Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ihavenet.com Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.03.2013, 01:43   #1
Attilius
 
ihavenet.com Trojaner - Standard

ihavenet.com Trojaner



Hallo liebes Trojaner-Board,

auf dem Laptop meiner Mutter befindet sich seit Neuestem ein Schadprogramm, das im Browser bei Anklicken von google-Links immer auf diverse Webseiten, meist ihavenet.com umleitet.
Ich habe mit Avira mal einen Check laufen lassen und Antivir hatte jogek.di /.dk in einer Datei im Java-cache gefunden. Hab diese in Quarantäne geschickt. Danach habe ich dummerweise Avira geupdatet, sodass der Bericht dazu leider nicht mehr vorhanden ist.
Allerdings habe ich nichts dazu gefunden, dass jogek.di etc mit dem ihavenet-Trojaner zusammenhängt. Das Problem besteht sowieso immer noch (wobei ich jetzt nicht weiß, ob beim Avira-Update die Quarantänezone "gelöscht" wurde)
Booten über die Kaspersky Rescue Disc 10 und ein Suchlauf hat nix gefunden.

Einige andere Posts in eurem Board haben empfehlen zuerst defogger, OTL und GMER laufen zu lassen, der Rest geht anscheinend nur individuell. Habe OTL gestern schonmal laufen lassen, da wurden OTL.txt und Extra.txt erstellt.
Seit heute wird die Extra.txt nicht mehr erstellt.

Ich arbeite grade per TeamViewer auf dem Rechner meiner Mutter. Angehängt habe ich die logs der drei Programme und die Liste der installierten Programme per ccleaner.

Vielen Dank schon mal für eure Hilfe
Gruß
Sven

defogger_disable (keine Funde, kann es aus irgendeinem Grund nicht posten)

ccleaner install
Code:
ATTFilter
Activation Assistant for the 2007 Microsoft Office suites	Microsoft Corporation	19.02.2009	14,0MB	
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	19.02.2009		10.0.12.36
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	27.02.2013		11.6.602.171
Adobe Reader X (10.1.6) - Deutsch	Adobe Systems Incorporated	22.02.2013	121,2MB	10.1.6
Adobe Shockwave Player 11.6	Adobe Systems, Inc.	30.01.2013	17,8MB	11.6.8.638
Apple Application Support	Apple Inc.	30.01.2013	65,1MB	2.3
Apple Software Update	Apple Inc.	30.01.2013	2,38MB	2.1.3.127
Avira Free Antivirus	Avira	03.03.2013	174,1MB	13.0.0.3185
Azurewave Wireless LAN	RaLink	08.12.2008	1,93MB	1.00.0000
Bison Webcam	Bison Webcam	14.12.2008	5,39MB	7.96.701.12a
CCleaner	Piriform	05.02.2012	3,50MB	3.15
Compatibility Pack für 2007 Office System	Microsoft Corporation	08.01.2013	168,6MB	12.0.6612.1000
Corel MediaOne	Corel Corporation	14.12.2008	164,5MB	2.00.0000
CorelDRAW Essential Edition 3	Corel Corporation	14.12.2008	227MB	
CyberLink MakeDisc	CyberLink Corp.	19.02.2009	102,6MB	3.0.2601
CyberLink MediaShow	CyberLink Corp.	14.12.2008	312MB	4.1.2318
CyberLink PhotoNow	CyberLink Corp.	14.12.2008	21,7MB	1.1.5615
CyberLink PowerDirector	CyberLink Corp.	14.12.2008	422MB	7.0.2209b
CyberLink PowerDVD 8	CyberLink Corp.	14.12.2008	91,8MB	8.0.2217
CyberLink PowerProducer	CyberLink Corp.	14.12.2008	298MB	5.1111
CyberLink YouCam	CyberLink Corp.	14.12.2008	73,8MB	2.0.2305
Defraggler	Piriform	05.02.2012	3,74MB	2.09
Duden Korrektor	Duden	23.05.2009	251MB	4.00.1301.00
Google Earth	Google	19.02.2009	25,3MB	4.3.7284.3916
HP Imaging Device Functions 9.0	HP	11.04.2009	4,21MB	9.0
HP OCR Software 9.0	HP	11.04.2009	4,21MB	9.0
HP Photosmart All-In-One Software 9.0	HP	11.04.2009	18,9MB	9.0
HP Photosmart Essential 2.01	HP	11.04.2009	4,21MB	2.01
HP Smart Web Printing 4.60	HP	02.07.2010	26,3MB	4.60
HP Solution Center 9.0	HP	11.04.2009	4,21MB	9.0
HP Update	Hewlett-Packard	29.05.2011	3,93MB	5.003.001.001
Java 7 Update 15	Oracle	03.03.2013	129,0MB	7.0.150
Java(TM) 6 Update 11	Sun Microsystems, Inc.	08.12.2008	96,9MB	6.0.110
Logitech SetPoint	Logitech	21.03.2011	18,2MB	4.80
mathepower.de - 2012	Computerdienst Meyn GmbH	25.08.2012	1.043MB	2012
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	19.02.2009	27,8MB	
Microsoft Office File Validation Add-In	Microsoft Corporation	01.05.2012	7,95MB	14.0.5130.5003
Microsoft Office Home and Student 2007	Microsoft Corporation	07.02.2012	304MB	12.0.6612.1000
Microsoft Office Live Add-in 1.5	Microsoft Corporation	30.04.2012	0,49MB	2.0.4024.1
Microsoft Silverlight	Microsoft Corporation	30.01.2013	13,2MB	5.1.10411.0
Microsoft SQL Server 2005 Compact Edition [DEU]	Microsoft Corporation	08.12.2008	0,32MB	3.1.0000
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	08.12.2008	1,74MB	3.1.0000
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	13.08.2009	0,25MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	15.06.2011	0,29MB	8.0.61001
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	13.08.2009	0,19MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	23.05.2009	0,58MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	04.01.2011	0,58MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	15.06.2011	0,58MB	9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	19.05.2012	12,3MB	10.0.40219
Microsoft Works	Microsoft Corporation	09.10.2012	545MB	9.7.0621
Mozilla Firefox 19.0 (x86 de)	Mozilla	01.03.2013	45,4MB	19.0
Mozilla Maintenance Service	Mozilla	01.03.2013	0,22MB	19.0
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	08.12.2008	1,28MB	4.20.9848.0
MSXML 4.0 SP2 (KB941833)	Microsoft Corporation	08.12.2008	1,28MB	4.20.9849.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	08.12.2008	1,29MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	24.11.2009	1,34MB	4.20.9876.0
Nero 8 Essentials	Nero AG	08.12.2008	1.889MB	8.3.124
NVIDIA Drivers	NVIDIA Corporation	21.10.2009		
Picasa 2	Google, Inc.	19.02.2009	35,3MB	2.0
QuickTime	Apple Inc.	30.01.2013	73,2MB	7.73.80.64
RealPlayer	RealNetworks	19.10.2012	95,5MB	15.0.6
Realtek 8169 8168 8101E 8102E Ethernet Driver	Realtek	08.12.2008	1,67MB	1.00.0000
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	08.12.2008	9,29MB	6.0.1.5730
Realtek USB 2.0 Card Reader	Realtek Semiconductor Corp.	08.12.2008	1,50MB	6.0.6000.20111
Schroedel Arbeitsblätter		27.07.2011	6,50MB	
Spelling Dictionaries Support For Adobe Reader 9	Adobe Systems Incorporated	08.12.2008	65,3MB	9.0.0
Synaptics Pointing Device Driver	Synaptics	08.12.2008	14,1MB	11.1.7.0
TeamViewer 8	TeamViewer	04.03.2013	22,0MB	8.0.17292
Windows Live Anmelde-Assistent	Microsoft Corporation	05.03.2009	1,93MB	5.000.818.6
Windows Live Fotogalerie	Microsoft Corporation	08.12.2008	21,0MB	12.0.1347.0718
Windows Live installer	Microsoft Corporation	08.12.2008	1,71MB	12.0.1471.1025
Windows Live Mail	Microsoft Corporation	08.12.2008	22,6MB	12.0.1606.1023
Windows Live Messenger	Microsoft Corporation	08.12.2008	30,0MB	8.5.1302.1018
Windows Live Writer	Microsoft Corporation	08.12.2008	17,1MB	12.0.1370.0325
WinRAR 4.01 (32-Bit)	win.rar GmbH	31.12.2011	4,03MB	4.01.0
X10 Hardware(TM)		19.02.2009	12,00KB
         
OTL.txt
Code:
ATTFilter
OTL logfile created on: 05.03.2013 15:18:35 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marianne\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 54,14% Memory free
6,21 Gb Paging File | 4,83 Gb Available in Paging File | 77,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,07 Gb Total Space | 198,81 Gb Free Space | 71,49% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 8,83 Gb Free Space | 44,13% Space Free | Partition Type: FAT32
 
