbus        (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
08:20:26.0736 5428        ssadbus - ok
08:20:26.0767 5428        ssadmdfl        (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
08:20:26.0767 5428        ssadmdfl - ok
08:20:26.0814 5428        ssadmdm        (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
08:20:26.0814 5428        ssadmdm - ok
08:20:26.0861 5428        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:20:26.0877 5428        SSDPSRV - ok
08:20:26.0892 5428        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:20:26.0892 5428        SstpSvc - ok
08:20:26.0923 5428        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
08:20:26.0923 5428        stexstor - ok
08:20:26.0970 5428        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:20:27.0001 5428        stisvc - ok
08:20:27.0048 5428        SWDUMon        (0cd5e2c59264fad184685d2a61ad8473) C:\Windows\system32\DRIVERS\SWDUMon.sys
08:20:27.0048 5428        SWDUMon - ok
08:20:27.0095 5428        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:20:27.0095 5428        swenum - ok
08:20:27.0142 5428        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:20:27.0157 5428        swprv - ok
08:20:27.0204 5428        SynTP          (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
08:20:27.0220 5428        SynTP - ok
08:20:27.0329 5428        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:20:27.0376 5428        SysMain - ok
08:20:27.0485 5428        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:20:27.0485 5428        TabletInputService - ok
08:20:27.0516 5428        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:20:27.0547 5428        TapiSrv - ok
08:20:27.0579 5428        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:20:27.0579 5428        TBS - ok
08:20:27.0735 5428        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:20:27.0797 5428        Tcpip - ok
08:20:28.0000 5428        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:20:28.0015 5428        TCPIP6 - ok
08:20:28.0125 5428        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:20:28.0125 5428        tcpipreg - ok
08:20:28.0187 5428        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:20:28.0187 5428        TDPIPE - ok
08:20:28.0234 5428        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:20:28.0234 5428        TDTCP - ok
08:20:28.0296 5428        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:20:28.0296 5428        tdx - ok
08:20:28.0343 5428        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:20:28.0343 5428        TermDD - ok
08:20:28.0390 5428        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:20:28.0421 5428        TermService - ok
08:20:28.0468 5428        TFsExDisk      (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
08:20:28.0468 5428        TFsExDisk - ok
08:20:28.0499 5428        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:20:28.0499 5428        Themes - ok
08:20:28.0530 5428        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:20:28.0530 5428        THREADORDER - ok
08:20:28.0546 5428        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:20:28.0546 5428        TrkWks - ok
08:20:28.0624 5428        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:20:28.0639 5428        TrustedInstaller - ok
08:20:28.0671 5428        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:20:28.0686 5428        tssecsrv - ok
08:20:28.0733 5428        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:20:28.0733 5428        TsUsbFlt - ok
08:20:28.0920 5428        TuneUp.UtilitiesSvc (6dc7b7342148636c6751d9f7b8aaea91) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
08:20:28.0983 5428        TuneUp.UtilitiesSvc - ok
08:20:29.0029 5428        TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
08:20:29.0029 5428        TuneUpUtilitiesDrv - ok
08:20:29.0170 5428        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:20:29.0185 5428        tunnel - ok
08:20:29.0279 5428        TVersityMediaServer (06bccb3bf0d06adccc4ebc8ef682dd59) C:\ProgramData\TVersity\Media Server\MediaServer.exe
08:20:29.0326 5428        TVersityMediaServer - ok
08:20:29.0419 5428        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
08:20:29.0419 5428        uagp35 - ok
08:20:29.0466 5428        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:20:29.0482 5428        udfs - ok
08:20:29.0529 5428        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:20:29.0529 5428        UI0Detect - ok
08:20:29.0575 5428        ui11drdr        (acec7381128e77d3b262c1f8da2e9819) C:\Windows\system32\DRIVERS\ui11drdr.sys
08:20:29.0575 5428        ui11drdr - ok
08:20:29.0622 5428        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:20:29.0622 5428        uliagpkx - ok
08:20:29.0653 5428        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:20:29.0653 5428        umbus - ok
08:20:29.0685 5428        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
08:20:29.0685 5428        UmPass - ok
08:20:29.0763 5428        Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
08:20:29.0778 5428        Updater Service - ok
08:20:29.0825 5428        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:20:29.0841 5428        upnphost - ok
08:20:29.0872 5428        usbbus          (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
08:20:29.0872 5428        usbbus - ok
08:20:29.0903 5428        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
08:20:29.0903 5428        usbccgp - ok
08:20:29.0965 5428        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:20:29.0965 5428        usbcir - ok
08:20:30.0012 5428        UsbDiag        (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
08:20:30.0012 5428        UsbDiag - ok
08:20:30.0043 5428        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:20:30.0059 5428        usbehci - ok
08:20:30.0090 5428        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:20:30.0106 5428        usbhub - ok
08:20:30.0153 5428        USBModem        (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
08:20:30.0153 5428        USBModem - ok
08:20:30.0184 5428        usbohci        (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
08:20:30.0184 5428        usbohci - ok
08:20:30.0215 5428        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
08:20:30.0215 5428        usbprint - ok
08:20:30.0262 5428        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
08:20:30.0262 5428        usbscan - ok
08:20:30.0309 5428        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:20:30.0309 5428        USBSTOR - ok
08:20:30.0324 5428        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
08:20:30.0324 5428        usbuhci - ok
08:20:30.0371 5428        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
08:20:30.0371 5428        usbvideo - ok
08:20:30.0449 5428        usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
08:20:30.0449 5428        usb_rndisx - ok
08:20:30.0480 5428        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:20:30.0480 5428        UxSms - ok
08:20:30.0527 5428        UxTuneUp        (5b0cd0238b864ca71ea80e4fa1a988af) C:\Windows\System32\uxtuneup.dll
08:20:30.0543 5428        UxTuneUp - ok