Computer Name: ENGEL | User Name: Marianne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.04 18:50:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marianne\Desktop\OTL.exe
PRC - [2013.03.04 17:58:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.04 17:58:35 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.04 17:58:33 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.04 17:58:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.28 19:45:57 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.02.28 16:04:17 | 001,820,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
PRC - [2013.02.26 13:23:14 | 004,161,888 | ---- | M] (TeamViewer GmbH) -- c:\Programme\TeamViewer\Version8\TeamViewer_Desktop.exe
PRC - [2013.02.26 13:23:13 | 010,219,872 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer.exe
PRC - [2013.02.26 13:23:13 | 003,560,800 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013.02.26 13:15:58 | 000,185,696 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\tv_w32.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
PRC - [2007.06.22 14:57:38 | 000,369,368 | ---- | M] (Expert System S.p.A.) -- C:\Programme\Duden\Duden Korrektor\DKCore.exe
PRC - [2007.06.22 12:32:20 | 000,565,976 | ---- | M] (Expert System S.p.A.) -- C:\Programme\Duden\Duden Korrektor\DKTray.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.28 19:45:57 | 003,067,288 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2013.02.28 16:04:17 | 014,718,320 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_171.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.07.20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll
MOD - [2007.04.15 18:44:42 | 000,898,560 | ---- | M] () -- C:\Programme\Duden\Duden Korrektor\libxml2.dll
MOD - [2007.04.15 18:44:26 | 000,073,728 | ---- | M] () -- C:\Programme\Duden\Duden Korrektor\zlib1.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.04 17:58:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.04 17:58:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.28 19:45:57 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.28 16:04:17 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.26 13:23:13 | 003,560,800 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () [Auto | Running] -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007.10.18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013.03.04 17:59:00 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.04 17:59:00 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.04 17:59:00 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.03.04 17:59:00 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.06.17 17:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.12.04 19:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008.11.21 22:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.10.04 01:17:24 | 000,133,120 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.09.25 05:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007.07.31 17:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2006.11.17 11:31:02 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.03 11:24:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.20 15:28:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.28 19:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.28 19:45:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.03 11:24:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
 
[2009.02.20 21:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marianne\AppData\Roaming\mozilla\Extensions
[2013.03.04 19:13:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marianne\AppData\Roaming\mozilla\Firefox\Profiles\u334tkw9.default\extensions
[2010.09.13 17:40:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marianne\AppData\Roaming\mozilla\Firefox\Profiles\u334tkw9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.02.23 11:08:13 | 000,029,064 | ---- | M] () (No name found) -- C:\Users\Marianne\AppData\Roaming\mozilla\firefox\profiles\u334tkw9.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2013.03.04 19:13:00 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Marianne\AppData\Roaming\mozilla\firefox\profiles\u334tkw9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.28 19:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.02.28 19:45:57 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.20 15:28:25 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012.10.14 18:33:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.14 18:33:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.14 18:33:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.14 18:33:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.14 18:33:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.14 18:33:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.)
O4 - Startup: C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6998B588-4BDB-4D44-9E40-8C46D677B31B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{dba750ac-9e6c-11df-afac-001f16134791}\Shell\verb1\command - "" = desktop.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.05 14:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2013.03.04 20:44:08 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.03.04 18:50:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Marianne\Desktop\OTL.exe
[2013.03.04 18:18:01 | 000,000,000 | ---D | C] -- C:\Users\Marianne\AppData\Roaming\Avira
[2013.03.04 18:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.04 18:13:27 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.04 18:13:26 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.04 18:13:26 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.04 18:13:26 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.04 18:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.04 18:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.02.28 19:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.05 15:25:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2013.03.05 15:20:40 | 000,377,856 | ---- | M] () -- C:\Users\Marianne\Desktop\gmer_2.1.19155.exe
[2013.03.05 15:16:54 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.03.05 15:04:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.05 14:48:33 | 000,050,477 | ---- | M] () -- C:\Users\Marianne\Desktop\Defogger.exe
[2013.03.05 14:33:23 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.03.05 14:16:02 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.03.05 14:15:09 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.05 14:15:09 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.05 14:15:09 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.05 14:15:09 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.05 14:07:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.05 14:07:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.05 14:07:55 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\QWODVDFYB.job
[2013.03.05 14:07:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.05 14:07:44 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.04 18:50:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marianne\Desktop\OTL.exe
[2013.03.04 18:13:43 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.04 17:59:00 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.04 17:59:00 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.04 17:59:00 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.04 17:59:00 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.04 16:52:33 | 000,000,175 | ---- | M] () -- C:\Users\Marianne\AppData\Local\rahistory.xml
[2013.03.03 15:19:42 | 000,000,680 | ---- | M] () -- C:\Users\Marianne\AppData\Local\d3d9caps.dat
[2013.02.24 18:42:19 | 000,000,368 | ---- | M] () -- C:\Users\Marianne\Desktop\Musik - Verknüpfung.lnk
[2013.02.24 10:25:40 | 000,155,648 | RHS- | M] () -- C:\Windows\System32\dbghelpn.dll
[2013.02.13 19:43:25 | 000,317,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.03.05 15:20:38 | 000,377,856 | ---- | C] () -- C:\Users\Marianne\Desktop\gmer_2.1.19155.exe
[2013.03.05 14:48:33 | 000,050,477 | ---- | C] () -- C:\Users\Marianne\Desktop\Defogger.exe
[2013.03.05 14:33:23 | 000,000,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013.03.05 14:33:23 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.03.04 18:13:43 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.03 15:19:42 | 000,000,680 | ---- | C] () -- C:\Users\Marianne\AppData\Local\d3d9caps.dat
[2013.02.24 18:42:19 | 000,000,368 | ---- | C] () -- C:\Users\Marianne\Desktop\Musik - Verknüpfung.lnk
[2013.02.24 10:25:40 | 000,155,648 | RHS- | C] () -- C:\Windows\System32\dbghelpn.dll
[2013.02.24 10:25:40 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\QWODVDFYB.job
[2013.01.31 17:18:57 | 000,000,175 | ---- | C] () -- C:\Users\Marianne\AppData\Local\RAExpertHistory.xml
[2013.01.31 17:18:45 | 000,000,175 | ---- | C] () -- C:\Users\Marianne\AppData\Local\rahistory.xml
[2009.07.03 10:23:56 | 000,000,760 | ---- | C] () -- C:\Users\Marianne\AppData\Roaming\setup_ldm.iss
[2009.07.03 10:22:15 | 000,001,825 | ---- | C] () -- C:\Users\Marianne\Logitech-Maus- und -Tastatureinstellungen.lnk
[2009.02.22 12:40:19 | 000,013,824 | ---- | C] () -- C:\Users\Marianne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.15 05:47:10 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.12.15 05:37:57 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.06.13 17:05:15 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Cornelsen
 
========== Purity Check ==========
 
 

< End of report >
         
Extra.txt wurde nicht erstellt


Gmer(wobei ich hier ja nicht die Wlan Verbindung kappen konnte und deswegen Antivir auch nicht ausmachen wollte.)
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-06 01:11:57
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\Marianne\AppData\Local\Temp\kgldapow.sys


---- System - GMER 2.1 ----

SSDT            8038BFBE                                                                                              ZwCreateSection
SSDT            8038BFC8                                                                                              ZwRequestWaitReplyPort
SSDT            8038BFC3                                                                                              ZwSetContextThread
SSDT            8038BFCD                                                                                              ZwSetSecurityObject
SSDT            8038BFD2                                                                                              ZwSystemDebugControl
SSDT            8038BF5F                                                                                              ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                         826F48D8 4 Bytes  [BE, BF, 38, 80]
.text           ntkrnlpa.exe!KeSetEvent + 539                                                                         826F4BFC 1 Byte  [C8]
.text           ntkrnlpa.exe!KeSetEvent + 539                                                                         826F4BFC 4 Bytes  [C8, BF, 38, 80] {ENTER 0x38bf, 0x80}
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                         826F4C30 4 Bytes  [C3, BF, 38, 80]
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                         826F4C94 4 Bytes  [CD, BF, 38, 80]
.text           ...                                                                                                   
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                              section is writeable [0x8E207340, 0x3EB347, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text           C:\Windows\Explorer.EXE[3004] SHELL32.dll!SHCoCreateInstance + 657                                    76211B20 8 Bytes  [E0, 10, 99, 6C, 00, 11, 99, ...] {LOOPNZ 0x12; CDQ ; INS BYTE [ES:EDI], DX; ADD [ECX], DL; CDQ ; INS BYTE [ES:EDI], DX}

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                               Wdf01000.sys
AttachedDevice  \FileSystem\fastfat \Fat                                                                              fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C4380 series@ChangeID  5635489

---- EOF - GMER 2.1 ----
         




OTL.txt von gestern!
Code:
ATTFilter
OTL logfile created on: 04.03.2013 18:51:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marianne\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,15% Memory free
6,21 Gb Paging File | 4,82 Gb Available in Paging File | 77,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,07 Gb Total Space | 199,34 Gb Free Space | 71,69% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 8,83 Gb Free Space | 44,13% Space Free | Partition Type: FAT32
 
Computer Name: ENGEL | User Name: Marianne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.03.04 18:50:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Marianne\Downloads\OTL.exe
PRC - [2013.03.04 17:58:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.04 17:58:35 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.03.04 17:58:33 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.04 17:58:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.04 15:38:06 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\javaws.exe
PRC - [2013.03.04 15:38:06 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\javaw.exe
PRC - [2013.02.28 19:45:57 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.02.28 16:04:17 | 001,820,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
PRC - [2007.06.22 14:57:38 | 000,369,368 | ---- | M] (Expert System S.p.A.) -- C:\Programme\Duden\Duden Korrektor\DKCore.exe
PRC - [2007.06.22 12:32:20 | 000,565,976 | ---- | M] (Expert System S.p.A.) -- C:\Programme\Duden\Duden Korrektor\DKTray.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.28 19:45:57 | 003,067,288 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2013.02.28 16:04:17 | 014,718,320 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_171.dll
MOD - [2009.07.20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll
MOD - [2007.04.15 18:44:42 | 000,898,560 | ---- | M] () -- C:\Programme\Duden\Duden Korrektor\libxml2.dll
MOD - [2007.04.15 18:44:26 | 000,073,728 | ---- | M] () -- C:\Programme\Duden\Duden Korrektor\zlib1.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.03.04 17:58:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.04 17:58:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.28 19:45:57 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.28 16:04:17 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008.10.29 16:20:34 | 000,070,656 | ---- | M] () [Auto | Running] -- C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007.10.18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013.03.04 17:59:00 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.04 17:59:00 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.04 17:59:00 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.03.04 17:59:00 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.06.17 17:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.12.04 19:13:08 | 001,461,032 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008.11.21 22:07:00 | 007,451,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.10.04 01:17:24 | 000,133,120 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.09.25 05:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007.07.31 17:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2006.11.17 11:31:02 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker%40overlord1337:1.3.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.03 11:24:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.10.20 15:28:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.02.28 19:45:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.02.28 19:45:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.07.03 11:24:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter
 
[2009.02.20 21:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marianne\AppData\Roaming\mozilla\Extensions
[2013.02.23 11:08:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marianne\AppData\Roaming\mozilla\Firefox\Profiles\u334tkw9.default\extensions
[2010.09.13 17:40:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marianne\AppData\Roaming\mozilla\Firefox\Profiles\u334tkw9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.02.23 11:08:13 | 000,029,064 | ---- | M] () (No name found) -- C:\Users\Marianne\AppData\Roaming\mozilla\firefox\profiles\u334tkw9.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2013.02.28 19:45:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.02.28 19:45:57 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.20 15:28:25 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012.10.14 18:33:35 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.14 18:33:35 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.10.14 18:33:35 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.14 18:33:35 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.14 18:33:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.14 18:33:35 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.)
O4 - Startup: C:\Users\Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6998B588-4BDB-4D44-9E40-8C46D677B31B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{dba750ac-9e6c-11df-afac-001f16134791}\Shell\verb1\command - "" = desktop.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.04 18:18:01 | 000,000,000 | ---D | C] -- C:\Users\Marianne\AppData\Roaming\Avira
[2013.03.04 18:13:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.03.04 18:13:27 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.04 18:13:26 | 000,134,336 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.04 18:13:26 | 000,083,944 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.04 18:13:26 | 000,036,552 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.04 18:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.03.04 18:13:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.02.28 19:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.04 18:55:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2013.03.04 18:36:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.04 18:36:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.04 18:17:39 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.03.04 18:17:39 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.03.04 18:17:39 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.03.04 18:17:39 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.03.04 18:13:43 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.04 18:11:28 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.03.04 18:11:01 | 000,032,156 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.03.04 18:10:39 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\QWODVDFYB.job
[2013.03.04 18:10:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.04 18:10:28 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.04 18:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.04 17:59:00 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.03.04 17:59:00 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.03.04 17:59:00 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.03.04 17:59:00 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.03.04 16:52:33 | 000,000,175 | ---- | M] () -- C:\Users\Marianne\AppData\Local\rahistory.xml
[2013.03.03 15:19:42 | 000,000,680 | ---- | M] () -- C:\Users\Marianne\AppData\Local\d3d9caps.dat
[2013.02.24 18:42:19 | 000,000,368 | ---- | M] () -- C:\Users\Marianne\Desktop\Musik - Verknüpfung.lnk
[2013.02.24 10:25:40 | 000,155,648 | RHS- | M] () -- C:\Windows\System32\dbghelpn.dll
[2013.02.13 19:43:25 | 000,317,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.03.04 18:13:43 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.03.03 15:19:42 | 000,000,680 | ---- | C] () -- C:\Users\Marianne\AppData\Local\d3d9caps.dat
[2013.02.24 18:42:19 | 000,000,368 | ---- | C] () -- C:\Users\Marianne\Desktop\Musik - Verknüpfung.lnk
[2013.02.24 10:25:40 | 000,155,648 | RHS- | C] () -- C:\Windows\System32\dbghelpn.dll
[2013.02.24 10:25:40 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\QWODVDFYB.job
[2013.02.03 13:47:50 | 000,001,728 | ---- | C] () -- C:\Users\Marianne\Desktop\Mozilla Firefox.lnk
[2013.01.31 17:18:57 | 000,000,175 | ---- | C] () -- C:\Users\Marianne\AppData\Local\RAExpertHistory.xml
[2013.01.31 17:18:45 | 000,000,175 | ---- | C] () -- C:\Users\Marianne\AppData\Local\rahistory.xml
[2009.07.03 10:23:56 | 000,000,760 | ---- | C] () -- C:\Users\Marianne\AppData\Roaming\setup_ldm.iss
[2009.07.03 10:22:15 | 000,001,825 | ---- | C] () -- C:\Users\Marianne\Logitech-Maus- und -Tastatureinstellungen.lnk
[2009.02.22 12:40:19 | 000,013,824 | ---- | C] () -- C:\Users\Marianne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.15 05:47:10 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.12.15 05:37:57 | 000,032,156 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.06.13 17:05:15 | 000,000,000 | ---D | M] -- C:\Users\Marianne\AppData\Roaming\Cornelsen
 
========== Purity Check ==========
 
 

< End of report >
         
Extra.txt von gestern!

Code:
ATTFilter
OTL Extras logfile created on: 04.03.2013 18:51:08 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Marianne\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,15% Memory free
6,21 Gb Paging File | 4,82 Gb Available in Paging File | 77,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,07 Gb Total Space | 199,34 Gb Free Space | 71,69% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 8,83 Gb Free Space | 44,13% Space Free | Partition Type: FAT32
 
Computer Name: ENGEL | User Name: Marianne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2981673612-1989944714-3398691111-1000]
"EnableNotificationsRef" = 5
"EnableNotifications" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B346597-5DB9-4BDD-A0C9-A09301000EC5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{85C40F5B-371C-4898-8011-74A27D35D045}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 | 
"{89571134-4DFA-42A6-A0DD-41E0E8B3EF35}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 | 
"{A52E931E-0393-4639-904B-FAAD6A301F19}" = lport=3389 | protocol=6 | dir=in | name=remote-control | 
"{E940EBF6-2775-4F08-BB01-9858D0713A0A}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{078F71C3-FEBB-4F92-BC68-BAAF22542A58}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{2ADFBC11-741F-454D-90FF-061CE2B528BE}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{2EDD6B19-A57B-4F3E-B473-92002FF21313}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{32E06D9D-11A6-434F-921F-3E17BF2511FE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{37CA905B-D50D-4B3D-B1A1-18E884EFA992}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe | 
"{3CA2DE0B-780F-46EA-B2EC-3D4FAEBD5645}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{3EDFF91E-D68C-4DF4-A8AE-9E561F783C2E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{3F9C4394-6873-4E8B-96C1-9DF869AE3E92}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe | 
"{4626EFC0-84A8-4E9C-B1DD-E3574CAA03B5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{4E0D07ED-9BCA-4633-B8FE-EC80C82D10FD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{614CE474-B194-4EF3-B466-3F692D1AE01D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{6308F8CE-229A-4474-9AAB-3950CDE4C12C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe | 
"{6B022A8B-48B9-4554-99C8-69E5B3728CAF}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{7256E0FA-4B4B-4D4A-BBE1-A29156F77EDB}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | 
"{8A8F86DF-24ED-4DB9-B596-83E77191B53B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{977E8C04-BEAD-4F44-9F72-056B0FD5795F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{A24C2048-2B09-4E42-BDD2-4C92C5340F2A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{A6A2FD4D-29CB-4EA0-8091-DC85D785A568}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{AA176B7E-9C8F-4975-B07C-B1E6B91F1EBD}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{B8321955-DE76-42DD-A011-DE69071CD5AB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{C8C7FD69-D452-40C4-9BCC-459A371AD4DF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{D785E749-16B3-4A39-BD54-B8AB96CEC71E}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{D91059B8-2C0E-4E13-AD8D-0B35F8912B37}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{DE3E20E0-50B4-4D30-87BA-4F0CB6D29471}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{E29E346F-FD36-4770-92FB-64A24F9A6362}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3F21514E-34B6-4D52-83E2-E3C07D19E2B9}_is1" = mathepower.de - 2012
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Bison Webcam
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AFA06F7-E60E-43DE-AF33-5552C801B73A}" = Duden Korrektor
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B145EC69-66F5-11D8-9D75-000129760D75}" = CyberLink MakeDisc
"{B29051F5-5D7D-443e-ABE9-7CBB29EAC200}" = C4380
"{B2D7C787-7BFD-47b3-AE85-60146221015D}" = C4380_Help
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F40C0988-E8B1-479b-80BD-D5FADAB9697A}" = C4380_doccd
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{8AFA06F7-E60E-43DE-AF33-5552C801B73A}" = Duden Korrektor
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa2" = Picasa 2
"RealPlayer 15.0" = RealPlayer
"Schroedel Arbeitsblätter" = Schroedel Arbeitsblätter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.04.2011 03:30:01 | Computer Name = Engel | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.04.2011 03:30:03 | Computer Name = Engel | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.04.2011 03:32:56 | Computer Name = Engel | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.04.2011 03:32:57 | Computer Name = Engel | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.04.2011 03:33:09 | Computer Name = Engel | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.04.2011 03:33:10 | Computer Name = Engel | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.04.2011 03:33:12 | Computer Name = Engel | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.04.2011 03:33:13 | Computer Name = Engel | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.04.2011 03:35:13 | Computer Name = Engel | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 16.04.2011 03:35:13 | Computer Name = Engel | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ OSession Events ]
Error - 17.06.2012 06:30:59 | Computer Name = Engel | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7450
 seconds with 2160 seconds of active time.  This session ended with a crash.
 