08:20:30.0574 5428        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:20:30.0574 5428        VaultSvc - ok
08:20:30.0605 5428        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:20:30.0605 5428        vdrvroot - ok
08:20:30.0683 5428        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:20:30.0714 5428        vds - ok
08:20:30.0745 5428        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:20:30.0761 5428        vga - ok
08:20:30.0792 5428        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:20:30.0792 5428        VgaSave - ok
08:20:30.0823 5428        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:20:30.0839 5428        vhdmp - ok
08:20:30.0870 5428        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:20:30.0870 5428        viaide - ok
08:20:30.0901 5428        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:20:30.0901 5428        volmgr - ok
08:20:30.0964 5428        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:20:30.0979 5428        volmgrx - ok
08:20:31.0011 5428        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:20:31.0026 5428        volsnap - ok
08:20:31.0057 5428        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
08:20:31.0073 5428        vsmraid - ok
08:20:31.0182 5428        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:20:31.0260 5428        VSS - ok
08:20:31.0369 5428        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:20:31.0369 5428        vwifibus - ok
08:20:31.0385 5428        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:20:31.0401 5428        vwififlt - ok
08:20:31.0432 5428        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
08:20:31.0432 5428        vwifimp - ok
08:20:31.0479 5428        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:20:31.0494 5428        W32Time - ok
08:20:31.0541 5428        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
08:20:31.0541 5428        WacomPen - ok
08:20:31.0588 5428        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:20:31.0588 5428        WANARP - ok
08:20:31.0603 5428        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:20:31.0603 5428        Wanarpv6 - ok
08:20:31.0713 5428        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:20:31.0759 5428        wbengine - ok
08:20:31.0853 5428        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:20:31.0884 5428        WbioSrvc - ok
08:20:31.0931 5428        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:20:31.0962 5428        wcncsvc - ok
08:20:31.0978 5428        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:20:31.0978 5428        WcsPlugInService - ok
08:20:32.0040 5428        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
08:20:32.0040 5428        Wd - ok
08:20:32.0087 5428        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:20:32.0118 5428        Wdf01000 - ok
08:20:32.0196 5428        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:20:32.0196 5428        WdiServiceHost - ok
08:20:32.0212 5428        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:20:32.0212 5428        WdiSystemHost - ok
08:20:32.0274 5428        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:20:32.0290 5428        WebClient - ok
08:20:32.0305 5428        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:20:32.0321 5428        Wecsvc - ok
08:20:32.0352 5428        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:20:32.0352 5428        wercplsupport - ok
08:20:32.0383 5428        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:20:32.0399 5428        WerSvc - ok
08:20:32.0461 5428        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:20:32.0461 5428        WfpLwf - ok
08:20:32.0493 5428        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:20:32.0493 5428        WIMMount - ok
08:20:32.0539 5428        WinDefend - ok
08:20:32.0555 5428        WinHttpAutoProxySvc - ok
08:20:32.0617 5428        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:20:32.0633 5428        Winmgmt - ok
08:20:32.0836 5428        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:20:32.0914 5428        WinRM - ok
08:20:33.0054 5428        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:20:33.0054 5428        WinUsb - ok
08:20:33.0132 5428        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:20:33.0163 5428        Wlansvc - ok
08:20:33.0351 5428        wlidsvc        (e23a257a54fa12c2aef8ad51e6556357) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:20:33.0413 5428        wlidsvc - ok
08:20:33.0538 5428        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:20:33.0538 5428        WmiAcpi - ok
08:20:33.0600 5428        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:20:33.0600 5428        wmiApSrv - ok
08:20:33.0678 5428        WMPNetworkSvc - ok
08:20:33.0709 5428        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:20:33.0709 5428        WPCSvc - ok
08:20:33.0756 5428        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:20:33.0756 5428        WPDBusEnum - ok
08:20:33.0787 5428        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:20:33.0803 5428        ws2ifsl - ok
08:20:33.0819 5428        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
08:20:33.0834 5428        wscsvc - ok
08:20:33.0881 5428        WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
08:20:33.0881 5428        WSDPrintDevice - ok
08:20:33.0897 5428        WSDScan        (4a2a5c50dd1a63577d3aca94269fbc7f) C:\Windows\system32\DRIVERS\WSDScan.sys
08:20:33.0897 5428        WSDScan - ok
08:20:33.0912 5428        WSearch - ok
08:20:34.0053 5428        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
08:20:34.0115 5428        wuauserv - ok
08:20:34.0255 5428        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:20:34.0255 5428        WudfPf - ok
08:20:34.0302 5428        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:20:34.0302 5428        WUDFRd - ok
08:20:34.0349 5428        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:20:34.0365 5428        wudfsvc - ok
08:20:34.0411 5428        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:20:34.0411 5428        WwanSvc - ok
08:20:34.0505 5428        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:20:34.0723 5428        \Device\Harddisk0\DR0 - ok
08:20:35.0410 5428        MBR (0x1B8)    (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
08:20:35.0425 5428        \Device\Harddisk1\DR1 - ok
08:20:35.0425 5428        Boot (0x1200)  (e13a9652ddd6960b5d579fbc33fa6e65) \Device\Harddisk0\DR0\Partition0
08:20:35.0425 5428        \Device\Harddisk0\DR0\Partition0 - ok
08:20:35.0441 5428        Boot (0x1200)  (1a1421cc36e595f247b565764cb4bd35) \Device\Harddisk0\DR0\Partition1
08:20:35.0441 5428        \Device\Harddisk0\DR0\Partition1 - ok
08:20:35.0457 5428        Boot (0x1200)  (394051e83b9f0526742b1ee899a08775) \Device\Harddisk1\DR1\Partition0
08:20:35.0457 5428        \Device\Harddisk1\DR1\Partition0 - ok
08:20:35.0457 5428        ============================================================
08:20:35.0457 5428        Scan finished
08:20:35.0457 5428        ============================================================
08:20:35.0472 4744        Detected object count: 0
08:20:35.0472 4744        Actual detected object count: 0
08:21:03.0864 4628        Deinitialize success