Error - 17.06.2012 06:55:37 | Computer Name = Engel | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1042
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 17.06.2012 08:30:49 | Computer Name = Engel | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2071
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 24.06.2012 05:37:33 | Computer Name = Engel | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7015
 seconds with 1200 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 02.03.2013 02:40:07 | Computer Name = Engel | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 02.03.2013 02:40:16 | Computer Name = Engel | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 03.03.2013 03:18:05 | Computer Name = Engel | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.03.2013 03:18:13 | Computer Name = Engel | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 03.03.2013 14:48:52 | Computer Name = Engel | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 03.03.2013 14:49:00 | Computer Name = Engel | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 04.03.2013 10:29:58 | Computer Name = Engel | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.03.2013 10:30:05 | Computer Name = Engel | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 04.03.2013 13:12:13 | Computer Name = Engel | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 04.03.2013 13:12:13 | Computer Name = Engel | Source = Service Control Manager | ID = 7022
Description = 
 
 
< End of report >
         

Alt 06.03.2013, 12:58   #2
markusg
/// Malware-holic
 
ihavenet.com Trojaner - Standard

ihavenet.com Trojaner



Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
ATTFilter
:OTL
[2013.02.24 10:25:40 | 000,155,648 | RHS- | M] () -- C:\Windows\System32\dbghelpn.dll
[2013.03.05 14:07:55 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\QWODVDFYB.job
:files
:Commands
[emptytemp]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

odownloade get info:
http://markusg.trojaner-board.de/GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.
downloade get info:
http://markusg.trojaner-board.de/GetInfo.exe
doppelklicke die .exe
im selben ordner wird nun eine .txt erstellt:
summary-info.txt
diese doppelklicken und deren inhalt posten.

Frage:
hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt?
wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.
__________________

__________________

Alt 06.03.2013, 20:18   #3
Attilius
 
ihavenet.com Trojaner - Standard

ihavenet.com Trojaner



Hi,

danke, dass du mir hilfst!

Upload hat geklappt. Ich sehe nur nicht, wo der Upload hier im Thread markiert/angekommen ist.

OTL fix:
Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Windows\System32\dbghelpn.dll moved successfully.
C:\Windows\Tasks\QWODVDFYB.job moved successfully.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Marianne
->Temp folder emptied: 8290804 bytes
->Temporary Internet Files folder emptied: 6542329 bytes
->Java cache emptied: 23492072 bytes
->FireFox cache emptied: 132753499 bytes
->Flash cache emptied: 1526 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 389587 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 164,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03062013_195944

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
summary_info.txt
Code:
ATTFilter
System volume information:	 dwHighDateTime = 0x1c96262,dwLowDateTime = 0xaa1758f1
System32:			 dwHighDateTime = 0x1c6fe70,dwLowDateTime = 0xa3cd0a16
dwSerialNumber = 0x183de116
         
Meine Mutter meinte sie hätte wohl einige Arbeitsblätter für die Schule runtergeladen und war auf diversen Seiten unterwegs. Manche waren auch von firefox schon als unsicher eingestuft, diese hat sie "sofort geschlossen". Denke mal, dass sie sich da irgendwas gefangen hat. Leider ist nicht nachzuvollziehen, welche Seiten das waren...

Gruß Sven
__________________

Alt 08.03.2013, 21:06   #4
markusg
/// Malware-holic
 
ihavenet.com Trojaner - Standard

ihavenet.com Trojaner



hi danke
den upload sehen wir nur intern.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.03.2013, 20:45   #5
Attilius
 
ihavenet.com Trojaner - Standard

ihavenet.com Trojaner



Hier das Logfile von TDSSKiller. Es wurden 9 Threats gefunden. Ein paar davon sind glaube ich Druckertreiber von HP oder so etwas.

Code:
ATTFilter
20:41:45.0810 2948  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:41:45.0905 2948  ============================================================
20:41:45.0905 2948  Current date / time: 2013/03/09 20:41:45.0905
20:41:45.0905 2948  SystemInfo:
20:41:45.0905 2948  
20:41:45.0905 2948  OS Version: 6.0.6002 ServicePack: 2.0
20:41:45.0905 2948  Product type: Workstation
20:41:45.0905 2948  ComputerName: ENGEL
20:41:45.0909 2948  UserName: Marianne
20:41:45.0909 2948  Windows directory: C:\Windows
20:41:45.0909 2948  System windows directory: C:\Windows
20:41:45.0909 2948  Processor architecture: Intel x86
20:41:45.0909 2948  Number of processors: 2
20:41:45.0909 2948  Page size: 0x1000
20:41:45.0909 2948  Boot type: Normal boot
20:41:45.0909 2948  ============================================================
20:41:47.0299 2948  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:41:47.0312 2948  ============================================================
20:41:47.0312 2948  \Device\Harddisk0\DR0:
20:41:47.0313 2948  MBR partitions:
20:41:47.0313 2948  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x22C25800
20:41:47.0313 2948  \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x22C28D8D, BlocksNum 0x2804934
20:41:47.0313 2948  ============================================================
20:41:47.0357 2948  C: <-> \Device\Harddisk0\DR0\Partition1
20:41:47.0387 2948  D: <-> \Device\Harddisk0\DR0\Partition2
20:41:47.0387 2948  ============================================================
20:41:47.0387 2948  Initialize success
20:41:47.0387 2948  ============================================================
20:41:57.0136 5716  ============================================================
20:41:57.0136 5716  Scan started
20:41:57.0136 5716  Mode: Manual; SigCheck; TDLFS; 
20:41:57.0136 5716  ============================================================
20:41:57.0605 5716  ================ Scan system memory ========================
20:41:57.0605 5716  System memory - ok
20:41:57.0606 5716  ================ Scan services =============================
20:41:57.0817 5716  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
20:41:58.0025 5716  ACPI - ok
20:41:58.0101 5716  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:41:58.0137 5716  AdobeARMservice - ok
20:41:58.0205 5716  [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:41:58.0233 5716  AdobeFlashPlayerUpdateSvc - ok
20:41:58.0292 5716  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:41:58.0330 5716  adp94xx - ok
20:41:58.0358 5716  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:41:58.0390 5716  adpahci - ok
20:41:58.0417 5716  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
20:41:58.0443 5716  adpu160m - ok
20:41:58.0461 5716  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:41:58.0486 5716  adpu320 - ok
20:41:58.0549 5716  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:41:58.0591 5716  AeLookupSvc - ok
20:41:58.0645 5716  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
20:41:58.0687 5716  AFD - ok
20:41:58.0715 5716  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:41:58.0741 5716  agp440 - ok
20:41:58.0767 5716  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
20:41:58.0791 5716  aic78xx - ok
20:41:58.0811 5716  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
20:41:58.0854 5716  ALG - ok
20:41:58.0882 5716  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:41:58.0904 5716  aliide - ok
20:41:58.0931 5716  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
20:41:58.0958 5716  amdagp - ok
20:41:58.0975 5716  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:41:58.0998 5716  amdide - ok
20:41:59.0020 5716  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
20:41:59.0066 5716  AmdK7 - ok
20:41:59.0077 5716  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:41:59.0124 5716  AmdK8 - ok
20:41:59.0223 5716  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:41:59.0247 5716  AntiVirSchedulerService - ok
20:41:59.0272 5716  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:41:59.0291 5716  AntiVirService - ok
20:41:59.0341 5716  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
20:41:59.0377 5716  Appinfo - ok
20:41:59.0421 5716  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
20:41:59.0444 5716  arc - ok
20:41:59.0476 5716  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:41:59.0500 5716  arcsas - ok
20:41:59.0531 5716  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:41:59.0577 5716  AsyncMac - ok
20:41:59.0611 5716  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:41:59.0634 5716  atapi - ok
20:41:59.0678 5716  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:41:59.0718 5716  AudioEndpointBuilder - ok
20:41:59.0745 5716  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
20:41:59.0785 5716  Audiosrv - ok
20:41:59.0846 5716  [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
20:41:59.0875 5716  avgntflt - ok
20:41:59.0919 5716  [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
20:41:59.0941 5716  avipbb - ok
20:41:59.0966 5716  [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
20:41:59.0989 5716  avkmgr - ok
20:42:00.0055 5716  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:42:00.0097 5716  Beep - ok
20:42:00.0143 5716  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
20:42:00.0190 5716  BFE - ok
20:42:00.0258 5716  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
20:42:00.0323 5716  BITS - ok
20:42:00.0340 5716  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
20:42:00.0385 5716  blbdrive - ok
20:42:00.0419 5716  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:42:00.0451 5716  bowser - ok
20:42:00.0472 5716  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
20:42:00.0509 5716  BrFiltLo - ok
20:42:00.0520 5716  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
20:42:00.0557 5716  BrFiltUp - ok
20:42:00.0592 5716  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
20:42:00.0652 5716  Browser - ok
20:42:00.0668 5716  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
20:42:00.0750 5716  Brserid - ok
20:42:00.0782 5716  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
20:42:00.0859 5716  BrSerWdm - ok
20:42:00.0881 5716  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
20:42:00.0957 5716  BrUsbMdm - ok
20:42:00.0983 5716  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
20:42:01.0056 5716  BrUsbSer - ok
20:42:01.0070 5716  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:42:01.0146 5716  BTHMODEM - ok
20:42:01.0254 5716  [ BC46E036AD1FEC3C56583D2802E68EFE ] Cam5607         C:\Windows\system32\Drivers\BisonC07.sys
20:42:01.0382 5716  Cam5607 - ok
20:42:01.0419 5716  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:42:01.0470 5716  cdfs - ok
20:42:01.0495 5716  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:42:01.0530 5716  cdrom - ok
20:42:01.0575 5716  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:42:01.0610 5716  CertPropSvc - ok
20:42:01.0638 5716  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
20:42:01.0683 5716  circlass - ok
20:42:01.0714 5716  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
20:42:01.0748 5716  CLFS - ok
20:42:01.0805 5716  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:42:01.0830 5716  clr_optimization_v2.0.50727_32 - ok
20:42:01.0885 5716  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:42:01.0931 5716  CmBatt - ok
20:42:01.0952 5716  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:42:01.0975 5716  cmdide - ok
20:42:01.0989 5716  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:42:02.0013 5716  Compbatt - ok
20:42:02.0021 5716  COMSysApp - ok
20:42:02.0039 5716  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:42:02.0061 5716  crcdisk - ok
20:42:02.0080 5716  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
20:42:02.0125 5716  Crusoe - ok
20:42:02.0167 5716  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:42:02.0208 5716  CryptSvc - ok
20:42:02.0269 5716  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:42:02.0319 5716  DcomLaunch - ok
20:42:02.0344 5716  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:42:02.0370 5716  DfsC - ok
20:42:02.0449 5716  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
20:42:02.0691 5716  DFSR - ok
20:42:02.0792 5716  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
20:42:02.0834 5716  Dhcp - ok
20:42:02.0867 5716  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
20:42:02.0894 5716  disk - ok
20:42:02.0941 5716  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:42:02.0977 5716  Dnscache - ok
20:42:03.0016 5716  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:42:03.0062 5716  dot3svc - ok
20:42:03.0105 5716  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
20:42:03.0170 5716  DPS - ok
20:42:03.0211 5716  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:42:03.0247 5716  drmkaud - ok
20:42:03.0294 5716  [ FB85F7F69E9B109820409243F578CC4D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:42:03.0359 5716  DXGKrnl - ok
20:42:03.0410 5716  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
20:42:03.0457 5716  E1G60 - ok
20:42:03.0501 5716  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
20:42:03.0538 5716  EapHost - ok
20:42:03.0606 5716  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
20:42:03.0637 5716  Ecache - ok
20:42:03.0707 5716  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:42:03.0738 5716  ehRecvr - ok
20:42:03.0760 5716  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
20:42:03.0788 5716  ehSched - ok
20:42:03.0807 5716  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
20:42:03.0829 5716  ehstart - ok
20:42:03.0868 5716  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:42:03.0907 5716  elxstor - ok
20:42:03.0982 5716  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
20:42:04.0036 5716  EMDMgmt - ok
20:42:04.0079 5716  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:42:04.0129 5716  ErrDev - ok
20:42:04.0179 5716  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
20:42:04.0230 5716  EventSystem - ok
20:42:04.0286 5716  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
20:42:04.0321 5716  exfat - ok
20:42:04.0356 5716  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:42:04.0404 5716  fastfat - ok
20:42:04.0421 5716  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:42:04.0469 5716  fdc - ok
20:42:04.0497 5716  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:42:04.0544 5716  fdPHost - ok
20:42:04.0563 5716  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:42:04.0644 5716  FDResPub - ok
20:42:04.0655 5716  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:42:04.0679 5716  FileInfo - ok
20:42:04.0700 5716  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:42:04.0758 5716  Filetrace - ok
20:42:04.0803 5716  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:42:04.0851 5716  flpydisk - ok
20:42:04.0885 5716  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:42:04.0920 5716  FltMgr - ok
20:42:04.0961 5716  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:42:04.0992 5716  FontCache3.0.0.0 - ok
20:42:05.0043 5716  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:42:05.0080 5716  Fs_Rec - ok
20:42:05.0106 5716  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:42:05.0132 5716  gagp30kx - ok
20:42:05.0182 5716  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
20:42:05.0248 5716  gpsvc - ok
20:42:05.0318 5716  [ 649F407A844DDE2B97BC086AF97D663B ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:42:05.0351 5716  gusvc - ok
20:42:05.0397 5716  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:42:05.0488 5716  HdAudAddService - ok
20:42:05.0538 5716  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:42:05.0608 5716  HDAudBus - ok
20:42:05.0654 5716  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:42:05.0737 5716  HidBth - ok
20:42:05.0758 5716  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:42:05.0846 5716  HidIr - ok
20:42:05.0880 5716  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll
20:42:05.0910 5716  hidserv - ok
20:42:05.0944 5716  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:42:05.0981 5716  HidUsb - ok
20:42:06.0014 5716  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:42:06.0068 5716  hkmsvc - ok
20:42:06.0091 5716  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
20:42:06.0118 5716  HpCISSs - ok
20:42:06.0229 5716  [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
20:42:06.0246 5716  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
20:42:06.0246 5716  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
20:42:06.0289 5716  [ EE4C7A4CF2316701FFDE90F404520265 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
20:42:06.0307 5716  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
20:42:06.0307 5716  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
20:42:06.0347 5716  [ 6F9CB6539A1B2508BD1C53D29334431A ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
20:42:06.0389 5716  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
20:42:06.0389 5716  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
20:42:06.0439 5716  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:42:06.0492 5716  HTTP - ok
20:42:06.0529 5716  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
20:42:06.0557 5716  i2omp - ok
20:42:06.0604 5716  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:42:06.0652 5716  i8042prt - ok
20:42:06.0680 5716  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
20:42:06.0713 5716  iaStorV - ok
20:42:06.0798 5716  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:42:06.0881 5716  idsvc - ok
20:42:06.0901 5716  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:42:06.0922 5716  iirsp - ok
20:42:06.0965 5716  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
20:42:07.0025 5716  IKEEXT - ok
20:42:07.0128 5716  [ 56AC584FE02E0C1D5924892562CBD572 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:42:07.0255 5716  IntcAzAudAddService - ok
20:42:07.0294 5716  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:42:07.0324 5716  intelide - ok
20:42:07.0364 5716  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:42:07.0410 5716  intelppm - ok
20:42:07.0461 5716  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:42:07.0512 5716  IPBusEnum - ok
20:42:07.0532 5716  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:42:07.0583 5716  IpFilterDriver - ok
20:42:07.0625 5716  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:42:07.0656 5716  iphlpsvc - ok
20:42:07.0664 5716  IpInIp - ok
20:42:07.0693 5716  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
20:42:07.0744 5716  IPMIDRV - ok
20:42:07.0774 5716  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
20:42:07.0820 5716  IPNAT - ok
20:42:07.0843 5716  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:42:07.0892 5716  IRENUM - ok
20:42:07.0909 5716  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:42:07.0940 5716  isapnp - ok
20:42:07.0995 5716  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
20:42:08.0026 5716  iScsiPrt - ok
20:42:08.0050 5716  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
20:42:08.0082 5716  iteatapi - ok
20:42:08.0106 5716  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
20:42:08.0136 5716  iteraid - ok
20:42:08.0154 5716  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:42:08.0181 5716  kbdclass - ok
20:42:08.0213 5716  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:42:08.0253 5716  kbdhid - ok