t'john 25.07.2012 16:31
Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
:OTL

:Files

C:\Users\JoeCool\AppData\Roaming\13001.025
C:\Users\JoeCool\AppData\Roaming\13001.026
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



dann:

Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking (Norton) und Anti-Malware Programme deaktivieren.

Start => Ausführen

=> dort reinschreiben

ComboFix /Uninstall => Enter drücken

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch daraus die Schädlinge verschwinden. Es wird ein neuer Systemwiederherstellungspunkt erstellt. Gleichzeitig setzt Combofix die Zeiteinstellungen wieder auf die Ursprungseinstellungen, und setzt die Systemeinstellungen wieder so zurück, dass Dateierweiterungen und Systemdateien versteckt sind, was Du bei Bedarf im Explorer unter Extras => Ordneroptionen aber wieder ändern bzw. Deinen persönlichen Vorlieben entsprechend anpassen kannst.

JoeCool 25.07.2012 20:16
Hi,
OTL hat den Bruchteil einer Sekunde gebraucht und wollte auch keinen Neustart ???

Hier das Log:

Code:
========== OTL ==========
========== FILES ==========
C:\Users\JoeCool\AppData\Roaming\13001.025\components folder moved successfully.
C:\Users\JoeCool\AppData\Roaming\13001.025 folder moved successfully.
C:\Users\JoeCool\AppData\Roaming\13001.026\components folder moved successfully.
C:\Users\JoeCool\AppData\Roaming\13001.026 folder moved successfully.
 
OTL by OldTimer - Version 3.2.54.0 log created on 07252012_211450

t'john 25.07.2012 20:21
Sehr gut! :daumenhoc

Java aktualisieren

Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.


Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:28 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131