20:42:08.0293 5716  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
20:42:08.0319 5716  KeyIso - ok
20:42:08.0354 5716  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:42:08.0405 5716  KSecDD - ok
20:42:08.0488 5716  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:42:08.0542 5716  KtmRm - ok
20:42:08.0570 5716  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:42:08.0602 5716  LanmanServer - ok
20:42:08.0664 5716  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:42:08.0694 5716  LanmanWorkstation - ok
20:42:08.0755 5716  [ 3AF6B73A3AD1FC37C5933441F66CEB91 ] LBTServ         C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
20:42:08.0776 5716  LBTServ - ok
20:42:08.0846 5716  [ 7F9C7B28CF1C859E1C42619EEA946DC8 ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
20:42:08.0863 5716  LHidFilt - ok
20:42:08.0916 5716  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:42:08.0970 5716  lltdio - ok
20:42:09.0009 5716  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:42:09.0063 5716  lltdsvc - ok
20:42:09.0079 5716  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:42:09.0173 5716  lmhosts - ok
20:42:09.0193 5716  [ AB33792A87285344F43B5CE23421BAB0 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
20:42:09.0211 5716  LMouFilt - ok
20:42:09.0241 5716  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:42:09.0268 5716  LSI_FC - ok
20:42:09.0289 5716  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:42:09.0315 5716  LSI_SAS - ok
20:42:09.0347 5716  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:42:09.0377 5716  LSI_SCSI - ok
20:42:09.0394 5716  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
20:42:09.0440 5716  luafv - ok
20:42:09.0472 5716  [ 77030525CD86A93F1AF34FA9B96D33CE ] LUsbFilt        C:\Windows\system32\Drivers\LUsbFilt.Sys
20:42:09.0492 5716  LUsbFilt - ok
20:42:09.0507 5716  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:42:09.0533 5716  Mcx2Svc - ok
20:42:09.0567 5716  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:42:09.0594 5716  megasas - ok
20:42:09.0628 5716  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
20:42:09.0669 5716  MegaSR - ok
20:42:09.0689 5716  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
20:42:09.0739 5716  MMCSS - ok
20:42:09.0764 5716  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
20:42:09.0809 5716  Modem - ok
20:42:09.0825 5716  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:42:09.0881 5716  monitor - ok
20:42:09.0897 5716  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:42:09.0921 5716  mouclass - ok
20:42:09.0947 5716  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:42:09.0998 5716  mouhid - ok
20:42:10.0018 5716  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
20:42:10.0044 5716  MountMgr - ok
20:42:10.0091 5716  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:42:10.0115 5716  MozillaMaintenance - ok
20:42:10.0144 5716  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:42:10.0170 5716  mpio - ok
20:42:10.0187 5716  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:42:10.0229 5716  mpsdrv - ok
20:42:10.0270 5716  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:42:10.0317 5716  MpsSvc - ok
20:42:10.0335 5716  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
20:42:10.0355 5716  Mraid35x - ok
20:42:10.0384 5716  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:42:10.0412 5716  MRxDAV - ok
20:42:10.0452 5716  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:42:10.0480 5716  mrxsmb - ok
20:42:10.0504 5716  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:42:10.0532 5716  mrxsmb10 - ok
20:42:10.0541 5716  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:42:10.0566 5716  mrxsmb20 - ok
20:42:10.0605 5716  [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:42:10.0636 5716  msahci - ok
20:42:10.0659 5716  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:42:10.0682 5716  msdsm - ok
20:42:10.0712 5716  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
20:42:10.0762 5716  MSDTC - ok
20:42:10.0781 5716  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:42:10.0831 5716  Msfs - ok
20:42:10.0865 5716  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:42:10.0894 5716  msisadrv - ok
20:42:10.0927 5716  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:42:10.0980 5716  MSiSCSI - ok
20:42:10.0989 5716  msiserver - ok
20:42:11.0034 5716  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:42:11.0087 5716  MSKSSRV - ok
20:42:11.0110 5716  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:42:11.0164 5716  MSPCLOCK - ok
20:42:11.0183 5716  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:42:11.0241 5716  MSPQM - ok
20:42:11.0290 5716  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:42:11.0322 5716  MsRPC - ok
20:42:11.0343 5716  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:42:11.0368 5716  mssmbios - ok
20:42:11.0389 5716  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:42:11.0444 5716  MSTEE - ok
20:42:11.0474 5716  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
20:42:11.0504 5716  Mup - ok
20:42:11.0561 5716  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
20:42:11.0607 5716  napagent - ok
20:42:11.0665 5716  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:42:11.0701 5716  NativeWifiP - ok
20:42:11.0745 5716  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:42:11.0786 5716  NDIS - ok
20:42:11.0818 5716  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:42:11.0855 5716  NdisTapi - ok
20:42:11.0877 5716  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:42:11.0934 5716  Ndisuio - ok
20:42:11.0973 5716  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:42:12.0015 5716  NdisWan - ok
20:42:12.0036 5716  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:42:12.0076 5716  NDProxy - ok
20:42:12.0215 5716  [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
20:42:12.0280 5716  Nero BackItUp Scheduler 3 - ok
20:42:12.0335 5716  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:42:12.0345 5716  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:42:12.0345 5716  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:42:12.0388 5716  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:42:12.0434 5716  NetBIOS - ok
20:42:12.0465 5716  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
20:42:12.0506 5716  netbt - ok
20:42:12.0518 5716  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
20:42:12.0543 5716  Netlogon - ok
20:42:12.0590 5716  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
20:42:12.0647 5716  Netman - ok
20:42:12.0673 5716  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
20:42:12.0738 5716  netprofm - ok
20:42:12.0796 5716  [ 3F540B257442CC1A2220DD8F73AC1C77 ] netr28          C:\Windows\system32\DRIVERS\netr28.sys
20:42:12.0830 5716  netr28 - ok
20:42:12.0875 5716  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:42:12.0904 5716  NetTcpPortSharing - ok
20:42:12.0950 5716  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:42:12.0976 5716  nfrd960 - ok
20:42:13.0003 5716  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:42:13.0056 5716  NlaSvc - ok
20:42:13.0127 5716  [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
20:42:13.0160 5716  NMIndexingService - ok
20:42:13.0200 5716  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:42:13.0245 5716  Npfs - ok
20:42:13.0272 5716  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
20:42:13.0325 5716  nsi - ok
20:42:13.0338 5716  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:42:13.0387 5716  nsiproxy - ok
20:42:13.0444 5716  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:42:13.0508 5716  Ntfs - ok
20:42:13.0544 5716  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
20:42:13.0622 5716  ntrigdigi - ok
20:42:13.0641 5716  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
20:42:13.0687 5716  Null - ok
20:42:13.0732 5716  [ 723931A765E8CDDF7FFCB42F5A72CE79 ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys
20:42:13.0752 5716  NVHDA - ok
20:42:14.0026 5716  [ 99A7CD6662DB4E32F75A641C5D080DB3 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:42:14.0455 5716  nvlddmkm - ok
20:42:14.0488 5716  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:42:14.0516 5716  nvraid - ok
20:42:14.0539 5716  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:42:14.0564 5716  nvstor - ok
20:42:14.0584 5716  [ 3DFD9B00AAF472042E6D4FA8CCB74EFD ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:42:14.0612 5716  nvsvc - ok
20:42:14.0633 5716  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:42:14.0666 5716  nv_agp - ok
20:42:14.0676 5716  NwlnkFlt - ok
20:42:14.0691 5716  NwlnkFwd - ok
20:42:14.0781 5716  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:42:14.0828 5716  odserv - ok
20:42:14.0859 5716  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:42:14.0939 5716  ohci1394 - ok
20:42:14.0973 5716  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:42:15.0006 5716  ose - ok
20:42:15.0046 5716  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
20:42:15.0094 5716  p2pimsvc - ok
20:42:15.0135 5716  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:42:15.0181 5716  p2psvc - ok
20:42:15.0197 5716  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
20:42:15.0283 5716  Parport - ok
20:42:15.0314 5716  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:42:15.0341 5716  partmgr - ok
20:42:15.0364 5716  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
20:42:15.0440 5716  Parvdm - ok
20:42:15.0481 5716  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:42:15.0514 5716  PcaSvc - ok
20:42:15.0544 5716  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
20:42:15.0576 5716  pci - ok
20:42:15.0594 5716  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
20:42:15.0618 5716  pciide - ok
20:42:15.0637 5716  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:42:15.0678 5716  pcmcia - ok
20:42:15.0724 5716  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:42:15.0865 5716  PEAUTH - ok
20:42:15.0977 5716  [ F433B5AA6DBAC3C8626EEFAF134E4763 ] PhilCap         C:\Windows\system32\DRIVERS\PhilCap.sys
20:42:16.0063 5716  PhilCap - ok
20:42:16.0128 5716  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
20:42:16.0261 5716  pla - ok
20:42:16.0297 5716  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
20:42:16.0312 5716  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
20:42:16.0312 5716  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
20:42:16.0358 5716  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:42:16.0407 5716  PlugPlay - ok
20:42:16.0456 5716  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:42:16.0466 5716  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:42:16.0466 5716  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:42:16.0513 5716  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
20:42:16.0562 5716  PNRPAutoReg - ok
20:42:16.0614 5716  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
20:42:16.0660 5716  PNRPsvc - ok
20:42:16.0686 5716  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:42:16.0764 5716  PolicyAgent - ok
20:42:16.0806 5716  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:42:16.0857 5716  PptpMiniport - ok
20:42:16.0874 5716  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
20:42:16.0920 5716  Processor - ok
20:42:16.0947 5716  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:42:16.0996 5716  ProfSvc - ok
20:42:17.0010 5716  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
20:42:17.0037 5716  ProtectedStorage - ok
20:42:17.0075 5716  [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\system32\PSIService.exe
20:42:17.0102 5716  ProtexisLicensing - ok
20:42:17.0139 5716  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
20:42:17.0179 5716  PSched - ok
20:42:17.0212 5716  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
20:42:17.0232 5716  PxHelp20 - ok
20:42:17.0292 5716  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:42:17.0394 5716  ql2300 - ok
20:42:17.0414 5716  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:42:17.0438 5716  ql40xx - ok
20:42:17.0487 5716  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
20:42:17.0521 5716  QWAVE - ok
20:42:17.0534 5716  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:42:17.0561 5716  QWAVEdrv - ok
20:42:17.0584 5716  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:42:17.0632 5716  RasAcd - ok
20:42:17.0657 5716  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
20:42:17.0732 5716  RasAuto - ok
20:42:17.0751 5716  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:42:17.0814 5716  Rasl2tp - ok
20:42:17.0857 5716  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
20:42:17.0921 5716  RasMan - ok
20:42:17.0967 5716  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:42:18.0005 5716  RasPppoe - ok
20:42:18.0044 5716  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:42:18.0074 5716  RasSstp - ok
20:42:18.0116 5716  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:42:18.0168 5716  rdbss - ok
20:42:18.0212 5716  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:42:18.0260 5716  RDPCDD - ok
20:42:18.0283 5716  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
20:42:18.0336 5716  rdpdr - ok
20:42:18.0352 5716  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:42:18.0402 5716  RDPENCDD - ok
20:42:18.0449 5716  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:42:18.0493 5716  RDPWD - ok
20:42:18.0570 5716  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:42:18.0627 5716  RemoteAccess - ok
20:42:18.0675 5716  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:42:18.0717 5716  RemoteRegistry - ok
20:42:18.0786 5716  [ 0797F6AE018D3F992A1B8DF37BBF1786 ] resetWinService C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
20:42:18.0797 5716  resetWinService ( UnsignedFile.Multi.Generic ) - warning
20:42:18.0797 5716  resetWinService - detected UnsignedFile.Multi.Generic (1)
20:42:18.0856 5716  [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe
20:42:18.0867 5716  RichVideo ( UnsignedFile.Multi.Generic ) - warning
20:42:18.0868 5716  RichVideo - detected UnsignedFile.Multi.Generic (1)
20:42:18.0916 5716  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
20:42:18.0940 5716  RpcLocator - ok
20:42:18.0967 5716  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
20:42:19.0021 5716  RpcSs - ok
20:42:19.0060 5716  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:42:19.0113 5716  rspndr - ok
20:42:19.0133 5716  [ 2CC77C65216A8BB4677E637120D5731D ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
20:42:19.0177 5716  RTL8169 - ok
20:42:19.0224 5716  [ 4501C8FE11DF3192FB68D0D595EA94CC ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
20:42:19.0247 5716  RTSTOR - ok
20:42:19.0267 5716  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
20:42:19.0294 5716  SamSs - ok
20:42:19.0325 5716  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:42:19.0350 5716  sbp2port - ok
20:42:19.0382 5716  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:42:19.0426 5716  SCardSvr - ok
20:42:19.0480 5716  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
20:42:19.0526 5716  Schedule - ok
20:42:19.0542 5716  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:42:19.0579 5716  SCPolicySvc - ok
20:42:19.0611 5716  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:42:19.0642 5716  SDRSVC - ok
20:42:19.0662 5716  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:42:19.0741 5716  secdrv - ok
20:42:19.0756 5716  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
20:42:19.0804 5716  seclogon - ok
20:42:19.0827 5716  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
20:42:19.0879 5716  SENS - ok
20:42:19.0898 5716  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
20:42:19.0974 5716  Serenum - ok
20:42:19.0993 5716  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
20:42:20.0073 5716  Serial - ok
20:42:20.0086 5716  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:42:20.0135 5716  sermouse - ok
20:42:20.0178 5716  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:42:20.0230 5716  SessionEnv - ok
20:42:20.0251 5716  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:42:20.0298 5716  sffdisk - ok
20:42:20.0312 5716  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:42:20.0363 5716  sffp_mmc - ok
20:42:20.0397 5716  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:42:20.0444 5716  sffp_sd - ok
20:42:20.0463 5716  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:42:20.0550 5716  sfloppy - ok
20:42:20.0589 5716  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:42:20.0647 5716  SharedAccess - ok
20:42:20.0683 5716  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:42:20.0719 5716  ShellHWDetection - ok
20:42:20.0733 5716  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
20:42:20.0756 5716  sisagp - ok
20:42:20.0778 5716  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
20:42:20.0806 5716  SiSRaid2 - ok
20:42:20.0842 5716  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:42:20.0868 5716  SiSRaid4 - ok
20:42:20.0997 5716  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
20:42:21.0168 5716  slsvc - ok
20:42:21.0221 5716  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
20:42:21.0267 5716  SLUINotify - ok
20:42:21.0313 5716  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:42:21.0349 5716  Smb - ok
20:42:21.0383 5716  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:42:21.0417 5716  SNMPTRAP - ok
20:42:21.0440 5716  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
20:42:21.0465 5716  spldr - ok
20:42:21.0539 5716  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
20:42:21.0595 5716  Spooler - ok
20:42:21.0635 5716  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:42:21.0672 5716  srv - ok
20:42:21.0701 5716  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:42:21.0731 5716  srv2 - ok
20:42:21.0750 5716  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:42:21.0776 5716  srvnet - ok
20:42:21.0802 5716  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:42:21.0857 5716  SSDPSRV - ok
20:42:21.0893 5716  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
20:42:21.0913 5716  ssmdrv - ok
20:42:21.0939 5716  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:42:21.0972 5716  SstpSvc - ok
20:42:21.0998 5716  [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
20:42:22.0035 5716  StillCam - ok
20:42:22.0093 5716  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
20:42:22.0136 5716  stisvc - ok
20:42:22.0176 5716  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:42:22.0216 5716  swenum - ok
20:42:22.0262 5716  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
20:42:22.0316 5716  swprv - ok
20:42:22.0336 5716  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
20:42:22.0361 5716  Symc8xx - ok
20:42:22.0376 5716  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
20:42:22.0400 5716  Sym_hi - ok
20:42:22.0430 5716  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
20:42:22.0451 5716  Sym_u3 - ok
20:42:22.0509 5716  [ CB01162BD6DD7B26D4CC6DCAC780E39C ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:42:22.0536 5716  SynTP - ok
20:42:22.0589 5716  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
20:42:22.0643 5716  SysMain - ok
20:42:22.0680 5716  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:42:22.0713 5716  TabletInputService - ok
20:42:22.0761 5716  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:42:22.0808 5716  TapiSrv - ok
20:42:22.0836 5716  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
20:42:22.0884 5716  TBS - ok
20:42:22.0944 5716  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:42:23.0012 5716  Tcpip - ok
20:42:23.0053 5716  [ 74E2D020C47BB2B2FCCBA29A518A7EB4 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
20:42:23.0107 5716  Tcpip6 - ok
20:42:23.0136 5716  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:42:23.0163 5716  tcpipreg - ok
20:42:23.0212 5716  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:42:23.0261 5716  TDPIPE - ok
20:42:23.0290 5716  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:42:23.0341 5716  TDTCP - ok
20:42:23.0383 5716  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:42:23.0423 5716  tdx - ok
20:42:23.0577 5716  [ 01CC3B9349B244C752CDD99EFDA080BB ] TeamViewer8     C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
20:42:23.0758 5716  TeamViewer8 - ok
20:42:23.0786 5716  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:42:23.0814 5716  TermDD - ok
20:42:23.0857 5716  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
20:42:23.0928 5716  TermService - ok
20:42:23.0964 5716  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
20:42:23.0999 5716  Themes - ok
20:42:24.0020 5716  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
20:42:24.0086 5716  THREADORDER - ok
20:42:24.0131 5716  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
20:42:24.0185 5716  TrkWks - ok
20:42:24.0251 5716  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:42:24.0291 5716  TrustedInstaller - ok
20:42:24.0333 5716  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:42:24.0389 5716  tssecsrv - ok
20:42:24.0420 5716  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
20:42:24.0448 5716  tunmp - ok
20:42:24.0491 5716  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:42:24.0517 5716  tunnel - ok
20:42:24.0544 5716  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:42:24.0572 5716  uagp35 - ok
20:42:24.0651 5716  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:42:24.0699 5716  udfs - ok
20:42:24.0735 5716  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:42:24.0800 5716  UI0Detect - ok
20:42:24.0838 5716  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:42:24.0870 5716  uliagpkx - ok
20:42:24.0895 5716  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
20:42:24.0929 5716  uliahci - ok
20:42:24.0953 5716  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
20:42:24.0984 5716  UlSata - ok
20:42:25.0005 5716  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
20:42:25.0032 5716  ulsata2 - ok
20:42:25.0052 5716  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:42:25.0099 5716  umbus - ok
20:42:25.0133 5716  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
20:42:25.0194 5716  upnphost - ok
20:42:25.0231 5716  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:42:25.0272 5716  usbccgp - ok
20:42:25.0292 5716  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:42:25.0386 5716  usbcir - ok
20:42:25.0470 5716  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:42:25.0509 5716  usbehci - ok
20:42:25.0535 5716  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:42:25.0590 5716  usbhub - ok
20:42:25.0607 5716  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:42:25.0686 5716  usbohci - ok
20:42:25.0703 5716  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
20:42:25.0831 5716  usbprint - ok
20:42:25.0880 5716  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:42:25.0922 5716  USBSTOR - ok
20:42:25.0937 5716  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
20:42:26.0027 5716  usbuhci - ok
20:42:26.0099 5716  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
20:42:26.0158 5716  usbvideo - ok
20:42:26.0229 5716  [ 9D19B042A4FD5C02195071EA2FE0C821 ] usnjsvc         C:\Program Files\Windows Live\Messenger\usnsvc.exe
20:42:26.0266 5716  usnjsvc - ok
20:42:26.0310 5716  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
20:42:26.0356 5716  UxSms - ok
20:42:26.0410 5716  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
20:42:26.0478 5716  vds - ok
20:42:26.0529 5716  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:42:26.0595 5716  vga - ok
20:42:26.0618 5716  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:42:26.0679 5716  VgaSave - ok
20:42:26.0710 5716  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
20:42:26.0739 5716  viaagp - ok
20:42:26.0788 5716  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
20:42:26.0859 5716  ViaC7 - ok
20:42:26.0881 5716  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
20:42:26.0908 5716  viaide - ok
20:42:26.0930 5716  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:42:26.0982 5716  volmgr - ok
20:42:27.0059 5716  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:42:27.0104 5716  volmgrx - ok
20:42:27.0152 5716  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:42:27.0186 5716  volsnap - ok
20:42:27.0207 5716  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:42:27.0239 5716  vsmraid - ok
20:42:27.0326 5716  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
20:42:27.0437 5716  VSS - ok
20:42:27.0463 5716  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
20:42:27.0539 5716  W32Time - ok
20:42:27.0563 5716  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:42:27.0646 5716  WacomPen - ok
20:42:27.0659 5716  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
20:42:27.0702 5716  Wanarp - ok
20:42:27.0709 5716  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:42:27.0749 5716  Wanarpv6 - ok
20:42:27.0779 5716  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:42:27.0856 5716  wcncsvc - ok
20:42:27.0910 5716  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:42:27.0952 5716  WcsPlugInService - ok
20:42:27.0989 5716  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
20:42:28.0016 5716  Wd - ok
20:42:28.0043 5716  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:42:28.0101 5716  Wdf01000 - ok
20:42:28.0118 5716  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:42:28.0171 5716  WdiServiceHost - ok
20:42:28.0183 5716  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:42:28.0234 5716  WdiSystemHost - ok
20:42:28.0276 5716  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
20:42:28.0313 5716  WebClient - ok
20:42:28.0337 5716  [ 905214925A88311FCE52F66153DE7610 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:42:28.0390 5716  Wecsvc - ok
20:42:28.0410 5716  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:42:28.0454 5716  wercplsupport - ok
20:42:28.0482 5716  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:42:28.0527 5716  WerSvc - ok
20:42:28.0577 5716  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
20:42:28.0609 5716  WinDefend - ok
20:42:28.0623 5716  WinHttpAutoProxySvc - ok
20:42:28.0710 5716  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:42:28.0749 5716  Winmgmt - ok
20:42:28.0788 5716  [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:42:28.0846 5716  WinRM - ok
20:42:28.0906 5716  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:42:28.0947 5716  Wlansvc - ok
20:42:29.0005 5716  [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc      C:\Program Files\Windows Live\installer\WLSetupSvc.exe
20:42:29.0030 5716  WLSetupSvc - ok
20:42:29.0112 5716  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:42:29.0151 5716  WmiAcpi - ok
20:42:29.0193 5716  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:42:29.0242 5716  wmiApSrv - ok
20:42:29.0327 5716  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
20:42:29.0396 5716  WMPNetworkSvc - ok
20:42:29.0465 5716  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:42:29.0495 5716  WPCSvc - ok
20:42:29.0519 5716  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:42:29.0566 5716  WPDBusEnum - ok
20:42:29.0611 5716  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
20:42:29.0665 5716  WpdUsb - ok
20:42:29.0703 5716  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:42:29.0753 5716  ws2ifsl - ok
20:42:29.0799 5716  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
20:42:29.0836 5716  wscsvc - ok
20:42:29.0852 5716  WSearch - ok
20:42:29.0944 5716  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
20:42:30.0068 5716  wuauserv - ok
20:42:30.0132 5716  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:42:30.0185 5716  WUDFRd - ok
20:42:30.0220 5716  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:42:30.0278 5716  wudfsvc - ok
20:42:30.0315 5716  [ AB2D77BF7222B007717ABB61B15F9AE2 ] X10Hid          C:\Windows\system32\Drivers\x10hid.sys
20:42:30.0346 5716  X10Hid - ok
20:42:30.0414 5716  [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets         C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
20:42:30.0424 5716  x10nets ( UnsignedFile.Multi.Generic ) - warning
20:42:30.0424 5716  x10nets - detected UnsignedFile.Multi.Generic (1)
20:42:30.0441 5716  ================ Scan global ===============================
20:42:30.0475 5716  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
20:42:30.0526 5716  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
20:42:30.0560 5716  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
20:42:30.0595 5716  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
20:42:30.0602 5716  [Global] - ok
20:42:30.0602 5716  ================ Scan MBR ==================================
20:42:30.0616 5716  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:42:31.0850 5716  \Device\Harddisk0\DR0 - ok
20:42:31.0851 5716  ================ Scan VBR ==================================
20:42:31.0856 5716  [ 58A0A2195F41B9277CD50F7662E37EF6 ] \Device\Harddisk0\DR0\Partition1
20:42:31.0860 5716  \Device\Harddisk0\DR0\Partition1 - ok
20:42:31.0881 5716  [ B79789AD66AC856C8405E21755569AE9 ] \Device\Harddisk0\DR0\Partition2
20:42:31.0883 5716  \Device\Harddisk0\DR0\Partition2 - ok
20:42:31.0884 5716  ============================================================
20:42:31.0884 5716  Scan finished
20:42:31.0884 5716  ============================================================
20:42:31.0903 3656  Detected object count: 9
20:42:31.0903 3656  Actual detected object count: 9
20:42:44.0476 3656  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
20:42:44.0476 3656  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:42:44.0476 3656  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:42:44.0477 3656  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:42:44.0477 3656  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
20:42:44.0477 3656  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:42:44.0478 3656  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:42:44.0478 3656  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:42:44.0479 3656  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:42:44.0479 3656  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:42:44.0482 3656  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:42:44.0482 3656  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:42:44.0483 3656  resetWinService ( UnsignedFile.Multi.Generic ) - skipped by user
20:42:44.0483 3656  resetWinService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:42:44.0487 3656  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
20:42:44.0487 3656  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:42:44.0488 3656  x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
20:42:44.0488 3656  x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:42:47.0029 5632  Deinitialize success
         
Gruß Sven


Alt 11.03.2013, 17:56   #6
markusg
/// Malware-holic
 
ihavenet.com Trojaner - Standard

ihavenet.com Trojaner



Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
--> ihavenet.com Trojaner

Alt 11.03.2013, 22:26   #7
Attilius
 
ihavenet.com Trojaner - Standard

ihavenet.com Trojaner



Ich habe AntiVir vorher deaktiviert (zusammengefalteter Regenschirm), da ich es nicht komplett beenden konnte. Combofix hat mir dennoch gesagt, dass Avira Antivir und Antispy aktiv seien. Habe es dennoch ausgeführt.
Das Fenster mit dem Registrierungsschlüssel kam nach Beenden des Scans (einmal bei ipmgoi.exe von Antivir und einmal bei Starten von TeamViewer), nach Neustart war es wie im Hinweis nicht mehr da.
Hier der Inhalt der Logdatei:

Code:
ATTFilter
ComboFix 13-03-11.01 - Marianne 11.03.2013  21:25:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.2058 [GMT 1:00]
ausgeführt von:: c:\users\Marianne\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marianne\AppData\Roaming\Microsoft\Windows\Recent\AOL eMail.URL
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-11 bis 2013-03-11  ))))))))))))))))))))))))))))))
.
.
2013-03-11 20:34 . 2013-03-11 20:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-06 18:59 . 2013-03-06 19:05	--------	d-----w-	C:\_OTL
2013-03-05 13:33 . 2013-03-05 13:33	--------	d-----w-	c:\program files\TeamViewer
2013-03-04 19:44 . 2013-03-04 21:54	--------	d---a-w-	C:\Kaspersky Rescue Disk 10.0
2013-03-04 17:18 . 2013-03-04 17:18	--------	d-----w-	c:\users\Marianne\AppData\Roaming\Avira
2013-03-04 17:13 . 2013-03-04 16:59	83944	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-03-04 17:13 . 2013-03-04 16:59	36552	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-03-04 17:13 . 2013-03-04 16:59	134336	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-03-04 17:13 . 2013-03-04 17:13	--------	d-----w-	c:\program files\Avira
2013-03-04 14:38 . 2013-03-04 14:38	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-02-15 22:31 . 2013-02-15 22:31	186432	----a-w-	c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-04 14:38 . 2013-01-31 15:59	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-03-04 14:38 . 2013-01-31 15:59	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-02-28 15:04 . 2013-01-31 15:56	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-28 15:04 . 2013-01-31 15:56	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-16 13:12 . 2012-12-21 09:37	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-21 09:37	293376	----a-w-	c:\windows\system32\atmfd.dll
2013-03-08 13:09 . 2013-03-08 13:08	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Duden Korrektor SysTray"="c:\program files\Duden\Duden Korrektor\DKTray.exe" [2007-06-22 565976]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-05-08 1111336]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-21 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-21 92704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-04 385248]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
.
c:\users\Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote Inhaltsverzeichnis.onetoc2 [2009-5-24 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-3 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^Marianne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Marianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35	946352	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-11 20:56	59280	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BsMnt]
2008-11-03 13:14	217088	----a-w-	c:\program files\BisonCam\BsMnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-10-14 09:57	20480	----a-w-	c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDS_Menu]
2008-11-14 21:02	218408	------w-	c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 10:36	50472	------w-	c:\program files\HomeCinema\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 02:12	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28	1233920	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-10-20 14:28	296096	----a-w-	c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-11-14 21:02	218408	------w-	c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePDRShortCut]
2008-01-04 10:02	222504	------w-	c:\program files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28	2153472	----a-w-	c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2981673612-1989944714-3398691111-1000]
"EnableNotificationsRef"=dword:00000005
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-31 15:04]
.
2013-03-11 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\u334tkw9.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - ExtSQL: 2013-03-04 19:13; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Marianne\AppData\Roaming\Mozilla\Firefox\Profiles\u334tkw9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: !HIDDEN! 2009-09-02 16:09; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-07-03 12:24; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
AddRemove-Activation Assistant for the 2007 Microsoft Office suites - c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe
AddRemove-Schroedel Arbeitsblätter - c:\windows\ISUN0407.EXE
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-03-11 22:09
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1324)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\TeamViewer\Version8\TeamViewer_Service.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Duden\Duden Korrektor\DKCore.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-03-11  22:13:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-03-11 21:13
.
Vor Suchlauf: 10 Verzeichnis(se), 210.863.824.896 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 210.441.191.424 Bytes frei
.
- - End Of File - - AADC27C18367AE5B5D49A4B996F77606
         

Alt 12.03.2013, 19:56   #8
markusg
/// Malware-holic
 
ihavenet.com Trojaner - Standard

ihavenet.com Trojaner



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu ihavenet.com Trojaner
.com, 32 bit, antivir, autorun, avira, bho, browser, error, firefox, flash player, format, helper, home, install.exe, kaspersky, logfile, office 2007, plug-in, problem, registry, rundll, scan, senden, server, software, svchost.exe, trojaner, trojaner-board, usb, vista, wlan verbindung



Ähnliche Themen: ihavenet.com Trojaner


  1. Ihavenet Trojaner auf dem rechner
    Log-Analyse und Auswertung - 27.12.2013 (21)
  2. Ihavenet-Trojaner eingefangen
    Log-Analyse und Auswertung - 18.11.2013 (11)
  3. Wie entferne ich den ihavenet-Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 09.10.2013 (25)
  4. ihavenet Trojaner
    Log-Analyse und Auswertung - 12.09.2013 (33)
  5. Windows 7 - ihavenet trojaner
    Log-Analyse und Auswertung - 08.09.2013 (19)
  6. ihavenet Trojaner auf meinem PC
    Plagegeister aller Art und deren Bekämpfung - 05.09.2013 (29)
  7. ihavenet-Trojaner eingefangen.
    Plagegeister aller Art und deren Bekämpfung - 01.09.2013 (5)
  8. ihavenet trojaner WINDOWS7
    Log-Analyse und Auswertung - 29.08.2013 (9)
  9. Ihavenet Trojaner
    Plagegeister aller Art und deren Bekämpfung - 10.08.2013 (13)
  10. Ihavenet-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.08.2013 (34)
  11. Was kann ich tun, um den ihavenet Trojaner loszuwerden?
    Plagegeister aller Art und deren Bekämpfung - 03.06.2013 (9)
  12. IHAVENET Trojaner !
    Log-Analyse und Auswertung - 12.03.2013 (32)
  13. Ihavenet Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  14. Ihavenet Trojaner
    Plagegeister aller Art und deren Bekämpfung - 10.12.2012 (7)
  15. ihavenet trojaner
    Plagegeister aller Art und deren Bekämpfung - 23.11.2012 (21)
  16. Ihavenet.com Browser Hijacker- bei Googlesuche öffnen sich andere Seiten (Weiterleitung über Ihavenet.com)
    Log-Analyse und Auswertung - 21.11.2012 (13)
  17. Ihavenet Virus / Trojaner
    Log-Analyse und Auswertung - 12.11.2012 (11)

Zum Thema ihavenet.com Trojaner - Hallo liebes Trojaner-Board, auf dem Laptop meiner Mutter befindet sich seit Neuestem ein Schadprogramm, das im Browser bei Anklicken von google-Links immer auf diverse Webseiten, meist ihavenet.com umleitet. Ich habe - ihavenet.com Trojaner...
Archiv
Du betrachtest: ihavenet.com Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.